Year: 2017

11 Essential Security Practices to Keep Your Bitcoin Safe

The recent explosion in the price of Bitcoin and other cryptocurrencies has inspired me to start a new hobby: helping people recover lost Bitcoin wallets.

As might be expected of early adopters in an anonymous Internet cryptocurrency, many of my customers are information security professionals. It seems that many of them set up so many security measures that they locked themselves out of their Bitcoin. On the other hand, I’ve also heard from many more people who lost their Bitcoin or had it stolen because they either did not follow basic security practices or followed them without understanding their implications and also lost their coins. The inherent balance in information security is that you need walls in place to protect against threats, but the walls you put up to protect yourself can lock you out if you forget your way in.

I, therefore, want to suggest a list of steps that you can take right now to secure your crypto stash. These measures should be both comprehensive enough to keep you safe without being so complicated that you will be locked out of it, or tempted to disable security altogether.

1: Store your wallet seed somewhere safe.

People come to me when they lose their Bitcoins any number of ways, but the one common element in their stories is that they failed to save their recovery seed. Most modern wallets ask you to save your recovery seed/mnemonic phrase somewhere safe when you set up your wallet. You can keep it in a safe place (such as an actual safe) or an encrypted flash drive (I use Veracrypt). Triple-check both the words and the word order, as one person I worked with wrote down his seed incorrectly and lost all of his coins.

2: Use a hardware wallet — or a strongly encrypted software wallet.

A hardware wallet (an electronic device dedicated to storing Bitcoin) such as a Trezor or Ledger is the safest place for your Bitcoin. Read my Trezor review on Amazon to understand the pros and cons of using one.

If you don’t use a hardware wallet, use a wallet which supports strong encryption. The JAXX wallet, for example, can be easily hacked and your coins stolen. I use the Electrum wallet, which allows me to encrypt my wallet file.

3: Encrypt your hard drive.

Encrypting your whole hard drive is essential if you don’t want anyone with physical or virtual access to your computer to be able to extract all of your data. Modern versions of Windows and Apple iOS make this easy.

If you have a Mac, encrypt your hard drive with FileVault. If you have Windows, you can use BitLocker to do the same thing. Personally, I do not use Windows to make any Bitcoin transactions because securing the operating system is too cumbersome, specifically because of the steps below.

4: Set a firmware password.

Apple computers allow you to set a firmware password which prevents your computer from being accessed without your password or using an external device. This is an additional security measure which makes your computer a lot less useful to thieves as it requires a visit to an Apple store and a proof of purchase to reset it. While older Apple computers had some simple workarounds to disable the firmware lock, modern ones are much more difficult for criminals to unlock.

5: Automatically lock your computer when you’re away.

Hard drive encryption will not help you if someone installs a keylogger when you’re away from your keyboard. Set your computer to auto-lock after a few minutes AFK.  Mine is set to auto-lock after five minutes

Here are instructions for Windows and Mac. I also have a “panic button” via a Touch Bar customization which locks my screen on command. I use it whenever I walk away to get coffee, go to the bathroom, etc.

6: Disable automatic login.

Locking does no good if your computer logs in as you when you turn it on. Make sure auto login is disabled.

7: Use a password manager.

I use the password manager LastPass to store the over 600 passwords of every service I use. I generate a new, strong password for each service I use it with it.

LastPass will offer to suck in and audit all your passwords. My score is not great because, like everyone else, before LastPass, I used the same password for most sites before I started using a password manager. LastPass passwords are encrypted using a master password, which for me is a quasi-random list of words which I don’t use for any other purpose.

However, even if someone gained access to my LastPass credentials, they would not access any of my important services because I also use the following step.

8: Enable multi-factor access.

I use LastPass Authenticator in combination with other passwords to access all my important accounts. The LastPass Authenticator iPhone app works with the LastPass Chrome extension to auto-enter credentials for many sites. Multi-factor authentication apps work by cycling a code every 30 seconds which must be entered in addition to the password to access a service. For some services, I also have a physical security token (my Trezor wallet does this, but most people use a YubiKey) which must be physically plugged into my computer to access a site.

9: Keep your computer up to date.

Mac OS had a nasty root access bug a few weeks ago. Keep your OS up to date to protect against the latest threats.

10: Use private, offline mode for sensitive operations.

I occasionally need to create a paper wallet or perform other sensitive operations in my web browser. This has two risks:

  1. The web page may have malicious code which leaks my keys.
  2. One of my browser extensions may have malicious code (this happened to me a few month ago).

To work around both of these issues, I perform security-critical operations in an Incognito Chrome window. Incognito disables extensions unless you specifically whitelist them.

Furthermore, I perform any paper wallet operations with ethernet/Wifi disabled. This prevents malicious code in the wallet from secretly sending your Bitcoin keys to a third party. I then completely quit my web browser before going back online. I also download any browser-based crypto software directly from GitHub rather than random websites.

11: Setup automatic backups.

I’ve set up my MacBook for triple-redundant encrypted hourly backups with Apple Time Machine. This is not nearly as easy with Windows. CrashPlan (available on Windows and Mac) allows encrypted backup to local storage devices. Windows has a built-in backup app, but it’s not nearly as simple or powerful as Time Machine.

While this is not strictly security advice, automating your backups is important from a security perspective. I’ve noticed that people who are not 100% confident in their backups tend to backup important files over flash drives, work computers, email, DropBox, and other services where it is at risk of theft. Some of my clients thought they’d backed up their wallet, but couldn’t figure out which of the 10 flash drives they had actually held their Bitcoins years later. A complete system backup will allow you to restore both the wallet file and the software you used to open it.

Reposted from Vellum Capital

How to protect yourself online, no matter your security needs

Almost every week, it seems that there is some kind of major security breach. Whether celebrity nudesthe social security numbers of the majority of Americans, or a Bitcoin heist, it seems that our private data is under constant attack.

The Internet and your co-workers are full of advice: put a sticker over your webcamdisable Flash/Java in your browser, encrypt your drives, delete your Facebook account, cover your hand while using the ATM, get a burner phone, pay for everything with cash, start wearing a tinfoil hat to protect against the NSA’s spy rays, etc.

The reality is that as more and more of our lives become digital, information security becomes increasingly important. Many bad things can happen when your privacy is breached: from finding out that you have a boat loan that you didn’t know about to having your naked photos all over the web to being thrown in jail because the government doesn’t approve what you have to say. It’s important to take appropriate measures to protect yourself, but what is appropriate for you really depends on the kind of secrets you have to keep and the kinds of threats you need to protect against.

Let’s consider three people who care about their privacy, and steps they should take to keep their stuff private:

Lisa Monroe

Lisa Monroe lives in Madison, Wisconsin. She is a college student with a part-time job.  She just got her first credit card, and just started going steady with a boyfriend.

Lisa doesn’t have many secrets to keep, but she is worried about fraud to her credit and debit cards and the naughty pics she trades with her boyfriend Brad.

To keep her finances secure, Lisa signed up with the free app WalletHub to keep track of her credit score and uses Clarity Money to monitor her spending and make sure there are no unauthorized charges.

To keep her private photos private, Lisa only sends them using Snapchat, which prevents photos from being saved and notifies her if someone takes a screenshot. She also has enabled a passcode on her iPhone, which she knows is automatically encrypted, so that thieves can’t access her information if it’s lost.

Lisa also uses a password manager, LastPass, which generates a random unique password for every account she keeps so that when the buggy website her college uses is hacked, the stolen passwords can’t be used to login to her bank account.

Andrew Stephens

Andrew Stephens lives in a penthouse facing Central Park in a Manhattan high rise. Andrew was a construction worker when he purchased 1,000 Bitcoins on a whim in 2012. They are now worth $7.2 million, allowing Andrew to massively upgrade his lifestyle. Andrew is obviously worried about the security of his Bitcoin stash, but he’s also concerned about unauthorized transactions on his American Express Platinum card from that club he gets bottle service at. He likes to go diving in Cabo San Lucas and doesn’t want his wealth to leak out, lest he is held for ransom.

Like Lisa, Andrew uses WalletHub, LastPass, and has a security code on his iPhone.

To keep his Bitcoin stash secure, Andrew stashes it on a Trezor. He encrypts all MacBook and Time Machine files using FileVault.   He uses multi-factor authentication with LastPass Authenticator to sign in to his email and bank accounts.  To monitor his financial status, he uses Personal Capital, where he tracks spending on all his accounts.   He uses a YubiKey physical security token to log into his MacBook and lock it when he steps away, so that criminals cannot install a keylogger on it when he leaves it at home or in a hotel room.

Andrew is investing in a Hong Kong startup making an ASIC cryptocurrency miner. When he goes to China, he uses a phone and cheap laptop that he keeps just for travelto protect against both Chinese industrial espionage and the TSA. He wipes the phone and laptop clean just before boarding his flight back to the USA.

Andrew’s home is protected by a home security system with remote cameras he can access anytime.

Zhao Gong

Zhao Gong Li lives in Beijing, China. She works as a lawyer who represents people defending themselves against government-backed property development companies who try to take their family plots without proper compensation. She is worried about the local police ransacking her home to find or plant incriminating evidence as well as spying on her Internet activity to spy on her communications with her clients. Zhao is helping a European NGO to produce a documentary about illegal land seizures in China and does not want the government to find out about her involvement.  She also needs to access the Internet outside China’s firewall for her research.

Zhao’s router is an RT-AC86U router running the Asuswrt-Merlin custom firmware. Whenever she wants to go online, she firsts connects her router to a private VPN service that she pays for with Bitcoin. Zhao keeps all her data on an external hard drive that she encrypts with VeraCrypt. She copies the hard drive at her friend’s apartment once a month in case it is confiscated, and keeps it in her purse at all times. Zhao has a Windows laptop, but the operating system on it is just a decoy used for personal entertainment. She has a tiny encrypted Ubuntu Linux USB flash drive in her makeup case that is her work operating system.

Zhao’s web browser has the extensions HTTPS Everywhere, AdBlock, and ScriptSafeto protect against malicious websites hijacking her computer. She covers up her webcam and the microphone port on her computer.  When she visits her clients, she turns off her smartphone and uses a burner phone with an anonymous sim card she replaces monthly from a street vendor.   Like Andrew and Edward Snowden, Zhao uses the Signal for messaging.

As you can see, your security needs depend on the threats you need to protect against.  Find a balance between security and convenience that is appropriate for your life.  Trying to implement too many security measures will create a lot of extra work and frustration and tempt you (or your kids or employees) to bypass the protections entirely.  Nevertheless, there are some common steps that apply to everyone.  Use a device that is encrypted by default (such as the iPhone) with a long passcode.  Use a password manager to avoid reusing passwords.  Don’t share confidential information (or photos) with people who you don’t trust.    Monitor your financial status.  A few simple steps will protect from becoming yet another victim of the most common online security threats.

Originally published on FEE.org

Three lies the government is telling us about why it wants to backdoor our security

 
First, the US government works against the security of businesses. Just this week, I had to tell Apple that my iPhone app did not have certain kinds of encryption that the U.S. government has export control on. Encryption export controls cripple the security and innovation of software products made by American businesses.  
Furthermore, the U.S. government hoards software exploits so it can hack into your computer rather than publish them that so companies can patch their products.  The NSA intentionally sneaks weaknesses into protocols and bribes businesses to add holes to security products so it can steal the data of their customers.
When businesses want to improve the security of their products, they offer rewards for exploits – Microsoft pays up to $250,000 per exploit, Facebook has paid $40,000, and so on.  The NSA purchases millions of dollars of exploits from hackers, and uses them to spy on the entire world, including U.S. citizens.  Unfortunately, the NSA is incompetent at keeping secrets, so it lost their exploit database and caused millions of computers to be infected and hijacked with the exploits they hoarded.
The hardware and software pieces of both the Internet and individual user’s computers are made by private companies.  There is nothing the U.S. government can do to improve “cybersecurity” other than prosecuting criminal behavior.  However, the U.S. government prosecutes a minuscule proportion of cybercrime.   Whether it is unable or unwilling to punish criminals, the reality is that the only “cybersecurity” that the government cares about is its ability to conduct surveillance and attacks on foreign and domestic political targets
 
Second, the idea that “strong security” is compatible with a government backdoor is a lie. Any security expert can tell you that a backdoor leaves your product vulnerable, even if you trust the government agency with the key. Previous backdoors advocated by the US government have been blown wide open by security experts.  There is near-universal agreement among security experts than government backdoors and security are not compatible – a reality than the DOJ continues to ignore.
 
Third, it is not true that the government wants to weaken American’s security to protect against crime or terrorism. Their real motivation has always been power and money: they want to monitor the flow of information in order to prevent people from hiding their wealth and use their secret keys and vulnerability stash to intimidate and blackmail other countries into compliance with U.S. policies.  This is why the U.S. intelligence budget of over $75 billion dollars did not prevent most American’s personal details from being leaked, but U.S. citizens who do not report foreign bank accounts (under FACTA) can be fined $250,000 or 5 years in jail even if they have never stepped foot in the USA.

Apple’s environmentalist bragging misleads the public

Apple has published a Paper and Packaging Strategy whitepaper in which it brags about eliminating a few grams of paper and plastic from iPhone product packaging and announces technological innovations in eliminating plastic and replacing it with robust wood-derived packaging.  While Apple should be commended for their leadership in this space, Apple’s environmentalist messaging is nevertheless dishonest both in regard to Apple’s overall priorities and many of their specific claims.

Missing the forest for the trees

While Apple brags about eliminating a few grams of paper from its product packaging, it often forces consumers to throw devices in the dumpster prematurely by making them very difficult to repair or upgrade.  These computers and phones are made from precious and rare materials that cost much more than cardboard to procure, not only in terms of raw material cost but also the environmental impact of manufacturing and the human labor involved in processing all the components into a finished product.   Apple chooses to build its products in a way that makes upgrading them impossible, even though it could easily, and in fact used to be far more accommodating to customers who prefer to upgrade their electronics rather than replace them wholesale.

Apple’s shift toward non-upgradable, non-maintainable products

Let’s take my own Apple product history as an example:

My first Apple purchase was a 2008 Unibody MacBook.  Over the next five years, I upgraded the memory from 2GB to 6GB, and replaced the slow spinning hard drive with a solid-state drive.  I replaced the battery (3x), the power adapter (3x), the speakers, and the DVD drive.   In late 2013, I replaced my aging MacBook with a new Retina MacBook Pro.  It has non-upgradable hard drive and memory that is soldered to the mainboard, the battery is firmly glued in place, the display assembly is bonded into a single unit, and proprietary pentalobe screws discourage me from opening it at all.  I replaced that computer in 2016, only three years later because I had filled up the hard drive and decided to upgrade to a new computer.   My new, maxed-out MacBook Pro with Touch Bar cost just about $3000.

Of course, I don’t really need a new $3000 computer.  I could have gotten along just fine with something much cheaper.  Nevertheless, that $3000 represents a significant investment in raw materials, energy, human labor, and of course human ingenuity from the brilliant engineers in Cupertino.   There is nothing wrong per se with buying the latest and greatest Apple gadget, but if Apple had invested a minimal amount of its research into retaining upgradable storage, I could have kept my previous model for several more years.

Recycling is not the panacea that Apple presents

I am just one case of millions who contribute to e-waste caused by non-upgraded and difficult to repair products.  While Apple celebrates recycling, the reality is that 60% of e-waste ends up in landfills, and even when a product is recycled, most of the energy and material resources used to create it cannot be recovered.

Only a fraction of the materials in a typical gadget can be recovered, and it is just as likely to end up in a landfill somewhere in Asia or Africa.  Separating electronics and other kinds of consumer waste is highly labor intensive, with thousands of different kinds of plastics alone.  This is why the majority of recycled material is sent to China, which does not have minimum wage laws that make recycling unprofitable in Western countries.

The real reasons why Apple products are non-upgradable

Apple has legitimate business reasons to force customers to buy expensive new hardware on a regular basis rather than allow them to keep upgrading and maintaining it.  Obviously, buying a new product directly from Apple more frequently results in better profits.  There are other good reasons why Apple might want a shorter product cycle:

  • Newer products provide a better user experience, one which consumers experience during the life of the product, as opposed to the one-time expense of buying.
  • Non-upgradable, non-maintainable products are cheaper to manufacture and easier to support since Apple does not need to carry replacement parts, train its staff, or worry about old or odd hardware configurations.
  • In some cases, non-upgradable products can be made smaller, since modular components add bulk — though Apple sometimes makes components non-upgradable even when there does not seem to benefit from miniaturization.
  • Apple makes more money selling entire devices than parts:  parts for upgrades are often made by third parties and repairs are often performed out in cheaper repair shops rather than Apple stores.

Apple misleads about it’s “green energy” usage

Another egregious misleading claim from Apple is that its data-centers are powered by “100% green energy.”  First, 70% of the energy used by a typical laptop is consumed during its manufactureAccording to Apple itself,  only 17% of the energy used for its devices come from product usage.  The rest comes from manufacturing, transporting and recycling.

What’s worse is that Apple’s claim that 100% if the energy used to power data centers comes from renewable energy simply isn’t true.  As Don Carrington writes in Carolina Journal, “California-based Apple promotes its 500,000-square-foot data center in Maiden, N.C., by saying it runs “100 percent” on renewable energy even though the facility continues to get all of its electricity from Duke Energy, a public utility that primarily generates electricity using coal, nuclear power, and natural gas.”

As Alex Epstein explains,  Apple pays other energy users who derive a fraction of the energy usage from renewable energy to “credit” their renewable consumption to Apple.   For example, a factory which gets 5% of its energy from wind power will “credit” that wind power to Apple, and Apple credits some of their coal-powered data center usage to the factory:

Apple’s flagship data center in Maiden, NC, for example draws from the local Duke Energy grid with 51% nuclear power, 38% coal power, and less than 1% renewable sources in 2014, according to the latest report by Apple.

The average percentage values for the local grid power available to Apple’s data centers as disclosed in the report for 2014 include 34.8% coal, 22.3% natural gas, 18.3% nuclear, and only 10.6% renewables

This kind of twisted accounting is a fraud is only acceptable in environmental impact statements and government budgets.

The policy impact of misleading claims on the environment

Despite the above criticism, I am a loyal Apple customer and plan to keep using their products.  I also think that Apple has legitimate reasons for intentionally crippling the upgradability of their products.   Furthermore, Apple devices are highly durable and enjoy a rich repair and reuse ecosystem independent of Apple’s support or sanction.  Even completely broken Apple laptops and phones can be resold for hundreds of dollars because third parties have created their own repair tools and parts, and small shops in developing countries are happy to fix and resell your broken iPhone.

Apple is welcome to make its products in any way it chooses, but its messaging is dishonest and misleads the public about broader policy issues.  Specifically:

  • Apple, like all other manufacturing industry, currently depends on non-renewable energy such as coal, nuclear, and natural gas.  We are much farther from a fully renewable economy than Apple’s messaging seems to suggest.
  • The majority of the energy usage of electronic goods happens during production, and recycling does not recover any of the energy used to make a product or the majority of its raw materials.  Furthermore, recycling is not nearly as comprehensive or efficient as the public believes.
  • Apple can be actively hostile to consumers ability to repair their products.  For example, it does not publish repair manuals and makes repairs more difficult with proprietary screws.   Even worse, many companies use copyright law to prevent consumers from being able to share repair manuals or device firmware.
  • Human labor is one of the major ingredients of high-end electronics, and recycling not only fails to recover it but adds to the labor cost of products.

If Apple really wants to lower its environmental impact, it should encourage reuse rather than just recycling of its products and contribute to an honest discussion of energy usage.

Rabbits Won’t Save Venezuela from Going Hungry

President Nicolas Maduro wants Venezuelans to breed rabbits to solve the economic disaster he and his predecessor Hugo Chavez created, which has led to millions of formerly middle-class Venezuelans starving, begging on the streets, and giving up their children.

“The rabbit isn’t a pet, it’s only two and a half kilos of meat,” Maduro said, “the first part of Plan Rabbit moves forward!”

Unfortunately, his plan had an early setback: people began keeping the rabbits as pets instead of eating them. It might seem strange that people who are starving would rather feed rabbits than themselves, but I know what that’s like: my family also tried raising rabbits to deal with the economic disaster that is Communism and it didn’t work for us either.

In the mid-1980’s, I lived with my parents in Ukraine, back when it was a part of the USSR. Although we were not so badly off, our grandparents remembered living through a period of starvation and cannibalism, and no one wanted to be dependent on the bread lines. Many people, including city dwellers, would have a small plot of land to grow vegetables to supplement their rations and feed them through periodic shortages.

Until the government seized our land and resettled us into state housing, the family plot that my family had lived on for generations was used to raise a variety of vegetables, goats, and chickens. At one point, my dad decided to raise rabbits for their meat and fur. He was an electrician, not a farmer by trade, but raising rabbits is easy enough: just built a hutch, and throw food scraps and weeds in every now and then.

Unfortunately, processing rabbits for food and fur is a different matter: not only are rabbits cute but butchering a rabbit carcass is a lot of work! The rabbits must be killed, drained, skinned, and systematically butchered with very sharp knives, then the hide must be properly tanned. While rabbit meat is delicious, it’s also very low in fat, which sounds great if you want to lose weight, but not so in a starvation situation. Rabbit meat is so low in fat, protein, and nutrients essential to humans, those trying to survive exclusively on it can still starve to death.

If you are already in a starvation situation, it is much more efficient to take any food you were planning to feed the rabbit and either eat it yourself or use it as fertilizer for plants. I disagree with PETA on a lot of things, but they are right to say that eating plants is far more efficient than feeding plants to animals, and then eating those animals – as much 90% of energy is wasted in the process. We eat meat as a luxury, or because our primitive ecosystem is not capable of growing plants that we can eat directly.

While it’s clear that rabbits are not a good choice for a country on the edge of starvation, it’s less clear why Venezuelans are keeping them as pets – where do they get the food to feed the rabbits, and why don’t they eat it themselves?  This detail reveals an essential aspect of how Chavez, Maduro, and other socialist leaders remain in power: the people getting the rabbits are unlikely to be starving.

In a socialist economy, the central planners decide who gets the economic output that they seize from the producers. Last year, for example, it was reported that, in Venezuela, “solidarity bags” of food were distributed exclusively to socialist party members. The recipients of the rabbits are supporters of the regime, while those starving and the millions marching in the streets represent the majority who lack the political connections to get their own supply of rabbits.

As for my own family’s rabbits, we all had such a fun time playing with them that my dad didn’t have the heart to kill them when it came time to harvest. We didn’t have the surplus food to feed them either, as “pet food” was a capitalist luxury, so one day, our rabbit hutch disappeared, and some other farmer served them up as rabbit stew.

Originally published on FEE.org

Six People Who Were Rescued by Crowd-Sourced Legal Advice

The legal system is a mysterious and forbidding institution to most of us. This leaves us vulnerable to both private and public abuse when we either have no choice but to plead guilty to a criminal charge, or have no idea how to use the law to right wrongs against us.

Fortunately, the sub-reddit /r/legaladvice has been a life-saver (sometimes literally) to thousands of people who either cannot afford a lawyer, or are even being victimized by their own lawyer.

Exhibits A-F

Here are just a few-example of people the /r/legaladvice community helped:

A woman was told to document her sexual assault by her boss, which led to his conviction not only in her case, but also in a prior rape.

A man who thought his landlord was stalking him discovered that he had a deadly carbon monoxide leak that nearly killed him after a brilliant deduction from a Reddit comment.

A father was able to get custody of his baby daughter that his ex wanted to give away for adoption by following the community’s suggestion.

A man who came home from a one week vacation to find a squatter living in his house was able to kick her out without an extensive legal process by following suggestions from /r/legaladvice.

A man who was nearly killed by a drunk driver was hounded by a $40,000 bill before Reddit helped him discover that the charges were bogus, and those responsible were charged with fraud.

A parent whose adult daughter unexpectedly died was guided through the process of arranging her funeral and estate in the midst of their grief.

The restrictions on legal advice make it difficult for many people to get competent legal advice.

One of the consequences of the licensing of professions is that it is now illegal to offer professional advice unless you are licensed in that industry. For example, the state of Oregon fined an engineer because he criticized the timing of traffic in an email without having the right engineering license. Likewise, it is illegal to provide individual medical advice without a medical degree, illegal to accept payment for financial advice without being a registered financial adviser, and illegal to provide legal advice unless you are a member of the bar. Even if you are a lawyer, offering free legal advice to strangers on the Internet is problematic if it establishes a client-attorney relationship and enables the “client” to accuse you of malpractice or threaten your bar license.

Objection!

While it is legal to state the law, it is not legal for non-lawyers to apply facts to specific situations.

The restrictions on legal advice make it difficult for many people to get competent legal advice or pursue justice when they have been wronged. It often takes thousands of dollars in legal fees to defend oneself or pursue a civil claim. Poor people who have been victimized often don’t have those funds, and for everyone else, it’s just not worth it when the amount at stake is small. Many of us have been defrauded for small amounts during our lives, but few have the expertise to file a claim in small claims court.

The essential service that Reddit’s /r/legaladvice provides is in a state of limbo: while it is legal to state the law (“legal facts”), it is not legal for non-lawyers to “practice law” by applying facts to specific situations.  Reddit’s community works around these rules by requiring anonymity from both the those asking questions and answering them on /r/legaladvice and banning the sharing of personal information.

Still, if the monopolistic institutions who control access to the practice of law decided that /r/legaladvice is a competitive threat, they may well bully Reddit into shutting down the community, despite its rules and lengthy disclaimer – likewise with /r/AskDocs/r/AskEngineers, and any other community which dispenses advice that is regulated by professional licensure.

Originally posted on FEE.org

The Real Scandal Is the EPA’s Diesel Policy, Not Volkswagen

You’ve probably heard about the Volkswagen emissions scandal. The official story is that engineers at VW faked emissions test results to meet EPA requirements. VW made it appear as though its diesel engines produced fewer pollutants while being tested than they actually produce on the road. When independent testers identified the issue, VW was forced to fix 11 million vehicles, and pay over $7 billion in fines, refits, and buy-backs. This much is true.

However, that’s not the full story. VW cheated because the EPA introduced an ultra-stringent emissions standard with the expectation that automakers would invent compatible technology. VW engineers faced intense pressure to invent suitable technology before the deadline.

The rigid EPA regulations reduced some types of pollutants while creating more of others, and forced a radical environmentalist agenda, set in California, to shape the design of cars for a global market. The EPA rules drastically increased the cost of diesel vehicles, forcing trucking companies to install $20,000 pollution control systems, and driving up costs for all American consumers.

Furthermore, the scandal exposed the incompetence of the EPA in regulating the auto industry, as the $8 billion agency missed what a professor and two students easily discovered.

Finally, and perhaps most regretfully, the EPA regulations harmed the diesel market, which produces vehicles that are both more efficient and cleaner than petrol vehicles.

The EPA’s Unrealistic Expectations

The new United States “Tier 2” rules were set in 1999.They were based on California’s LEV-II ULEV standard with a “phase-in” period from 2004-2009. Environmental regulations in the U.S. and Europe typically use a “phase-in” period so that manufacturers have time to invent technology that meets the more stringent environmental rules.

This is pretty fantastic if you think about it. Every few years, a committee of bureaucrats decides that your car, dishwasher, toilet or vacuum should produce less pollution, and demand that the manufacturer invent technology to make it possible within “X” years. This works so long as the demand is physically and logistically possible – or until it’s not.

Students Are More Efficient Than the EPA

Two scientists at West Virginia Universitydecided to test whether the EPA’s testing matched real-world performance. They expected test results that were very close to the official standards. And with two students in the car, they put 2,400 kilometers on a VW Jetta by driving it from Los Angeles to Seattle and back again.

To their surprise, they found that the Jetta produced more than ten times the allowable NOx levels. NOx refers to a family of mono-nitrogen oxide particles, which produce harmful effects like acid rain and ozone in high concentration. Significant sources of NOx include lightning (8.6 million tonnes/year), fertilizers, coal power plants, and fuel used for transportation.

The scientists found that VW cars produce more NOx than permitted by the 1999 EPAregulations in real-world driving. But they could also detect when tests were conducted under laboratory conditions and artificially lower emissions. This confirmed what millions of VW owners already knew: their VW diesel cars had much higher fuel mileage than the EPA stickers stated. The scientists reported their findings to the EPA, forcing the agency to open a formal investigation that led to a global recall.

EPA Policies Encouraged VW to Cheat

Why did the VW engineers feel the need to cheat on their emissions tests? Remember that the EPA regulations for the California-based NOx standard was issued in 1999, with a five year standard.

Our environment has an infinite number of variables affecting the quality of everyone’s lives.

VW struggled to meet the new standards with a series of designs, but it was forced to suspend sales of current diesel in 2007. Finally in 2008, it announced new Clean Diesel cars which were able to win numerous “green” awards thanks to the emission-cheating software.

Why was VW the only automaker to cheat its emissions? Most automakers only have one or two high-end diesel vehicles in their lineup so they could take the additional costs and lower fuel efficiency caused by the new standard. Over 30 percent of VW vehicles were diesel however, so they probably felt that they could not comply with the new regulations. At least not without a major hit to either profits or sales.

In order to reduce NOx output, petrol cars use devices such as catalytic converters, which have greatly reduced pollutants from cars since 1975. Because diesel engines have a higher oxygen output, they don’t work nearly as well. As a result, other technologies have been introduced, such as exhaust recirculation systems, urea-based exhaust treatments, lowered engine temperatures and electronically controlled fuel injectors. All modern vehicles are essentially sophisticated computers which continuously monitor many engine parameters and optimize for both engine efficiency and pollution output under legal standards.

There is a trade-off: minimizing exhaust pollutants takes energy which can be used to move the car, so for a given power output, the more NOx a car produces, the more efficient it is. Efficiency can be measured in both mileage and CO2 output, so when the EPA mandated lower NOx production, they effectively lowered fuel efficiency and increased CO2 output.

VW was forced to choose between delivering clean but underpowered and inefficient cars, or cheat in lab tests and deliver power and fuel efficiency on the road. They sided with the drivers over the EPA.

New Regulations Increased Gas and Product Prices

Most people assume that new EPA regulations are good for the environment. But this is far from being absolute.The “environment” is not a single metric, but our entire planet, and with an infinite number of variables affecting the quality of everyone’s lives. When a committee of EPA bureaucrats bowed to political pressure and passed new NOx regulations in 1999, they considered only a single variable: the amount of NOx pollutants produced by diesel vehicles in the air. NOx is harmful to animals, so the fewer the better. (Plants, on the other hand, turn it into nitrogen and use it as fertilizer).

While minimizing harmful chemical in car exhausts is important, it’s not free. The emission control systems lower the fuel efficiency of cars (generating more CO2) and require complex and exotic technologies. Catalytics converts are made of precious metals such as platinum, palladium and rhodium. Diesel emission reduction technology that can comply with the new EPA demands requires complex and immature new technologies that raise costs and require more frequent maintenance.

An emission control system for a commercial truck can cost $20,000 and requires regular and expensive maintenance. The increased transport costs raise the cost of everything in our economy – from your Amazon Prime subscription (which pays for package shipments) to the gas fuel (brought in by gas tankers). For example, take a company like Flying J, which sells 7 billion gallons of fuel each year. They need over 1500 trucks to deliver that fuel, and each one requires a $20,000 pollution control system.

How much is a marginal difference in air quality worth to you, if a miniscule increase in pollution meant improved living standards for everyone? This is a valid question, but the EPA’s (and California’s) blanket stance that all pollution is bad, and internal combustion vehicles must be eliminated from existence leave no room for a cost-benefit analysis.

The EPA’s Solutions Hurts People and the Environment

Here is what actually happened when environmental activists forced the EPA to make US diesel standards the highest in the world:

  • Some companies cut diesel engine production because it was too much trouble to comply.
  • Some companies cheated and got caught, putting their entire business in jeopardy.
  • Individual diesel owners who care about the superior performance and efficiency of diesel engine hacked their cars, bypassing EPA regulations.

Hacking a diesel car is not hard. Because modern cars are computers on wheels, owners who want an efficient and high-performing engine can get it tuned from a friendly mechanic. If they live in a state which requires inspections, the hack can be turned off as needed. Other owners change out to a non-stock thermostack to burn the fuel hotter (and a bit dirtier), or bypass exhaust recirculation systems entirely. These owners are not out to destroy the environment – they just want a fuel-efficient vehicle, or to haul their trailer, or climb a mountain road.

The real shame in this story is that diesel’s reputation has been sullied despite its superiority for many applications. Diesel engines have lower RPM at peak torque, allowing them to remain efficient at high altitudes or hauling heavy loads. They require service at longer intervals (and commercial truck engines can last a million miles with proper maintenance), and are typically more efficient and higher-mileage than petrol engines.

Originally posted on FEE.org

Five common errors made by abortion critics

Opponents of abortion (those who oppose a woman’s right to abortion and those think it is merely immoral) typically make five kinds of logical errors:

1: The seen and the unseen:

Abortion opponents see the fetus which was aborted but ignore the good things that the abortion made possible. These include the mother who is free to pursue her life goals and the lives of the children who are born into families that want and are ready for them. The decision to have an abortion is not arbitrary: it’s a choice the mother makes because she believes that she and her future children will have a better life by delaying childbirth. Extensive research confirms that abortion improves the lives of mothers and their future children. More importantly, no one, and certainly no politician is more qualified or morally justified to decide what will lead to a better life for a mother and her family.

A world without abortions is not a world with more children — it is a place with children born to parents who are not psychologically and financially ready for a life-long responsibility. Children who are born to loving parents who welcome them to the world and are prepared to care for them are far more likely to grow up into successful, mature adults. This is why protecting the right to abortion is one of the most effective ways of reducing abortions!

This failure of the imagination is known in economics as the Broken Window Fallacy – we see the economic activity created by the need to repair a broken window, but do not see the goods that can no longer be bought because they were redirected to fix that window. Likewise, we see the children who are products of unwanted births, but we don’t see the children who never had a chance to be born into a family that wanted them. Instead, countries that ban abortion deal with higher rates of single-parent families, poverty, and crime.

2: Genetic determinism:

Abortion opponents equate a human being with his genetic legacy. To them, an aborted fetus represents a lost potential life, with all its richness. But the inherent value of a human life is not determined by our genes, but the interaction of our genes with the environment we grow up in, especially the ideas and culture we are exposed to. A fetus is only a part of the recipe for a human being. A human being is not merely a biological machine, but a rational animal, with a rich internal life. We can argue when that mental existence becomes a possibility, but it is certainly closer to birth than conception.

To take a sci-fi scenario, a fetus grown into a brain-dead grown adult in a vat is not a full human being either. Human beings are the synthesis of biology and culture. Theists often talk of the fetus as having a “soul”, but whether you believe in genes or a mystical essence, the error is the same.

3: Potential vs actual:

A fetus is a potential human being, not an actual one. The ingredients for a cake on a table cannot be called a cake. A seedling is not a tree. A fetus is a potential human being and only becomes one under specific biological conditions.

The distinction is especially clear early in the pregnancy: a blastocyst is a microscopic clump of cells, physically almost identical to the fetus of any other mammal. To say that a bit of protoplasm is a human being ignores the essence of what a person is: an independently functioning rational animal.

A human being can exist without an exclusive biological dependence on a host, intentionally interact with its environment, and possess the basic attributes of cognition. A fetus lacks these attributes. True, a newborn infant is entirely dependent on others for its continued survival, but this is a relationship, not a biological necessity. Virtually everyone in a civilization would soon die without the cooperation of others, but these are contractual relationships, not biological dependencies. A baby can be adopted by a willing family, a fetus cannot.

The moment of birth presents a clear physical, biological, and psychological point when a parasite (as an analogy, not a derogatory term) becomes a metaphysically independent being.

4: Continuum fallacy:

This is the logical fallacy of denying that a distinction exists because there exists a continuum. For example, there is no clear distinction between a stubble and a beard, yet the existence of unclear cases does not invalidate our ability to identify someone with a beard. Likewise, difficulty in identifying the exact instant that a fetus becomes a human being does not mean that there are no clear differences between a fetus (say, a single-celled ovum just after fertilization) and a clear example of a human being (an infant, or you and me).

We can acknowledge difficulty, and err on the safe side for moral or legal reasons, but we need to base our conclusions on facts, not arbitrary religious doctrine. I outlined what I believe are the relevant facts in the “potential vs actual” section above. By contrast, I think that the act of conception meets no reasonable criteria, especially at the beginning of the pregnancy. As I detailed, a fertilized ovum is not metaphysically equivalent to a human being, and only begins to approach that status towards the moment of birth, which firms an unambiguous epistemological and therefore legal distinction. (We can argue about the ethics of late-term abortion, but they are a red-herring in the debate the meaning of conception.)

5: False dichotomy between moral absolutism and subjectivism

A false dichotomy is a false alternative between an either/or situation when an additional position exists. In regard to abortion, the dichotomy is this:
“Women must be responsible for their sexual choices and forced to bear children they do not want in order to preserve traditional marriages, families, morality, religion, or another value. Either we hold people responsible for their choices or anything goes.”

There are two false dichotomies in regard to abortion:

First, there is no fundamental conflict between women leading moral lives, raising families, and observing religious beliefs and the practice of abortion. There is no inherent conflict between these concepts. Of course, some religious groups claim that abortion goes against their tenets, but there is no fundamental conflict between these practices, and indeed many religious groups allow for abortion with no ill effect to their basic tenets. More importantly, there is no fundamental conflict between living a virtuous life and abortion, whether individually or as a society. In Western countries such as Germany, France, and Australia, abortions are widely practiced and accepted, and yet are completely incidental to their moral qualities.

Second, there is no conflict between a lifestyle which separates sexuality from parenthood and healthy, loving, responsible families. Modern society has provided men and women with safe and effective technologies that separate sex and childbirth — condoms, birth control pills, emergency contraception, and as a last resort, abortion. These tools liberate women by allowing them to enjoy fulfilling sexual lives for the first time in human history.

While independent women with sexual agency are a threat to those who wish to force them into their vision of a woman’s role in society, there is no reason that women who desire sex for reasons other than childbirth are incapable of healthy and responsible relationships, marriage, and child-rearing.  Having sex for pleasure without the risk of a lifelong obligation does not preclude women and men from forming healthy romantic relationships.  Even abortion critics must accept this – or require a fertility test before any couple is allowed to have sex or marry.  What about those who are infertile or past menopause?

Allowing women to choose when they are ready to raise a child greatly improves the likelihood of raising children in stable, loving families. Children should not be a sacrificial obligation which women must be forced into, but a personal, selfish choice that parents pursue because it will bring joy and a multitude of other benefits into their lives.

This is the real reason your iPhone cables break

Apple products look great. Whatever else you think of the company, there’s little doubt that Apple uses high-end materials to create gorgeous and durable products. That’s true for just about everything Apple makes, with one glaring exception: the cables.

It’s common knowledge that Apple cables begin to disintegrate after about six months of regular use. This has been a constant across many different devices – MacBook, iPhones, and adapters, and over the course of many generations of product. My first generation iPhone had a cable that fell apart in 2009, and my iPhone 6 cable disintegrated less than a year later too.

This issue has created an entire industry of third party Apple cables, and another industry of hacks (see SugruApple cable protectors) to keep cables from disintegrating. Somehow, third party Apple accessory manufacturers have no problem making cables that are far more durable than Apple’s. There are websites with buying guides for replacement iPhone cables which are both good looking and far, far more durable. As a committed Apple family with multiple MacBooks, iPads, and iPhones, we’ve eventually replaced all our OEM Apple cables and found alternatives which have survived in pristine condition for years now.

Why can’t Apple use its billions to create a cable that won’t fall apart?

There are several explanations offered for Apple’s apparent incompetence in cable design, but one stands out: Greenpeace. In 2009, Greenpeace successfully lobbied Apple to remove PVC from their cables with their “Green My Apple” campaign. PVC is Polyvinyl chloride, or just vinyl, the world’s third most popular plastic polymer. Ever since, Apple has bragged on their Environment page that all their products are PVC free.  Third-party cables on the other hand inevitably mention PVC construction.

I am not a chemical or environmental engineer, so I cannot definitively tell you whether Apple’s decision is scientifically sound. What I do know is that PVC is one of the world’s most common chemical products. In the USA, it is used for 66% of drinking water delivery pipes, most electrical cable insulation, waterproofed clothing, vinyl flooring, and medical gloves. Not deadly-toxic stuff, in other words. Like any other plastic, I would not suggest eating it or breathing fumes from a fire, but it is otherwise safe.

So why did Greenpeace object to Apple’s use of PVC?  Their site is not clear on this other than vague references to “poison plastics,” and the difficulty of disposal. We used to think that plastics like PVC would remain in the environment for thousands of years, but we’ve since learned that there are bacteria and fungi that effectively eat PVC for dinner. In the past, lead-based stabilizers have been used in PVC, but suitable replacements are well established.

What has Apple accomplished with their PVC ban? Their reputation for making quality accessories has been ruined. Billions of broken Apple cables have been prematurely sent to the landfill. Billions of replacement cables will be sent to landfills when the gadgets they charge become obsolete. While Apple no longer uses PVC in their cables, many people now rely on cheap third party cables from China, which may use toxic chemicals like lead, arsenic, mercury, and brominated flame retardants.

The only winner from Apple’s PVC ban has been Greenpeace, while consumers, Apple’s reputation, and the environment itself have suffered. In 2007, Steve Jobs directly addressed Greenpeace’s campaign against Apple at a shareholder meeting:

“I think your organization particularly depends too much on principle and not enough on fact… I think you put way too much weight on these glorified principles and way too little weight on science and engineering. It would be very helpful if your organization hired a few more engineers and actually entered into dialogue with companies to find out what they are really doing and not just listen to all the flowery language when in reality most of them aren’t doing anything.”

Originally posted at FEE.org

How to prepare for the coming economic meltdown

Predicting economic recession is like predicting earthquakes.  It’s impossible to predict when the next Big One will hit.  However, unless the fundamentals of local geology have changed, we should expect the past to follow the same pattern as the future.  And the last time I checked, Southern California hasn’t turned into an island, and the Fed is still wreaking havoc with interest rates.  The smart thing to do is to earthquake-proof your house — and your finances while you can.

Are you ready the next recession to wipe out half of your net worth?   Can you survive a decimated stock market, the loss of your job, and sky-high interest rates?

But wait, you say.  Things are going great.  The markets are up 249% since 2009, unemployment is low, and Bitcoin just hit $4000.  Why the gloom?

Predicting economic recessions is like predicting earthquakes.  It’s impossible to predict when the next Big One will hit.  However, unless the fundamentals of local geology have changed, we should expect the past to follow the same pattern as the future.  And the last time I checked, Southern California hasn’t turned into an island, and the Fed is still wreaking havoc with interest rates.  The smart thing to do is to earthquake-proof your house — and your finances while you can.

The recession is overdue

Historically, bull markets have lasted an average of 30 months.  We’re now at 100+.  During the average recession, the market falls 35%, but given the duration of the current run-up, and the malinvestment caused by the lowest interest rates in history, 50% or more is not unlikely.

Read Mr Money Mustache for more on this.

The worst that could happen

Here are things that could happen when the Big One hits:

  • Your stocks will lose half their value
  • You will lose your job (or customers, if you run a business)
  • Loans will become prohibitively expensive

While all these things probably won’t happen to you, everyone should perform a stress-test.  If you were to lose your job or business for an extended time, would your family be OK?  What’s your contingency plan?

If your business model or job depends on the availability of easy money, you will need to scramble to find a new career.  Mortgages, student loans, and auto loans are in an unprecedented 12-trillion plus bubble.  I would not want to go into these fields right now.

How to prepare

This post by Richard Reis contains pretty much everything you need to know

  1. Don’t hold an all-stock portfolio.  When your portfolio is down 50%, you need to think about buying, not selling.  That’s hard to do when you need the cash ASAP.  Bonds are the most cost-effective way to protect yourself.   In a recession, keep your stocks, and sell bonds first.  If you have minimal liabilities and a secure job, this percentage can be quite low.
  2. Save money while you can.  Now is the time to build up your savings.  Use your salary, bonuses, etc to grow your portfolio.  Saving may be much harder when the crisis hits.
  3. Diversify into non-market assets.   Hold some of your net worth in assets which have minimal correlation with markets – gold, property, Bitcoin, etc.
  4. Build an emergency fund.   My emergency fund is held in corporate and government bonds earning about 4.4%.  With my brokerage debit card, I can sell them and get cash in my hands within a business day.  Because I have no debts of any kind and few financial obligations, it’s only enough to pay for a few months food and rent.

Bitcoin won’t save you

Some people have analyzed the lack of correlation between the traditional and cryptocurrency markets and concluded that Bitcoin can hedge you from an economic meltdown.   I don’t agree with this.  There is no reason to think that short-term market fluctuations should be related to the Bitcoin price, but long term, I expect a strong correlation between traditional and crypto markets.   One of the biggest drivers of the Bitcoin price are low worldwide interest rates, leading individual investors to bet on Bitcoin.   This works as long as people have money to spare.  During a recession,  people will be scrambling to get money to keep their businesses, homes, and cars afloat.  Because crypto markets are still a tiny share of the total economy, they will be quickly drained of most of their value.   Only a minority of the value of Bitcoin is regularly traded, so it would not take much to crash the price to a fraction of its value

What should I do in a recession?

  • Buy everything!  The best time to buy anything – stocks, houses, employees to grow your company, etc, is when prices are depressed.  If you have the cash, the depths of a recession are the best time to buy it.
  • Don’t buy anything!  Waiting for a recession to start saving money is a terrible idea, but that describes you, you should minimize your spending while you still have an income to build an emergency fund.
  • Maximize your savings rate.  I lost over 60% of my portfolio in 2008-2009 recession, but by aggressively investing much of the salary in 2009, I made it all back and set myself up for a lifetime of financial security.
  • Don’t panic!  While everyone else was selling in 2008-2009, I started scrounging up money to invest.  I started buying in January 2009 – and saw my portfolio go down another 15%.   But I held on, and made a 58% return that year.