 Hey guys, welcome back to my YouTube channel. This is Daniel Rosler here, bringing you this video from my usual location here in Jerusalem, but bringing you now with a new background. I went to work on GIMP, the wonderful open source photo editor that is there for Linux. It's also on Windows, it's an amazing, amazing tool. I usually, I've done up just a couple of kind of first experimentary backgrounds and lower thirds and I thought I'd try to be a little bit tiny bit more ambitious on this go. So I added a few different elements including, of course, on this site, the good old Linux penguin, Mr. Tux himself. So I wanted to talk today, this is going to be a bit of a tech spiel, which is why I put up the Daniels Tech World branding. It is a separate YouTube channel, but I haven't gotten around to actually starting it yet. So for the moment, everything and anything is going up under this channel. What I want to talk about is this kind of, I'd say it's a pervasive myth of online security that it's possible to obtain total online security or really that there are foolproof methods. And I'm going to explain what I'm talking about in due course. I was actually going to wear a tinfoil hat for this video blog and then my wife told me we've literally just run out of tinfoil. So you guys missed that graphic, but I'll continue with this video blog without one. When we're talking about exchanging information on the internet, sometimes people will talk about the need to share sensitive information in various ways, right electronically. And the point I want to get across is that for your average person, I've come to the conclusion that you can disagree with me, leave me a comment if you have other thoughts to contribute. But this is how after analysis and thinking the situation appears to me, there is actually no way for your average person to totally safeguard themselves almost no way against espionage. So if you're looking to keep your communications private, now the only reason this is even something that's on my mind is I guess having dialed into the whole world of Linux and open source and computing, you get kind of drawn into stuff like PGP email, right encrypted email and encrypted this and encrypted that. And it's actually also a very topical subject at the moment outside of the Linux and open source bubble, this whole idea of security and privacy and that you can you can find cryptography or encryption available these days readily available for pretty much anything. If I just take my Android phone here, right? WhatsApp end to end encrypted signal telegram various degrees signal generally regarded as far as I know as more secure than telegram because of the fact that it is it's open source session at the kind of sorry, yes, session at the kind of extreme end operates over the tour network. So not going through a central server going through a whole relay of different servers. And that's kind of you don't even have an account on session, you just have a one time user and you can send that to someone else on session. That's about as secure as it gets in the consumer world. Now having never worked in espionage agency, right? I'm not privy to what kind of tech these guys says I'm just talking about what your average, let's say privacy conscious user has at their disposal. And let's talk about how people might want to protect secrets or confidential information using this technology at their disposal. So that's, let's just let's start with the smartphone, right? So people would say, if you want to do voice or video using WhatsApp, WhatsApp has, let's say VoIP and it has video voice VoIP really means voice over IP. Sometimes it's used to mean video over IP. Let's call it both. So people can use their phone today. I'm just going to limit myself to Android because that's what I'm familiar with to exchange encrypted messages, voice notes, which are just audio recordings, photographs, which are just files, videos, which are streams and phone calls, which are data streams. Okay. So that technology end to end encrypted, the encryption key remains, theoretically, at least on the device and on the other end on the other device. So that's supposed to be pretty much impenetrable. Now there is a widespread assumption and I think it would be crazy to assume otherwise that even today's commercial encryption is can be decrypted forcibly by supercomputers, right? And when people kind of say, oh, isn't that so terrible? And, you know, the NSA surveillance and this and that isn't it so bad? Well, I think there's a counter argument that never gets, that never really gets a good airing. And that's that. Well, would you want it to be the other way? Would you want every single person to be able to download, let's say, an encryption app that was completely fool, that was completely tamper proof that no law enforcement agency, no intelligence agency was able to access that messages. That's not a shared interest because there's malevolent actors out there who could use that very same technology for plotting nefarious means. So we have a certainly a shared interest to have a reasonable expectation of privacy. We don't have a shared interest for absolute privacy, or that would be my contention. So anyway, just to roll back the discussion a little bit, right? So we've established that using our smartphones, we can basically send anything end to end encrypted these days. We've established that it can probably decrypted, but not not without great computing power, and not probably without some kind of a targeted investigation. So we're really talking about malicious bad actors, you know, so unless you're going to plotting something serious, probably no one's looking at no one's trying to decrypt your WhatsApp messages, or if even for that matter, your PGP email, which is now available, both on the desktop and very easy to get it now on mobile devices using proton mail or any of the other PGP clients. And I'm sure I am already out of date or showing my age and my knowledge is probably something a better protocol has come out since PGP that I'm just not aware of because to be honest, I kind of stopped following this space all that closely a number of years ago. But the problem with these technologies is that people are lulled into the belief that because there is encryption, it's impossible if someone really wants to to record what the content that conversation and the point of this video blog is to just kind of give you a few scenarios where that's not the case. Again, I haven't found these methodologies out by trying to snoop or eavesdrop on people just by trying to do things. For instance, I was trying to rig up a WhatsApp recording for a podcast, right? A WhatsApp interview recording. They might know that at the moment, Google is in the process of clicking of kicking voice recording apps off the Play Store. I think the native Android functionality is going to be left there. But the third party apps are going in some jurisdictions, it's legal to record without the other party's knowledge in other jurisdictions. It's that's not the case. Give me a second while I take a caffeine pill and have some water. So that really varies by jurisdiction. But coming back to my Android, my interview, there's a really easy way to record a WhatsApp call. There's two very simple ways, a two sided recording. One, as you can run the phone through a mixer, you run the output, assuming your phone still has a 3.5 mil headphone jack, which is in the process of being deprecated, run that into a mixer, run your input through the mixer into the phone or just speak into the phone. And you can just split off to two outputs. One can be your headphones, you can hear and going into the mixer, you can record. It's really that easy. You just need to buy a physical mixer, which you can buy for about 50 bucks. That's one way. A second way would be to put the phone on speaker and record using a voice recorder. And you'll again get it won't be as good as actually recording the real audio stream. But that is a very, very simple example of a vulnerability. It doesn't matter that the conversation is end to end encrypted. Yes, the actual data stream is end to end encrypted as a travel between person A and person P. But there's nothing, nothing stopping either person from holding a voice recorder, putting that on speakerphone, holding a voice recorder and recording, right? What else do people think is impossible to do? So you might think, well, we're going to be holding a zoom meeting. And, you know, zoom have all these safeguards built in for recording that no one wants to be recorded on zoom. If it's a private closed door meeting and you don't have people potentially recording and leaking stuff, right? So zoom warns you there's a feature only, only the host can record or only the people given permission can record. And even if someone's going to record, the participants get a nice pop up. It says the recording has started and you say, ah, recording is going on. I know. So how can that be defeated? Anyone can defeat that so, so easily. You can use a screen recorder. Now, I'm really sorry if what I'm saying is common knowledge. You're like, yeah, obviously, but there has to be some people out there who I don't want to say condescending, don't know this or haven't realized this, right? So ultimately, even that safeguard built into zoom is pretty much useless. You can record, you can use anything and a bunch of Linux, for example, we have simple screen recorder. We have OBS, like I'm recording this video on. You can out push the zoom. And again, I've used this for setting up interviews. That's how I figured this stuff out. You can output the participant audio into OBS and be recording it and be recording the screen all without giving any indication whatsoever that you are recording. It's true. So the point about the point I'm trying to make here is you can be having a zoom meeting with someone and you can say, yeah, yeah, this is a very confidential conversation. Nothing we're talking about. This isn't, you know, my company's not doesn't keep zoom logs. This is all off the record, blah, blah, blah. You have no guarantee, absolutely no guarantee that the person you're speaking to is not covertly recording. And again, this sounds like tin foil hat stuff, but this is actually completely true. And you don't even have to go that far. Let's say you have a locked down corporate device. The company issues you with hardware, right? And that was the hardware you have to manually install each program. So you can't install OBS. So you say, ah, now the company has figured out a way to secure and prevent, you know, unauthorized leaks of information. And I would just say, if you look behind me in my office where I record these videos, there's a shelf which has a good view of the screen. So what if I were to place a little camera there with the decent zoom lens, very miniature. I want to put a microphone on my desk and just record the conversation that way. So basically the conclusion and let's just go one, one, one final step further. The real tin foil hat stuff now, meeting someone in person. Again, the stuff is spy movies. These days you can buy, I bought one for this YouTube channel. Miniaturized cameras with pretty decent audio pickup for about $20. And by the way, this is the stuff that's floating around on eBay and AliExpress. If you think about what's on eBay and AliExpress, imagine what professional, you know, private investigators and maybe even people within the intelligence community. Again, this isn't to sound crazy. This isn't intended to scare. And I'm going to come to a conclusion here. What we've established so far is that basically even though the world of privacy protection has definitely evolved and that we have, everybody has at their disposal today, easy solutions for encrypting their phone conversations, for encrypting their, encrypting their, their email transmission, encrypting their instant messaging, whether we're talking about WhatsApp or Telegram or Signal or Slack or whatever. It's true. These, these all exist. And these do can work for the most part, unless someone's really, really determined to protect espionage between recipient and sender. But my point is the vulnerability in the system that people always forget is that the recipient can almost always bypass whatever safeguards you intended in order to record in a way that you don't know is happening. And again, I'm talking about, I'm talking about application agnostic here. I'm not talking about, I'm talking, I'm talking about, you know, the simple OBS recording of a VoIP client that'll get, that'll work for Skype, that'll work for Microsoft Teams, that'll work for Zoom. And where does this lead us this analysis to? I suggest it leads us not to a place of panic, but rather to a place of comfort. And that's as follows. It's good that we have a reasonable privacy that can prevent, for example, crime, that you're in a coffee shop. And nowadays, everything's over HTTPS and everyone can get a VPN. So you don't really have to worry so much about network sniffing for the most part in public networks. So that's good. Right? That's the kind of activity we want to prevent. Can we prevent intelligence agencies? I've had no reason to explore this question, because I am a law abiding person. And I don't, I'm, I'm fine. I'm, I'm, I'm a libert, does that make me libertarian? I'm fine with the idea that there is some mechanism for gathering information, tapping into information. So long as that process is governed by law, basically, I'm actually okay with that. I'm fine. I'm happy that that exists for my own protection. But when it comes to one-on-one communication, the idea of any form of communication that you have with your interlocutor, interlocutor, whether that's communicating with somebody over session, over WhatsApp, over calls, over text messages, meeting them in a coffee shop and you trust, you know, it's all non-recording. All of these forms of communication have inherent vulnerabilities. And the conclusion is that the only really way to be sure of the bona fides or of the trustworthiness of the person you're speaking to is to suss out the individual. And so really at the, after all this technological talk and analysis, it comes down to simple human trust and human psychology. It's my understanding that's why Israel, where I live, excels in airport security because there's very interesting documentary about this because, you know, there's security around the world in terms of scanners and blah, blah, blah, blah, blah. And Israel's approach is very much more relies upon human intelligence. Every passenger is interviewed by a physical person. And that's just something that technology right now can't equal. So I hope that a little tech spiel was of interest to someone out there. I'm not saying be paranoid. I'm just saying that no, that really, when you're speaking to someone electronically, be very, very careful. They just trust the person because even if you think that the meeting can't be recorded, the WhatsApp call can't be recorded because the apps were taken off the Google Store. It's not really the case. Thank you guys for watching. More videos coming soon.