Encrypt your MetaData

Prism BreakupEyebeamGabriella Levine

Gabriellalevine.com | gabriella.levine@gmail.com

Sunday, October 6, 13

http://goo.gl/yxS0Z3

Sunday, October 6, 13

1 hour

1. What does Metadata look like?

2. cryptographic protocols

3. See what’s happening on your network

4. Some ways to block your data

Sunday, October 6, 13

Protect your metadata.

1. Delete cookies

2. Alternate Web Browser & Online Storage

3. Your Documents (text, images...)

4. Chat / Skype / Twitter / Facebook / SMS

5. VPN / Little Snitch

Sunday, October 6, 13

Sunday, October 6, 13

Data about Data...

“electronic DNA”

What is MetaData?Sunday, October 6, 13

Where does it come from?Sunday, October 6, 13

Where is it kept?

1. In the “cloud”

2. On the client’s server

3. On your local machine (cookies)

4. The client’s client’s server

...where else?

Sunday, October 6, 13

NSA data centersSunday, October 6, 13

Bluffdale, UtahSunday, October 6, 13

MetaData Syntax

NISO categories of metadata: Structural, Descriptive, Administrative

Markup Languages : syntax to express metadata

Different syntaxes:XML, HTML, JSON, RDF, plain text...

Sunday, October 6, 13

MetaData Standards

ISO - endorsed Dublin Core

1. Title2. Creator3. Subject4. Description5. Publisher6.Contributor7. Date8. Type9. Format10.Identifier11.Source12.Language13.Relation14.Coverage15.Rights

Sunday, October 6, 13

What does it look like? Sunday, October 6, 13

TwitterSunday, October 6, 13

EmailSunday, October 6, 13

Cookies?Sunday, October 6, 13

What are cookies?

First party cookies

Third party cookies

Sunday, October 6, 13

Where is it stored?Sunday, October 6, 13

How does it get there?Sunday, October 6, 13

How to see my cookies?Sunday, October 6, 13

chrome://settings/cookiesSunday, October 6, 13

chrome://settings/cookiesSunday, October 6, 13

chrome://settings/cookiesSunday, October 6, 13

What with my cookies?

- Track how many people visit a website- Store Login / password info- E-Commerce sites store customer preferences - Easy checkout info- Sell your cookie info to telemarketers- Sell statistics

...all based on info you’ve input to an form online

Sunday, October 6, 13

Cookies across multiple sites?Sunday, October 6, 13

Chrome Incognito?

⌘-shift-N

Doesn’t store cookies to your local disk

Metadata is still stored on the client’s site

Sunday, October 6, 13

Delete cookies

Downsides?

-passwords-preferences-autocomplete...

Sunday, October 6, 13

How does it effect me?Sunday, October 6, 13

Advertisements (AdSense)Sunday, October 6, 13

AdvertisementsSunday, October 6, 13

AdvertisementsSunday, October 6, 13

AdvertisementsSunday, October 6, 13

Airline flights?

how else...?

Sunday, October 6, 13

Security Certificates

-Communication protocol over a network

-HTTPS vs. HTTP

-HTTP sends data as plain text

-HTTPS encrypts data with SSL (secure socket layer)

-HTTPS layers HTTP on top of SSL / TLS

Sunday, October 6, 13

SSL : Secure Socket Layer

-Perform authentications-Encrypt communications

-Uses a certificate-CA (certificate authority) has a private key

used to sign other certificates

-CA resources : Thawte, Verisign...-Free ones: CAcert, StartSSL, godaddy.com ...

Sunday, October 6, 13

RSA encryption

- SSL Certificates have a key pair: a public and a private key.

- These keys work together to establish an encrypted connection.

- RSA: an algorithm for public key encryption

Sunday, October 6, 13

Public key encryptionSunday, October 6, 13

Security certificate not trustedSunday, October 6, 13

Value = Trustworthiness

Anyone can create a key pair

Verisign makes DIGITAL CERTIFICATES, by signing public keys

This certificate is seen by my browser, which has a list of trusted providers

Trusted providers vs. not trusted providers (self-signed)

Verisign is expensive ($1000)

Sunday, October 6, 13

in Adium: View CertificateSunday, October 6, 13

in Adium: View CertificateSunday, October 6, 13

in Adium: View CertificateSunday, October 6, 13

in Adium: View CertificateSunday, October 6, 13

HTTPS everywhereSunday, October 6, 13

HTTPS everywhereSunday, October 6, 13

HTTPS everywhereSunday, October 6, 13

Metadata that is tracked

IP address to identify your general location

“We may also select advertising based on information about your computer or device, such as your device model, browser type, or sensors in your device like the accelerometer.”

http://www.google.com/policies/technologies/ads/

Sunday, October 6, 13

Some cool diagnostic toolsSunday, October 6, 13

IP Lookup: whatismyipaddress.com

Sunday, October 6, 13

whatismyipaddress.com/ip-lookup

Sunday, October 6, 13

Little SnitchSunday, October 6, 13

Little Snitch Network MonitorSunday, October 6, 13

Little Snitch ConfigurationSunday, October 6, 13

WireShark: what’s on your network?

Sunday, October 6, 13

Protect your metadata.

1. Delete cookies

2. Alternate Web Browser & Online Storage

3. Your Documents (text, images...)

4. Chat / Skype / Twitter / Facebook / SMS

5. VPN / Little Snitch

Sunday, October 6, 13

Shields

1. Firewall - protect your computer from data from the internet)

2. VPN (virtual private network - protect your data on the internet)

3. Little Snitch (protects your private data from being sent out)

Sunday, October 6, 13

FirewallSunday, October 6, 13

http://www.engadget.com/2006/05/30/how-to-build-your-own-network-firewall/

FirewallSunday, October 6, 13

VPN: Hotspot ShieldSunday, October 6, 13

Hotspot Shield: IP Hider MaskSunday, October 6, 13

Hotspot Shield: IP Hider MaskSunday, October 6, 13

Little SnitchSunday, October 6, 13

Alternate Online Storage

SpiderOak

Sunday, October 6, 13

Spideroak.comSunday, October 6, 13

Alternate Browsers & Networks

Tor (free software for enabling online anonymity through a network)

Duck Duck Go (an anonymous internet search engine)

Project Meshnet + cjdns (an encrypted network, with the goal of a sustainable decentralized alternative internet)

HyperBoria + cjdns (a global decentralized network, alternative internet)

Sunday, October 6, 13

duckduckgo.comSunday, October 6, 13

TorSunday, October 6, 13

TorSunday, October 6, 13

Project MeshnetSunday, October 6, 13

Hyperboria.netSunday, October 6, 13

cjdns.infoSunday, October 6, 13

evbogue.comSunday, October 6, 13

Mozilla’s DoNotTrackSunday, October 6, 13

Email

RiseUp

HushMail ($$)

Zoho ($$)

BlueHost ($$)

Thunderbird + Mozilla’s DoNotTrack option

Sunday, October 6, 13

mail.RiseUp.netSunday, October 6, 13

Thunderbird + DoNotTrackSunday, October 6, 13

Text files, photos, videos...

•Microsoft Office (Word, Powerpoint...)

•Adobe (Photoshop, Illustrator...)

Sunday, October 6, 13

XMP standard

Extensible Metadata Platform

Microsoft Office

Adobe

Sunday, October 6, 13

MS Word

•Your name•Your initials•Your company or organization name•The name of your computer•The name of the network server or hard disk where you saved the document•Other file properties and summary information•Non-visible portions of embedded OLE objects•The names of previous document authors•Document revisions•Document versions•Template information•Hidden text•Comments

Sunday, October 6, 13

Open Source Alternatives

•Gimp•Formulate Pro•Open Office•....

Sunday, October 6, 13

MS WordSunday, October 6, 13

MS WordSunday, October 6, 13

MS WordSunday, October 6, 13

Photos

•Your name•What type of camera•GPS location photo taken•Photo date / time•Size, formate •linked files•fonts•properties•copyrights•edit history

Sunday, October 6, 13

PhotosSunday, October 6, 13

Adobe BridgeSunday, October 6, 13

Adobe BridgeAdobe BridgeSunday, October 6, 13

Startup ScriptSunday, October 6, 13

Minimize metadata

MICROSOFT : http://support.microsoft.com/default.aspx?scid=kb;EN-US;290945

ADOBE: http://help.adobe.com/en_US/acrobat/X/pro/using/WS4E397D8A-B438-4b93-BB5F-E3161811C9C0.w.html

Sunday, October 6, 13

The downsides?

Not searchable

Sunday, October 6, 13

Chat ServicesSunday, October 6, 13

Adium.imSunday, October 6, 13

Link your accountsSunday, October 6, 13

OTR MessagingSunday, October 6, 13

Toggle EncryptionSunday, October 6, 13

Accept EncryptionSunday, October 6, 13

Chat OTRSunday, October 6, 13

G-Chat LogSunday, October 6, 13

GibberbotSunday, October 6, 13

ChatSecure for iOSSunday, October 6, 13

Twitter

•crabgrass•status.net

Sunday, October 6, 13

status.netSunday, October 6, 13

crabgrassSunday, October 6, 13

VoIP

Adium plugin for SKYPE:

http://www.adiumxtras.com/index.php?a=xtras&xtra_id=5011

ostel.co

Sunday, October 6, 13

The downsides?

•Alternate browsers?•Getting rid of your metadata on documents?

•Alternative social networks?•...

Sunday, October 6, 13

Why are these interfaces so shitty?

Sunday, October 6, 13

Small alternative browsers or networks? vs. working around current ones (chrome, etc.)Sunday, October 6, 13

Why open source?Sunday, October 6, 13

Encrypt your MetaData

Prism BreakupEyebeamGabriella Levine

Gabriellalevine.com | gabriella.levine@gmail.com

Sunday, October 6, 13

Immersion.media.mit.eduSunday, October 6, 13

Sunday, October 6, 13

Sunday, October 6, 13

Sunday, October 6, 13

XMPP servicesSunday, October 6, 13

Sunday, October 6, 13

XMPP.netSunday, October 6, 13

register an XMPP chatserver

Sunday, October 6, 13

Create New XMPP Sunday, October 6, 13

jabber.chaotic.deSunday, October 6, 13

jabber.chaotic.deSunday, October 6, 13

1. Now I know how to use Adium to encrypt my chats, and I use chatserver or gibberbot for sending texts, and I use Rise Up for gmail, but what can I do because everyone uses gmail still?

2. All of these platforms are messy and hard to use - can we come up with 3 solutions for better, more user friendly interface?

Sunday, October 6, 13