Protect your privacy online - 2016-09-17¢  PROTECT YOUR PRIVACY OFFLINE PROTECT YOUR...

download Protect your privacy online - 2016-09-17¢  PROTECT YOUR PRIVACY OFFLINE PROTECT YOUR PRIVACY OFFLINE

of 10

  • date post

    18-Mar-2020
  • Category

    Documents

  • view

    0
  • download

    0

Embed Size (px)

Transcript of Protect your privacy online - 2016-09-17¢  PROTECT YOUR PRIVACY OFFLINE PROTECT YOUR...

  • PROTECT YOUR PRIVACY OFFLINE

    PROTECT YOUR PRIVACY OFFLINE

    PROTECT YOUR PRIVACY ONLINE

    ADAM RICE, WWW.ADAMRICE.ORG

    This is not a talk about security. Protecting your privacy may or may not increase security as a side effect.

  • SURVEILLANCE INFORMATION WILL BE ABUSED: TO PEEP, TO SELL TO MARKETERS AND TO SPY ON POLITICAL ENEMIES — WHOEVER THEY HAPPEN TO BE AT THE TIME.

    PRIVACY PROTECTS US FROM ABUSES BY THOSE IN POWER, EVEN IF WE'RE DOING NOTHING WRONG AT THE TIME OF SURVEILLANCE..

    Bruce Schneier

    HTTPS://WWW.SCHNEIER.COM/BLOG/ARCHIVES/2006/05/THE_VALUE_OF_PR.HTML I want to start with a quote from Bruce Schneier

    a very well-respected security researcher and thinker. Wrote a prescient essay in 2006 that makes a strong argument that privacy is essential to a healthy full expression of our humanity.

    THE THREAT

    WHO IS WATCHING?

    ▸ Your ISP or VPN

    ▸ DNS provider

    ▸ NSA & FVEY

    ▸ Ad Tech companies

    ▸ Website operator

    ISP: their sysadmins (Snowden was a sysadmin), lawyers, etc. If you use a VPN, they see what your ISP would have seen.

    DNS: if you use custom DNS like OpenDNS or Google, they know your IP and every site you visit

    NSA: in some respects, easier to hide from them than other parties

  • THE THREAT

    WHAT INFORMATION IS AT RISK?

    ▸ Location (IP Address)

    ▸ Websites visited

    ▸ Data transmitted

    ▸ Login & Password

    Location: IP addresses are easy to locate geographically & to tie to a particular ISP’s customer

    Website visited: the domain name: nytimes.com or mlmug.org or adultfriendfinder.com

    Data transmitted: the pages requested, text or images you submit, the text or images you receive. Even things like where your mouse moves on a page, or text you type and subsequently delete or abandon (Facebook study)

    THE THREAT

    WHO CAN SEE WHAT? ISP (OR VPN) NSA AD TECH WEBSITE

    AD BLOCKER

    VPN

    TOR

    HTTPS

    EVERYBODY SHOULD BE RUNNING ADBLOCK SOFTWARE, IF ONLY FROM A SAFETY PERSPECTIVE …

    Edward Snowden

    HTTPS://WWW.WASHINGTONPOST.COM/NEWS/THE-SWITCH/WP/2015/11/13/WHY- EDWARD-SNOWDEN-THINKS-YOU-SHOULD-USE-AN-AD-BLOCKER/

  • AD BLOCKERS

    WHY BLOCK ADS & RELATED TRACKING?

    ▸ Saves bandwidth & speeds up page loads

    ▸ Ad networks can be used to serve malware through legitimate sites

    AD BLOCKERS

    WHY BLOCK ADS & RELATED TRACKING?

    ▸ Private companies record your online activity

    AD BLOCKERS

    HOW DOES AN AD BLOCKER WORK?

    ▸ Prevents your browser from connecting to advertising and tracking web servers, based on a variety of public lists.

    ▸ Reformats web page to avoid leaving empty ad space

  • AD BLOCKERS

    ADGUARD

    https://adguard.com/en/adguard-adblock-browser-extension/overview.html

    Safari: https://safari-extensions.apple.com/details/?id=com.adguard.safari- N33TQXN8C7

    Firefox: https://addons.mozilla.org/en-US/firefox/addon/adguard-adblocker/

    Chrome: https://chrome.google.com/webstore/detail/adguard-adblocker/ bgnkhhnnamicmpeenaelnjfhikgbkllg

    AD BLOCKERS

    WHO CAN SEE WHAT? ISP (OR VPN) NSA AD TECH WEBSITE

    AD BLOCKER

    Location Location Location

    Site Visited Site Visited Site Visited

    Data Data Data

    Login & Password Login & Password Login & Password

  • VPN

    WHY USE A VPN

    ▸ Your online activity is none of your ISP’s business

    ▸ Hide your location from sites you visit

    ▸ Bypass government Internet filters (when abroad)

    ▸ Protects all network traffic: email, messages, not just web

    ▸ Make the NSA work a little harder!

    Can allow you to bypass arbitrary geographical restrictions on content, government internet filters, etc

    Improves anonymity when you’re not logging in to a site.

    Note: Cookies can give you away to the sites you visit. The VPN provider will have access to all of your traffic.

    VPN

    HOW DOES A VPN WORK?

    WITHOUT VPN

    WITH VPN

    When using a VPN all of the traffic that leaves your device goes straight to the VPN provider and it's encrypted. This means that if an attacker is between you and your VPN provider they can't see what site you're visiting or what data is being exchanged. If an attacker is located between your VPN provider and the website you're visiting, they can see that there is traffic heading to the site, but not who it is from. — https://scotthelme.co.uk/vpn-security-privacy- online/

    CLOAK

    https://www.getcloak.com

  • THE THREAT

    WHO CAN SEE WHAT? ISP (OR VPN) NSA AD TECH WEBSITE

    AD BLOCKER

    Location Location Location

    Site Visited Site Visited Site Visited

    Data Data Data

    Login & Password Login & Password Login & Password

    VPN Location

    * Site Visited Site Visited Site Visited

    * Data Data Data

    * Login & Password Login & Password

    TOR (THE ONION ROUTER)

    WHY USE TOR?

    ▸ Your online activity is none of your ISP’s business

    ▸ Hide your location from sites you visit

    ▸ Bypass government Internet filters (when abroad)

    ▸ Make a statement that privacy matters

    ▸ Make the NSA work really hard!

    Tor is good at anonymity. It needs to be used in conjunction with HTTPS for good privacy.

    Provides privacy from: almost everyone.

    • it prevents somebody watching your Internet connection (your ISP, your ISP’s ISP, your government) from learning what sites you visit

    • it prevents the sites you visit from learning your physical location (and IP address)

    • https://www.eff.org/pages/tor-and-https

    TOR (THE ONION ROUTER)

  • TOR (THE ONION ROUTER)

    HOW DOES TOR WORK?

    ▸ When using the Tor Network a path is determined with a minimum of 3 nodes (can be more). Encryption keys are set up and exchanged between you and all three nodes. However, only you have all of the encryption keys. You encrypt your data with each of the nodes' keys starting with the last node's (exit node) and ending with the first (entry node). As your data moves through the network a layer of encryption is peeled off and forwarded to the next node.

    ▸ As you can see the exit node decrypts the last layer, and forwards your data to its destination. Which means your data is in "plaintext" at this time, but complete anonymity is accomplished. With at least 3 nodes no node knows both the source and destination.

    Source: http://security.stackexchange.com/questions/72679/differences- between-using-tor-browser-and-vpn

    TOR (THE ONION ROUTER)

    TOR (THE ONION ROUTER) Tor is good at anonymity. It needs to be used in conjunction with HTTPS for good privacy.

    Further reading: https://www.eff.org/pages/tor-and-https

  • TORBROWSER

    https://www.torproject.org/projects/torbrowser.html.en

    THE THREAT

    WHO CAN SEE WHAT? ISP (OR VPN) NSA AD TECH WEBSITE

    AD BLOCKER

    Location Location Location

    Site Visited Site Visited Site Visited

    Data Data Data

    Login & Password Login & Password Login & Password

    VPN Location

    * Site Visited Site Visited Site Visited

    * Data Data Data

    * Login & Password Login & Password

    TOR

    Location Location |

    | Site Visited Site Visited Site Visited

    | Data Data Data

    | Login & Password Login & Password

    Tor Tor | Tor Tor Tor

    THE THREAT

    WHO CAN SEE WHAT? ISP (OR VPN) NSA AD TECH WEBSITE

    AD BLOCKER

    Location Location Location

    Site Visited Site Visited Site Visited

    Data Data Data

    Login & Password Login & Password Login & Password

    VPN Location

    * Site Visited Site Visited Site Visited

    * Data Data Data

    * Login & Password Login & Password

    TOR

    Location Location |

    | Site Visited Site Visited Site Visited

    | Data Data Data

    | Login & Password Login & Password

    Tor Tor | Tor Tor Tor

    HTTPS Location Location Location Location

    Site Visited Site Visited Site Visited Site Visited

    Data Data

    Login & Password

  • REFERENCES

    FURTHER READING: PRIVACY

    Schneier on Security: The Value of Privacy: 
 https://www.schneier.com/blog/archives/2006/05/the_value_of_pr.html

    Cory Doctorow: The Privacy Wars Are About to Get A Whole Lot Worse
 http://www.locusmag.com/Perspectives/2016/09/cory-doctorowthe-privacy-wars-are-about-to-get-a-whole-lot-worse/

    The Four Kinds of Privacy: 
 http://www.lifewithalacrity.com/2015/04/the-four-kinds-of-privacy.html

    Security, privacy, and anonymity: 
 https://blog.getcloak.com/2015/03/30/security-privacy-anonymity/

    NSA surveillance: A guide to staying secure: 
 https://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance

    Encryption Works: A Guide to Protecting Your Privacy for Journalists, Sources, and Everyone Else: 
 https://github.com/freedomofpress/encryption-works/blob/master/encryption_works.md

    Tor: The Anonymous