Transcript of How to Hide in Plain Sight: Next-Level Digital Privacy | Ivan Banov at BSidesCache 2025

All right, I'm going to get started. Um, welcome to my preso called hiding in plain sight. Uh, I'm going to talk a little bit about digital privacy today. So, that's my talk. I appreciate everybody who's here. I know we're going to get some more, but it is right on the dot. So, we're going to get rolling. Um, so I got to start this talk about we're talking a little bit about How to Train Your Dragon. Uh, so I was looking for a movie to go see, right? Like I think we're all I don't know if we've seen movies since co, but like I was like, I want to do something. So I'm going to see what movies are out. And I was like, oh yeah, How to Change a Dragon. That was something that looked like maybe I would go see. I don't know. So I'm like, let's go see where I can where I can watch the movie. Um, so I'm searching for where to watch the movie and I found out that there's a megaplex that's showing it right now, which seemed cool. Uh, and there was literally nobody who had booked this deal yet. Uh, so I'm like, "All right, sweet." So I'm going to take the best seat, which we all know is front and center, right? And so, um, I'm like, "All right." So I hit next to check out, and then I get presented with, "Okay, you need to create an account." And I'm like, "Okay, sweet. Why the freak do I need to create account? Like, and then I'm like, well, well, maybe I mean, I don't I don't know. Maybe they just need some information, like an email address or something, right? So, like, what? Why do I? And then I looked at the thing and it's like, you need to put in your first name, your last name, you need to put in your birthday, you need to put in an email, you need to put in your phone number, you need to put in your zip code, I need to put in my favorite movie theater. I just want to watch How to Train Your Dragon. Like, and so I'm thinking like, wait a minute. Like, what was Hands up if you're if a movie theater has ever called you? Sweet. Why do you need my phone number? Like, I'm I'm just like I'm like, wait a minute. Like, why why do I need to hand over my phone number? This doesn't make sense to me. Why do I If any But it's free, right? Yeah. Yeah, it's free. Oh, yeah. Actually, if you scroll down a little further, it says that when you fill all this out and you subscribe to the newsletter, it says I'll give you 5,000 bonus megaplex points. I was like, I don't Yeah. Okay. So, I'm like, what? Like, why? Why do I need to do this? Why do you need my zip code? I need your zip code so I know where to go. You don't need my zip code. There's no reason I could ever see you needing my zip code, right? Maybe I could see my name, but why? So I now I start asking these questions and I'm like well they let me look at their privacy policy, right? Because let's start there first. So yes, this is their privacy policy. Yes, I read through the entire thing. And yes, this is how it comes formatted. If you visit that site, it's impossible to read. It's annoying. There's a whole bunch of baloney on it. And so the first thing you see on the right side there is, do we sell your personal information? And it's no. And I'm like, oh, thank goodness. All right. We do not sell your personal information. If you just read a minute further though, it says we do share data with third parties. And I'm like, well, wait a minute. You don't sell my information. What? Well, okay. So, what happens with it? And this is where the privacy policy is the gift that just keeps on giving it. I mean, like I I cannot I cannot explain enough how great this privacy policy is. So I look under the what information do we collect area of this page and it lists you know like what would you collect from somebody who's connecting to your website like okay IP address sure like you could see that like that makes sense your internet domain uh things that you're visiting okay I want to see which where you're where you're um what websites you're visiting that makes sense and then you keep reading you're like oh and it also needs the the site that you came from when you came to this site and then also your time and date. And it also needs all of your browsing history and your search history. What? Wait, like why why does Megaplex need to know jalapeno jelly recipe? Like what does why, right? Like that that was a recent search I had. So I'm like that doesn't make sense. Uh information on your interaction with other sites and applications or advertisements. So, it needs to know what other things I'm visiting. It needs to know then this is the best part right your browser software, your operating system, your browser language, information about your location, and a unique thing that ties your device to you. So, we want all this good. I'm like, oh great. So, then like like why? So, I look under the why we collect this information and I'm thinking we need this for logging or some stupid reason like user experience improvement. Maybe that'll be something, right? And I kid you not, here are the best reasons. The first one, which makes sense, is to sell you crap, right? We want it because we want to know more about you and what your interests are so we can sell you crap. All right. And this is the one that like just took the cake. It says, "We collect your information so that we can then anonymize it." Wait, you're collecting unique ID about me so you can then not have information about me? Like, this doesn't make any sense. It's at this point in time where I'm starting to think this might be AI generated. Like, I don't I did they just say, "Make me a privacy policy chat gpt 300 or something like what?" like this what what are we even doing? Like why this is so poorly written. Um and then I'm like well that's that's all dumb whatever. And then I I get to this this is again this is the gift that keeps on giving right. Uh this is what it says. Over the previous 12 months we've shared the following categories of personal identif or personal information with third parties. specific information that identifies you personally, protected classif or classification information, commercial, biometric information, and I'm like, well, that has to be a mistake. And then it says network information, and it says biometric information again. Now, I don't know when the last time you shared your biometric information with a movie theater knowingly was, but over the last 12 months, Megaplex has shared biometric information. I'm like trying to even imagine what this is. Yeah. Twi times. Yeah. Like, I don't even know what this could be. My my only thought is like like let's say you're using a payment app to pay for a ticket and you use your fingerprint and so maybe it's saying like oh this person used a fingerprint to off the payment to the megaplex like okay so this is this is the time this is the point in time where I'm like okay mega it is megaplex right like they ought to have some sort of good security posture if they're gathering my biometric information and sharing it with other people like At least they must be keeping it safe, right? Luckily for me, Megaplex is about as porous with their own personal company information as they are with my information. So, I got to find out Megaplex has 1100 employees. And I'm like, that's good. That's nice. Um, that means they must have a pretty good sized IT team. And then I was thinking, well, wait, because that's not that many people if you take out all the people who are working the stands or whatever. So, I'm like, well, how big is their IT department? It's public information. and they have four. So there are four people in charge of my information. And I'm like, well, you know what? That's four is better than one, right? Or none. So then I looked up the titles of all four of their IT department staff members. One's the CIO, which I imagine if you're a CIO for a movie theater company, you're probably like just a glorified purchasing agent. No offense to any CIOS in here, but that's probably what this person does and sits in on a lot of security meetings, right? I doubt the CIO is worried about my biometric data, right? Or my my zip code. So, there's that. Then there's a systems engineer which after reading his LinkedIn looks like he just fixes projectors and like does physical things on the theater. He's not at charge at all of my data. Then there's a film buyer and film payment specialist. I don't know why this is on the IT department. He clearly has no clue what's going on. And then there's one CRM systems engineer. And if you're here, I apologize for doing all this osent on you, but get your privacy act together or if you watch this video later. Um, so I'm like, oh, so they have one dude who's in charge of all this information that's being gathered by every single person who buys a ticket online on megaplex.com. He has to have a good security background, right? Well, his personal information is also really porous. Uh he served at an IT or before working before taking this job he was an IT service tech service desk technician for a couple of years and that's his work experience. This is his resume. Tada. He did get a BS in software engineering from WGU in 2022. He has a Java EMP emphasis and uh so I went back because I'm an educational institution. I looked up this actual course description from 2022, the course catalog. He took one module of security in his introduction to IT course and he did one module of software security in his testing advanced Java course or security and testing in his advanced Java course. This is what's keeping my biometric information safe. It kind of seems like you're uh a a person in this world where like everybody's trying to steal all of the things they can about you and use them and they want your pictures and they want your stuff and they want your information and why is the question. Like it feels like we can't get away. So my goal today is to minimize the amount of data that we share online. hopefully get you to start thinking a little bit about it, about your personal practices and make it so that you can be way more invisible than the Joemo putting in all of their information online all the time, right? Um, these are if in the security world, these are threats that are taking information that they don't need for their own purposes. And their own purposes, and I'm not going to go too far down this road, but their own purposes are either getting money out of you and getting you to pay as much as you can for whatever they're selling or not even selling selling to. Um, or it's for control to get you to think a certain way. And we can go from Amazon trying to get you to buy an Oala uh water bottle. Does anybody here have an Oala water bottle by chance? Yep. At least one, two, three. Good. Yeah. That's because Amazon's really good. Four. Uh Amazon's really good at that. So they get us to buy things that we don't know we want or we don't want at all. Um and then there's the control on like larger ski or scales of like nation state actors trying to get you to think certain ways which we could talk about that more at a different time. But every day it seems like it's harder to get away. So today I'm going to go over these things. I'm going to talk about what is privacy. We're going to talk about why you should care about privacy or why I care about privacy. uh we'll ask like what data points are most commonly used to build a profile on you specifically and how to get around those. That's kind of the thought. I have a few other things that I'll mention in that fourth uh fourth bullet point. But let's start real quick with what is privacy? And I love this uh this analogy. But the definition of privacy is just the state or condition of being free from or being observed or disturbed by other people. Right? Like the the the example that I use is and and sorry to use potty language. Um literally like if you if you have a two-year-old, you know, you ever try to go poop and like you can't because someone's knocking on the door like ah dad whatever like and you're like would you please just give me some state or condition of being free from being observed or disturbed by other people, right? Like, so I'm I'm not I'm not talking about now uh like being in the bathroom privacy, but for the internet's sake, like, isn't there a place where we can poop in peace? Like, isn't there a place where I can go where there's not somebody always proddding me and trying to steal my information? How do I get that back? How do I get that that that that pace or that space back? And I think when we talk about privacy, we always get this image. They're always like, "Oh, it's the hackers with the hat with the mask and you can't see whatever." But it's also for this guy who is the guy who works at Megaplex and I found his picture and this is his picture. I'm purposefully blurring it out because I don't have his consent. Also, if you cared, uh, it's really easy. And I found his hometown. I found out the high school he went to, which means I know his high school mascot. Why is that important? Uh, I think I also know his address and his phone number and his birth date. Um, I know I'm a creeper. Right now, here's a question. Let's say you call your bank because you need help with something. How did the bank verify that you were who you said you were? Mother's maid name, which I have, your address, which I have. Your date of birth, which I have. Ever thought about that? Ever done a search on yourself and seen like, "Oh, yeah, that's me. That's my address and my phone number online. Do you realize like why that's bad? And if that doesn't make you feel creepy or if it doesn't make you feel creepy that I researched this dude, you probably should feel creepy because this took me literally 12 minutes. And uh like every learning about Megaplex down to this dude's personal bio. 12 minutes. It takes I AI 12 milliseconds, right? Like so if if this itself doesn't like make you feel awkward or weird like why should I give two flying foxes about privacy like the answer is um or I actually asked that to chat GPT and I and I and I got an answer from chatgpt that I really enjoyed. Um I said hey suppose that I'm a really rich really rich person with a lot of money. Why is privacy important to me? and it gave me a really good answer that I think I'm going to just highlight some principles out for you. Um, this is this is what it says. This it this was I'm just going to kind of read ChatGpt's answer. It says, "Your privacy is more than a personal preference. It is a layer of protection that shields your wealth, safety, and influence." I'm going to skip around a little bit. Um, it says, "Opportunists and even competitors see your information not as trivia but as currency." And I think this is applicable to all of us. We just saw it. Um, now Megaplex says they don't sell our information, but are you telling me they're not part of a group that when they share all that information and they get a sale that they don't get a cut? Right. It's currency for them. Um, it says something as simple as your travel patterns or your family details or spending habits can be weaponized against you. I don't think we're going to have our children abducted because we bought something on Megaplex. But I do feel like this is stuff that can be then used to make you do something that you wouldn't normally do otherwise, right? Privacy is not about hiding. It's about safeguarding what makes you vulnerable. Just think about that for a second in your context. And it's not stuff that you know you're vulnerable to because AI and predictive patterns are really good at predicting exactly what you're going to do and when you're going to do it. This recently happened. Delta announced that they were going to start using AI specifically for price adjusting. And so here's what happens. They said or I'll give you an example. This is not what they said, but they said they want to make sure that they get every or each customer the correct price at the correct time. So, here's what that means. You get a text that says, "Hey, John, grandpa died. We need you to come out." And you send it on Google Messages. So, Google Messages, by the way, if you didn't know that. It just reads everything after it unencrypts it. Um, and so like Google Messages says, "John's grandpa died. Add it to your file." Delta sees John start looking for flights back home and John hits enter and you know how it's like loading loading. Ever looked for for an airline price and it takes like 20 minutes to load. Like why does it take 20 minutes to load? I can download the entire internet in 20 minutes. Like why do I need 20 minutes to load a ticket price? It's because it's searching for John and it sees, oh, John's grandpa just died. Well, we would normally sell John this ticket for $200, but since his grandpa died, he'll pay 350 for it. I know because I've done this 10 times and Jim and Jane and Stuart all paid the same. Wow. Oh, and then let me back up because Delta said, "No, no, no. We don't we don't use it to actually set prices for people. That's illegal." And that's true. But did you know that it's not illegal in the US to set a price based on the device identifier? So, I'm not I'm not targeting you. It's just your cell phone, so it's okay. That's how. Or your or your computer. And since I know that your cell phone and your computer live in the same house, and since I know that you're at work between these hours, I also know exactly where you're going to come from. And I can make sure that I charge the correct customer the correct price at the correct time. That's why I have this picture up here, cuz even though it's dumb, um, like I feel like I feel like this is something that's silly, but like there's like a third hand that the AI generated down here because the it doesn't play by the rules. It does whatever the freak it wants to in order to get the results that you're asking for. And if you're a Delta and you say, "We want more income." They're like, "Okay, we'll do this to you." And you're like, "Thanks. I didn't want that." But they do it anyway. Right? Here's here's here's paragraph two from this chat GPT. It says, "Wealth also makes you influential, which attracts constant observation from other people." Blah blah blah. Maintaining privacy means maintaining control over your narrative, your security, and your legacy. And I'm like, well, I don't have I mean, I'm not again I'm not a billionaire. here. I don't have a legacy, but think about what's your narrative. What's your life's narrative? Like you want to go this way maybe in life. And if chat or sorry, if if some sort of privacy something or another can just nudge you this way to be their benefit a little bit, you lose control over your own ability to influence yourself. If it puts you into this bucket of these kinds of people who think these kinds of ways and gets you to do that, then you lose your ability to influence other people in other fields. And I I don't want to sound like crazy or end of the world Ian, right? And maybe it's not happening on 90 degree turns or 180 degree turns and you're going somewhere else than you ever wanted to be, but it is we're we are able to sway opinions and votes and whatever one way or the other with information about you. Um and then the last thing is it's about freedom. Uh this is again from chat GPT. Without it, every choice or without privacy, every choice you make is monitored, judged, and potentially exploited. With it, you retain the ability to live, act, and invest on your own terms. I'm not throwing up investment advice here, but I have the ability to do stuff without being observed. Like, why is that a bad thing? And why is it a good thing for everybody to know how many packs of diapers I've been buying and what kind of diapers so that they can start profiling my daughter who's two and say, "Hey, we know you're coming from this kind of a background. Hey, we know that you eat these kinds of things. Hey, we know that you like to play with these kinds of toys. Hey, we know that your parents think this way. Hey, it's illegal, by the way, to knowingly gather data on a 2-year-old. But if they have a folder that says date of birth because they know that because somebody you or someone close to you put your you put your expecting date into an app and it said they're the size of a kumquat today and you're like sweet I don't even know what that is. Uh then that starts to get added literally from Twitter. There's a defcon talk about it. Talk about exploitation of unborn children. Um, and and like then it takes all that information, puts it in a little bucket, and when you turn 13, now you can get advertised to, so you get your own bucket, and it's already full. Isn't that awesome? Well, just append it to your parents accounts instead of that. This is what it says. It's the same way that you diversify your investments, you must invest in privacy. It isn't paranoia, it's prudence. I think that as you gain privacy, you gain the ability to act. And I feel like this is probably ultimately what I care most about. I want my daughter to grow up in a place where not every single thing she does is can be predicted by AI. And not everything that she hopes to buy will be sold to her directly with all of her profile intact. Right? That's my goal and that's the hill that I'm going to die on. But this is this is for me my reason why privacy is important because I'll be darned if YouTube doesn't already know exactly what she wants to watch next, right? And then cross that with all the things we buy at Walmart, which is tied to a credit card number, which we're going to learn about in a second. So, how's this all how's this all brought back to me? Like, what is profiled? Obviously, if you have the same email address everywhere, that's you. I'm going to kind of build off of Pope's presentation here last time. Like it's pretty clear if you're using john.smith@gmail.com. It's pretty clear you're John Smith. Like it's it's pretty obvious if you have the same username jmith1842 jith1842 everywhere. Like it's pretty obvious you're John Smith because we know that, right? There's your IP address. There's your physical address. There's your phone numbers. There's all this other stuff. And so my goal is to hopefully help nip these some nip some of these things in the bud. So, we're going to start with the basics and also my absolute favorite AI generated image from this whole slide deck. I think this is a freaking awesome photo, but that's a different story, right? So, we're going to just do some basics and I'm going to fly through these because I did these at Bside Salt Lake and I don't want to rehash these. Um, but we'll just go through some of the basics of things that we should do if you're at all interested in privacy or if anything I've said so far has kind of like spoken to you. First thing is just get off social media. Like, that's just a fact. Social media is not in the business of being social. Social media is in the business of engaging you. That's all it is. It wants to engage you. They all do it differently, but every single one of them does it by learning more about what interests you and what drives you and what will make you do things in the real world. So that's all social media is. So sorry, get off of it. If you have to, absolutely stay on social media because you would die without it. They've already won. But it's okay. Here's some other things you can do. Like just minimize your data as much as possible. Don't share, hey, I'm in Cabo this week. Like great, now everybody knows and we can go break in your house unobstructed. That's great. Like you don't need to share all that information. You can do it later, right? Um you're taking pictures of your home and uh then you leave that metadata, your GPS on that on that picture that gets posted to Twitter and now everybody on Twitter knows exactly where you live down to the GPS point like within a foot. By the way, yeah. Uh, high precision GPS. You know how you have that on your phone? Like location, high accuracy. Like, do do you really need to know how far left, one foot, or right foot you are while driving with Google Maps? Don't use Google Maps. Like, why do you need why do you need within one foot accuracy? Just turn that off. That just helps everybody else find out more information about you anyway. That's a different story. Don't reuse your your your hashtags or your usernames or or handles. My favorite is when you go on one place and you're like uh you get on and you're like I'm going to make a new account that nobody knows what it is and then you put over here like #365 is the absolute best thing in the world and then you go hashtag 365 is the absolute best thing in the world. Like okay well you're the only person using that hashtag so it's clearly you. So like just minimize things that could trace you from one thing to another, right? But the the rule is just get off of social media. The next thing is change your browser. Stop using Chrome. Chrome tracks everything everywhere all the time. It's It just does. And I know that Chrome has 85% adoption rate. We don't need Chrome. Trust me, you don't need Chrome. Please. Edge is just a wannabe. We all know that. Safari me. Uh you can argue me on that. That's fine. But I'll still say meh. Uh Firefox used to say that they don't share information, but in May they change their terms of service and they say now that we could share everything that you type into and or do on your browser. That seems weird. And then the CEO came back was like, "No, no, it doesn't actually mean everything that you do on the browser." It's like, what? But that's what you said. Like that's what it reads right now. So now I'm going to say this and this could be controversial for some, but I don't care. If you really have a hard time, you want to get off, go to Brave. It's Chrome, but it's with a focus on privacy. And by default, it is way more secure. I personally don't know the founders of Brave, but I have a good friend who does, and she knows them, and her feedback to me is that they're an okay company. They're good. And I feel like if you're worried about just your if privacy is something, just switch to Brave. It's super easy. It keeps the internet from scraping all the crap about you that Google's happy to share. It's just it's good. There are some other browsers you can try. Malvad and Liberwolf and Orion's new one that I just read about two days ago in a privacy newsletter that I read that might be good. That's a that's an iOS um uh browser open source that's uh built on or made to work with iOS and it's it's it's pretty good. It's currently in beta, but it'll be released soon. just just switch to a different browser. I promise it'll help. Right? That's one way to help really minimize how much information is gathered about you. Stop googling. Google sucks. Stop using Google. Um Bing is just a wannabe. Let's I'll agree on that. I don't even know what Siri is doing on this list. Um Duck.Go is okay. Duck.Go scrapes Bing and Google, but it does it through a centralized source. So nothing can get tracked back specifically to your Well, I don't say nothing, but it's much much much harder to track things specifically to your device. So you go to duck.go, it searches Google and Bing puts it all in one list and gives you the top results and you don't need to share all of your information about it or your search history or whatever, right? Start page is one that's I think based out of the Netherlands. They have servers down here. Way cool. You can do searches through them. Everything there is put through a proxy. So you don't even touch the internet. It does the searches for you and then sends you the stuff back which is way cool. Or if you're super into it, you could do CRXNG. I don't know how to pronounce this. I It's like search engine. It's supposed to be, but um it's this is something you can self-host that does the same thing Start Page does, but it just runs on your own local stuff, which is kind of nice, too. Pros and cons, but I think uh it's it's also really really great for anonymizing yourself. Throwing that out there. Stop sending texts. If we haven't heard, China reads everything that we send everywhere. We all know that. We should know that. If you don't, read the news. Um and it's not just China. The US government does it, too. And so does Russia, and so do all the big world powers. So, it's really easy to read all of your texts, right? Um, also don't use Google Messages. There's a reason why Samsung said, "You know what? We're not going to do our own messages anymore. We're just going to let Google Message take all of our market share." That's because Google paid them buttloads of money for your information so that they can know exactly when Uncle John dies, right? SMS stands for share my stuff. So, don't use SMS. It's not secure. RCS stands for really careless security. Again, I needed AI to make these, but they're pretty good. Um, right. So, that what could we use instead? Signal's great. Session's great. XMPPP is great. Some of these are easier to set up than others. My biggest recommendation is just switch to Signal. Like, why not? It's great. It's secure. Just don't invite unwanted reporters into your groups. And we're fine. Like, that's all you have to do. Just don't click that button. All right. Um, stop using Gmail. Don't use it. It sucks. Uh, it reads everything like it literally reads everything and then puts it that's why it has such good autopredict text. But that's yeah, if you want privacy, don't use Gmail, right? Um, use a service that encrypts email because Gmail's like, "Yeah, we encrypt everything." It's like, "Yeah, but as soon as you decrypt it, you read it." Like, so what's the difference? Like, I don't understand. Why are you why are you advertising this? Uh, make sure it's unreadable to the host and that it encrypts everything. Good examples are Proton or TUDA. They just went from TUDA to TUDA. um they're great and I can't tell them enough. I think they're awesome. So, that's my that's my uh stance on that. And then use a VPN. Um VPNs combine your traffic with other people's traffic. So, that can help mask your IP's location. We already talked about encrypting traffic. It helps against a lot of scanners. Um NordVPN is decent on the scale. They just price gouge you. Surf Shark is also pretty good. Um ProtonVPN is kind of my preferred I go to, but that's all right. And Molvad is also a really good VPN. So these are kind of my VPN providers. Um also this is a chat or sorry like a an LLM generated model or diagram and I want to just show what I last year when I did this talk this was the best it could come up with. So we've come quite a bit in the field of AI. I really like it. But so this is I I said please make me a diagram of a VPN. I don't I don't even know but we've we've come a long way right like it's pretty good. I think it's pretty awesome. So, all right. So, this is what we can do now. We've gotten through those basics. How do we how do we stop being sheep? How do we be because because all they do is we just gather all the information from the sheep and just throw it in. So, how do we break free from being sheep, right? I'm going to say here's some guiding principles. These are my I think it's awesome. I don't know. My wife said it was scary, too, but I was like I I think it's awesome. All right. So, here's some guiding principles on how to not be a sheep, right? Always provide as little information as possible. Why the freak do I need my name and to watch a movie? Have you ever walked in and been like, "Oh, hi Steve. Thank you for coming in." Like, no. Nobody cares. Nobody Nobody cares. Nobody in Megaplex cares. Not even the one guy who works there and is in charge of my data. He don't he don't care either, right? It's all about selling your information. So, provide as little as possible. Don't reuse information ever if you can. Don't reuse emails ever. Don't reuse usernames, credit card numbers, addresses, browsing sessions. You don't need it. You don't need to. You might think that's not possible, but I'll show you in a minute. We'll go through that. And then the last is this is a legitimate side note. If you are really cool with giving all your information to Google so you can get a good news recommendation on your newsfeed, like just do so knowingly. Don't let like don't give all your stuff away without knowing. I don't I didn't know I was giving away my biometric information when I was signing up for Megaplex, right? Like that's weird. So, uh don't do that. But like don't do it. If if you want to opt into something, feel free to opt into something, but do so in an informed matter, right? I'm going to breeze through this real quick, but I think there are kind of like three tiers of privacy in my book. The first is like when you're doing something that doesn't matter at all. Like don't provide any PII period. If you're going to McDonald's and they're like, "Please sign with the app." Like they should not have my address, my email address. They should not have my zip code. They should not have my name. They should not have my phone number. McDonald's has never cared about me. They care about my data. So I don't need to share any information about that, right? Or if I'm buying a movie ticket. Um if uh you there's a like a second level. This might be like something where you might need to prove this in a matter of court or law or whatever, right? There are options you can do that you can provide minimal information. One of my favorite examples is let's say I'm purchasing a uh a a domain and if if it gets hijacked, you want to be able to get it back. Well, let's say your name is Jimmy or James Stevens and your grandma calls you Jimmy. You could put your name as like Jim M and then your last name is like me e because everybody knows who Jimmy is, right? And that'll work. If you can bring some if you can bring a witness into a court of law and I'm not a lawyer, by the way. If you can bring a witness in a court of law and says, "Do you know who Jimmy is?" And they're like, "Yeah, that's him." Then then you've passed, right? Okay. So, you're good. So, you can do things like that where you don't need to provide all your information, but you can still get away with it, right? And if it doesn't say you need your legal name or your legal address or something, then make something up. Who cares, right? Like why? And then there's a level three that I think like this is for like insurance or medical information things like you should give your information there, but be weary of it and don't provide anything that's not legally required, right? Have you ever thought about like why you go in and the first thing you you have on your intake form when you go to a doctor is like where do you work? I don't know why my doctor needs to know I work at BTech. Why? Think about that for a minute and then go look up HIPPA and then you'll feel scared. Okay, so let's talk about email addresses. How do we not ever reuse an email address? Because it's a monster to have to create 5,000 email addresses unless you use simple login.io, which is a cheapfree service that you can use to create aliases for your emails. Um, and then Proton does this, TUDA does this. Even Google has jumped on the email alias train. And the reason why Google's on it is because then Google's the only one who knows. Yeah, they're the only one who knows all the emails. But what'll happen is, let's say I'm going to sign up for a Bside or I want to sign up for Bides and I have to give my email address like every single one you probably had to do for Eventbrite and I apologize. This is just a company thing. Um, not not a not a me decision. I would create my own email address like besides almighty775passforward.com which is my real email address by the way at least it will be for another like couple of hours. If you want to email me you can email me at my personal email here. It'll just forward it directly to my personal email and you have no clue what my email address is. I'll probably leave it up. Why not email me on it if you want to. That's all right. If it gets really annoying I'll turn it off later, right? That's okay. But maybe you're going to go to Lowe's. You could create Lowe's Chicken at password or Cloudflare happy or Walmart height. I It just makes a random email address for you and then it forwards it to correct inbox. Super easy. Look into that if you haven't yet. And if you don't know about email aliases, this is something super easy you can do. Um usernames. So we all know we should use password managers. Please don't reuse your passwords. If you're using your password, leave this conference right now and go change everything and then come back. Like that's that's a step 101, right? So we should always use a password manager and never use a password. But along those lines, don't you have like a random character generator in your password manager? So like why would you ever reuse a username? Like it's really nice to have a username that's just a harmless potato and everywhere you go, you're just a harmless potato. Like your Xbox and your Gmail and your whatever, you're just a harmless potato. But that sucks. So don't do that. Instead, just make up some stuff. Yeah. Right. Yeah. Just Yeah. uh just make just have your your password generator make up eight characters or 10 or 12 or whatever the username requirement is. Why reuse a username? Your password generator is just going to remember it anyway. Your your password service, right? Like it signs it. Why does it have to keep entering in your real email address every time? Like just make up a username. Why not? Super easy. These are my usernames. These are not my actual usernames. I just did the password generator thing, right? Credit cards are a fun one. And I think my wife is watching, so I'm going to apologize in advance for her because she doesn't know this is coming. Um, privacy.com is a really, really, really, really cool thing. What you do is, um, you go to privacy.com. I'm going to chat over here while I get my phone open. You go to privacy.com and you will have to enter in some information, but that's okay because the US government has to know absolutely everything that happens in the financial sector, and there's almost nothing you can do to get out of that. Uh maybe we'll talk about decentralized currency on a different day, but you can go to privacy.com and create uh an an account which links to your real um financial institutions and then you can just create a new credit card. So to show how easy this is, I have my phone here. I'm going to open up privacy.com and create a new one. I'm going to do a single-use card. Okay, sweet. And what I'm going to do is spend a total limit of $10. I'm going to save this right now. We're good. And now what I'm going to do, I don't know if you've ever done this in a public before, but I'm going to share my credit card information with you. And the first person to make a $10 or less purchase can have 10 free dollars. Uh, if you want to try it, good luck finding somewhere to use it. If you're like, "Well, what do I put for the name?" Whatever you want. What do I put for the address? I don't care. I don't care. As soon as somebody purchases something for $10 or less, hopefully you have something on your wish list. You can enter in this credit card number. Put any name you want to. Put any address you want to and I will pay for something that's $10 or less. If you're the second or third person on this list, I apologize, but I feel like, do you see how hard it was to create a credit card number? And you know what the vendor is going to see if you're purchasing something from Amazon? You know what the vendor is going to see? Privacy.com. just purchased $10 worth of crap and you and they that's it. And you know what the bank is gonna see? $10 purchase to privacy.com and there's not going to be any transaction information. There's not going to be anything about what you bought. There's not going to be anything anything. And it's amazing that I can do this and give away a credit card number. That seems insane to me. I'm going to flip back over, but it's true. And for those who are going to watch later, that's card's going to be not active by that time, right? Like it's it's cool. You can just do that, right? I think that's awesome. Here's another trick. If you have a credit card, you know how you can go in and add an authorized user to your account? Like you can add another name. Well, what they want is they need the name of that person and they need a social security number, but they only need the social security number if you're going to have access to online banking. They don't need a social security number for you to get an authorized user in that name. So, you could just say Jimmyi Hendris, I don't know, and it'll send a credit card to you at your home with the name Jimmyi Hendris. Now, granted, your bank is still going to know what you're buying, and they're still going to have that information, but when you go to make a purchase and you don't want it to be tied directly to your account or to you, cool. That's you don't need to. Like, that's that's all right. I'm just checking to see if anybody's made a purchase yet. I don't I don't I I don't think so. We're still we're still we're still no activity on that at card. So, I mean, it's up to you if you guys if you don't want to, that's all right, too. I'll turn off later. That's 10 bucks for me. Um, but yeah, you could just get an authorized user and you can get another card. Now, if somebody asks for ID, that might be a little tricky situ Oh, sorry. I grabbed the wrong card. Uh, awkward, but who's when was the last time you were carded for a credit card transaction? Like, were they can I see your ID? Like, I don't know. Wallet apps also are are okay, right? Like I don't want to I mean Google does this and Apple does this for Apple Wallet. When you scan your phone with an NFC, it creates a new credit card number every single time so that it's not tied specifically to you. That's really good because they keep maintain your privacy to vendors. Granted, Google and Apple still know who you are, but like those are good things. Don't reuse the exact same credit card everywhere. If you use it here and there and here and there, I know it's you. And if you don't have to, why? Oh, also, by the way, privacy.com is free because they steal all the all the all the money that would go to Visa or Mastercard, right? So, that's kind of fun. Oh, did I just get an email a notification? Aha, transaction notification. Somebody did it. Thank you. Let's see. Let's see what I have right here. I I just This is bad, but I don't I don't care. We're gonna I should be moving on with my presentation instead. Um, we're good. Okay. Uh, let's see. It went to It was Amazon. Somebody got Amazon. You're welcome. All right. Sweet. So, that's good. Okay. I probably shouldn't have said that in a privacy presentation. Yeah. All right. Sweet. It work. I didn't lie. I didn't lie. She That is exactly what you do. Thank you. Unknown person that I will not share your name. Sweet. That's awesome. Um, great. So, let's do phone numbers. This is great. Phone numbers. Uh you pay for one phone line and it is probably $60 a month or more. Um and you're have one phone number and 20 is good. Yeah. And so like what how do I get rid of my how do I do that? The easiest way is to subscribe to a VO provider. I have some examples up here. You can look at these. Um I've either personal recommendations, things that I'm on or that I've heard from other privacy enthusiasts that work really well. If you go to a VoIP provider, you sign up for an account um and then they say, you know, like give me give me your information. You do need to share your real information because we're in the US. That's how it works. If you want to go to a different country, you can, but then you're in a different country. That's on you. Um and then you say, I want a phone number in and pick your favorite city, preferably not in Utah. Let's say I'm in San Diego. Sweet. I'm from San Diego. You say, I want a number in San Diego. You hit go. It gives you a number in San Diego and it charges me in my case 85 cents to activate that and a dollar a month to keep it. And if I want to, I can delete it. If I start getting spam calls on it, I can delete it. And that's fine. That's not a problem. Um, and then I can go and share that information with whoever I need to. And let's say I'm going to a conference and I have to share my information. I can spin up a new phone number, give it to a bunch of people I don't know. Four of those reach out to me. only one is actually of interest. I'll take that person. I'll uh I'll say, "Hey, find me on Signal." And then the other three, I'll just turn off that phone number and that's 85 cents that I've lost. That's it. Um and it's way cool. Major telecom providers, Verizon, AT&T, whatever, they sell all your information to everybody. I can't even begin to talk about this deal. So, just don't use them. Um and if you do, yeah, let's just let's just not use them. Uh so, like, well, what are the other options? Well, there are smaller telecom providers. Um, and the best part about these is that they will take any information they can. I'm not going to name any specifically, but there are some that you can go to and you can just buy a SIM card, throw it in your phone, and it says, "What's your information?" And you put in any name you want. And then you put in the name of a hotel where you're staying that night because that's a legal residence for that day. You put in the room number. It's a it's a legal address where you were residing at that day. And then that's what they think you are. That's who they think you are. And so all your data gets tied to that fake name at a fake address and nobody ever knows anything about you. And then you never have to give that phone number ever to anyone because you're using a VoIP provider. And if you get a new SIM card, all your phone, all your te all your phone calls come in on the VoIP provider anyway. So you just log in your VoIP provider there and all your telephone numbers come in there. When we expect you to disappear, I I will not disappear. And also, there are a couple of these things that I'm not like fully into yet. So, I mean, you can still find me on the internet, but the answer is I don't know that I'm going to disappear because I want this to be common knowledge for everybody and not just the Jeff Bezoses of the world, right? Yeah. Well, we're going to get there in a second with IDs. Yeah. So, they're gonna ask you to put in your ID. And we're seeing this a lot more. Uh, I had a friend who shared a board game something or another with me um on I don't remember which Insta or something and they were like, "Sorry, we need you to be 18 or more to view this." I was like, "What?" And it's like, "Please input your ID." I was like, "Forget that." Um, which is okay to say, by the way. You don't need to put in your identification to watch a video. Mother of pearl, please stop. But like, like we don't need to do those things, right? So, here's some here's some things that I think are beneficial. If you ever have to share an ID, get a US passport card. US passport card looks like this. And yes, this is the government's official example. What? Um, so like this. This is the this is the passport card. And let me put it up next to Utah's official example of what a driver's license is. Ouch. We need to get these guys into AI or something because it's bad. Okay. Notice the difference between these two IDs. I recently checked into a hotel and I got there and she was like, "Can I see your ID, please?" I was like, "Yeah, no problem." So, I gave her my passport card and she was like, "Uh, do you have uh an ID with with your address on it? I just need to put it into my system." And I was like, "Nope, I'm sorry. I don't have a driver's license." And she was like, "Oh, that's okay. Thanks." And then she gave me my ID back and that was it. Why do I need to give my ID to sleep in a room I already paid for? Like, that doesn't make sense. Like, who what? Like, and and this is the thing that I I want us to break free from being sheep, right? Like this is something that we should never have to do. Why do I need to give my ID to be able to visit a website? Like that's a problem. And hopefully we start to think more like this as we move on, right? So I just gave her my ID and that was it. You should never ever ever ever ever let anybody take a picture of your ID ever. If there is a situation in which you need absolutely need to provide an ID like let's say you're signing up for a government something IRS whatever they need a picture of your ID and I hate this and I don't think you should do that anyway but that's if let's say you need to the way you do it is by taking a picture of your ID putting it into some paint something or another MS paint and then you say copied for whatever service on this date do not share Because if this ID or not if when this ID leaks somewhere like on the dark web or whatever, if you find it or if somebody else finds it, we know exactly what company leaked your crap. And I think that's something that's kind of cool. But I'm not saying this is what you should do. Just never do this anyway. This is like the ultimate worst case scenario, right? But a US passport card is awesome. You know what's even better? Like just make your own ID. Everybody's like, "Yeah, right." Like like it I'm not saying like driver's license. Like you can check into a hotel with this. That's totally fine. And you know, I I I just did this search online. There are people who do this for like dollars, like single dollars, you know? You can just get an ID made and printed and sent to your house. Make up some company name. I don't know what we I've always wanted to work for. Just put NASA. Who cares? Put NASA on it, right? Like whatever. And your name. Like that's fine, right? If you're going to really like actually go into making your own IDs on the back, it should say this document should not be used as identification. But I don't know if you've ever flipped an ID to look at the backside with the not picture. Like nobody does that. So they just look at the front. They're like, "Thank you. That's your identification." You're like, "Oh, okay. Well, you weren't supposed to do that, but thanks. I appreciate it." Right? Um you could use your school card or a company uh a company ID card or something like that. That works. You could maybe get by with using a credit card. So let's say you have a credit card that's not in your real name. Uh like you could say, "I'm this person." And then be like, "Oh, well, we don't have Oh, I sorry. I so forgot, but here's my credit card that I reserved the room on, and here's, you know, it has my name on it. I forgot my wallet in the airport and they're going to deliver it tomorrow. So, I really need to get checked into the hotel so they can deliver it. Nobody's going to remember that story. So, yeah, whatever. And it works. You could also get a passport from another country. That works, too. If you want to talk about how that works, we'll talk more later. Just never ever ever let anybody scan your ID, right? Addresses. I already mentioned this. Hotels are legal residences while you're there. So, I wait till I have like some tier 2 stuff that I need to do and I'll wait till I'm in a hotel and then I'll put that address in. Um, if you want to get crazy, too, they're also like CRMAS, um, which are commercial mail receiving agencies like UPS. They'll take you can pay them a monthly fee and then they'll accept your mail for you. PO boxes are decent. They're better than your home address. Um, and personal mailbox things. We don't know about these because we we haven't been briefed on privacy. We always are told if you have nothing to hide, you don't need to worry about. But they're like, you go to America's mailbox and you'll get a you'll get a a unique mailbox somewhere in somewhere in Colorado and then they'll just send your mail when you ask them to opt and are in the business of user engagement. That's what they want. So they take all your information and try to get you to do stuff on their platforms. That's just then that's facts. So again, um if you can try getting off of either Google or Apple and there are others that are more secure. Graphino X is awesome. I'm I'm on Graphino OS. I fully recommend it. Read into it if you don't know about it. Um it's it's a great option. You can still do everything you want. You could even get a Graphine OS phone and still log into Google or you could just completely not be connected to any of the Google services, which is awesome, right? Kix OS is Linux, but uh good it's not that bad. I guess I was going to say good luck, but some of if you're on Kix, you know what I'm talking about, right? Um Pop OS for your for your for your uh your computers, right? Linux, that's that's privacy focused. It's great. I think it's awesome. Turn off all your browser cookies. Please, right now, turn off all your browser cookies. It's better for a website to break than it is for all of your information to go out or the information about your loved ones or whatever, right? I think that's something. Block fingerprinting if you can on your on your browsers. And then to go off of Pope's example, just check your pcap files and your DNS queries and see what's going on. Recently, I made jalapeno jelly. So, while my wife was on the internet looking at the recipe, and this isn't a recipe website, and I kid you not, her one phone made 14,025 DNS queries in 50 minutes while it took us to make the recipe. I don't know if you've ever looked at a pcap file of your device and checked DNS. If you haven't, you're thinking it's not possible in 50 minutes to send that many DNS requests. Thank you. It is possible and it's the reality. And if you're like, well, what 14,000 websites need my information? The fact that I'm I'm making jalapeno jelly. I don't know. But none of them have your interest in mind. I'm just going to say that flat out. Like none of them have your interest in mind. So, those are my next level things. There are a few advanced things I'm just going to breeze through. There are some resources for privacy. These are places you can go um where to get more information about it. Um I think like the EFF is awesome. Uh read the EFF just learn about what where people getting your information and how to maintain maintain your privacy. The Citizen Lab is another company up in in Canada. They do amazing work. Um, intel techchniques.com is the source of much of my privacy knowledge. Um, there's a book called Extreme Privacy Fifth Edition that like it's everything I've said but like to the max like to a thousand. Crank it up to 11. Um, and then there are privacy villages at conferences. You can talk about that. Recommend these these these resources to people. And then you could also try going to the disinformation route. This was supposed to be a funny mask. I don't know why it came out so creepy, but um you could like go and actively try to to share information about you. You could like connect these alias names or these phones to to your real name. Um and one of the things that's fun is like you can go to a political party or both or all of the I don't know how many there are and just donate a dollar with your information but like your name, your real name, but fake information. It'll make its way to all corners of the internet in about 24 hours. And that's awesome, right? And don't don't use don't use your address or don't use your neighbor's address because that's just mean. Um, but like I did a quick Google search of like SLC apartments and I found a floor plan of the Eagle which is I don't even know where that is. It's in Salt Lake. You could say I live in apartment 8 Q and then be done and that's cool. And because it's a legal address, it'll take it and then they'll share that the worldwide around like around the whole world. It's great. Um, you could order free trials of magazines to your to your house in fake names. So like, oh, Jimmyi Hendricks lives at my address. That's cool. And and those those go so far up the the the totem pole that your real information will start to move down or so so far down the totem pole, your information will move up. It's counterintuitive if you really know about totem poles, but anyway, they they'll take way more priority than your stuff, which is real, which is cool. So you just keep doing this and then everybody will think that Jimmyi Hendris lives at your house, right? Enter contests. win a million dollars. That's great. If you provide any of these phone numbers, it'll always be busy. They're real phone numbers. It'll just be busy. And uh you can also put 8675309. Next time you go to Smith's, give your number as 8675309. For those of you who don't know, you're just too young. For those of you who do know, you're never going to forget that number. And it's crazy because you will always get rewards. Always. You might even get to cash out on somebody else's reward. Like it's like it's a community pile of happiness, right? And everything is obuscated. 8675309. And if you give that 248 number, uh, it's a Rick roll. So that's good. I'm going to skip I'm I'm out of time. So I'm going to skip the information on trusts and wills. Just make a generic trust. Put all your stuff in in the trust and we're good to go. And that's that. So takeaways from today is any step forward is a positive step forward. Please just make some step. You don't need to go 100% right now. One thing that spoke to you, do that today. Right? Always question why people need the information that they're asking for. 90% of the time they don't. 98% I don't I need more, right? They just don't need it. Ask yourself if you need to give that out and then make an informed and intentional decision about the data or make informed intentional decisions about the data you share. So what did I end up doing? I put my name as no nopey. I gave him a fake uh email address. I gave him a fake phone number that is 8675309. I put my birth date as January 1st, 20 or 2001 because that lets me watch any movies I would want to. And I put my zip code as 90210 and I got in just fine and nobody cared. All right, thanks you guys. [Applause]