PROTECT YOUR PRIVACY OFFLINE

PROTECT YOUR PRIVACY OFFLINE

PROTECT YOUR PRIVACY ONLINE

ADAM RICE, WWW.ADAMRICE.ORG

This is not a talk about security. Protecting your privacy may or may not increase security as a side effect.

SURVEILLANCE INFORMATION WILL BE ABUSED: TO PEEP, TO SELL TO MARKETERS AND TO SPY ON POLITICAL ENEMIES — WHOEVER THEY HAPPEN TO BE AT THE TIME.

PRIVACY PROTECTS US FROM ABUSES BY THOSE IN POWER, EVEN IF WE'RE DOING NOTHING WRONG AT THE TIME OF SURVEILLANCE..

Bruce Schneier

HTTPS://WWW.SCHNEIER.COM/BLOG/ARCHIVES/2006/05/THE_VALUE_OF_PR.HTML I want to start with a quote from Bruce Schneier a very well-respected security researcher and thinker. Wrote a prescient essay in 2006 that makes a strong argument that privacy is essential to a healthy full expression of our humanity.

THE THREAT

WHO IS WATCHING?

▸ Your ISP or VPN

▸ DNS provider

▸ NSA & FVEY

▸ Ad Tech companies

▸ Website operator

ISP: their sysadmins (Snowden was a sysadmin), lawyers, etc. If you use a VPN, they see what your ISP would have seen.DNS: if you use custom DNS like OpenDNS or Google, they know your IP and every site you visitNSA: in some respects, easier to hide from them than other parties

THE THREAT

WHAT INFORMATION IS AT RISK?

▸ Location (IP Address)

▸ Websites visited

▸ Data transmitted

▸ Login & Password

Location: IP addresses are easy to locate geographically & to tie to a particular ISP’s customerWebsite visited: the domain name: nytimes.com or mlmug.org or adultfriendfinder.comData transmitted: the pages requested, text or images you submit, the text or images you receive. Even things like where your mouse moves on a page, or text you type and subsequently delete or abandon (Facebook study)

THE THREAT

WHO CAN SEE WHAT?ISP (OR VPN) NSA AD TECH WEBSITE

AD BLOCKER

VPN

TOR

HTTPS

EVERYBODY SHOULD BE RUNNING ADBLOCK SOFTWARE, IF ONLY FROM A SAFETY PERSPECTIVE …

Edward Snowden

HTTPS://WWW.WASHINGTONPOST.COM/NEWS/THE-SWITCH/WP/2015/11/13/WHY-EDWARD-SNOWDEN-THINKS-YOU-SHOULD-USE-AN-AD-BLOCKER/

AD BLOCKERS

WHY BLOCK ADS & RELATED TRACKING?

▸ Saves bandwidth & speeds up page loads

▸ Ad networks can be used to serve malware through legitimate sites

AD BLOCKERS

WHY BLOCK ADS & RELATED TRACKING?

▸ Private companies record your online activity

AD BLOCKERS

HOW DOES AN AD BLOCKER WORK?

▸ Prevents your browser from connecting to advertising and tracking web servers, based on a variety of public lists.

▸ Reformats web page to avoid leaving empty ad space

AD BLOCKERS

ADGUARD

https://adguard.com/en/adguard-adblock-browser-extension/overview.htmlSafari: https://safari-extensions.apple.com/details/?id=com.adguard.safari-N33TQXN8C7Firefox: https://addons.mozilla.org/en-US/firefox/addon/adguard-adblocker/Chrome: https://chrome.google.com/webstore/detail/adguard-adblocker/bgnkhhnnamicmpeenaelnjfhikgbkllg

AD BLOCKERS

WHO CAN SEE WHAT?ISP (OR VPN) NSA AD TECH WEBSITE

AD BLOCKER

Location Location Location

Site Visited Site Visited Site Visited

Data Data Data

Login & Password Login & Password Login & Password

VPN

WHY USE A VPN

▸ Your online activity is none of your ISP’s business

▸ Hide your location from sites you visit

▸ Bypass government Internet filters (when abroad)

▸ Protects all network traffic: email, messages, not just web

▸ Make the NSA work a little harder!

Can allow you to bypass arbitrary geographical restrictions on content, government internet filters, etcImproves anonymity when you’re not logging in to a site.Note: Cookies can give you away to the sites you visit. The VPN provider will have access to all of your traffic.

VPN

HOW DOES A VPN WORK?

WITHOUT VPN

WITH VPN

When using a VPN all of the traffic that leaves your device goes straight to the VPN provider and it's encrypted. This means that if an attacker is between you and your VPN provider they can't see what site you're visiting or what data is being exchanged. If an attacker is located between your VPN provider and the website you're visiting, they can see that there is traffic heading to the site, but not who it is from. — https://scotthelme.co.uk/vpn-security-privacy-online/

CLOAK

https://www.getcloak.com

THE THREAT

WHO CAN SEE WHAT?ISP (OR VPN) NSA AD TECH WEBSITE

AD BLOCKER

Location Location Location

Site Visited Site Visited Site Visited

Data Data Data

Login & Password Login & Password Login & Password

VPNLocation

* Site Visited Site Visited Site Visited

* Data Data Data

* Login & Password Login & Password

TOR (THE ONION ROUTER)

WHY USE TOR?

▸ Your online activity is none of your ISP’s business

▸ Hide your location from sites you visit

▸ Bypass government Internet filters (when abroad)

▸ Make a statement that privacy matters

▸ Make the NSA work really hard!

Tor is good at anonymity. It needs to be used in conjunction with HTTPS for good privacy.Provides privacy from: almost everyone. • it prevents somebody watching your Internet connection (your ISP, your ISP’s ISP, your government) from learning what sites you visit • it prevents the sites you visit from learning your physical location (and IP address) • https://www.eff.org/pages/tor-and-https

TOR (THE ONION ROUTER)

TOR (THE ONION ROUTER)

HOW DOES TOR WORK?

▸ When using the Tor Network a path is determined with a minimum of 3 nodes (can be more). Encryption keys are set up and exchanged between you and all three nodes. However, only you have all of the encryption keys. You encrypt your data with each of the nodes' keys starting with the last node's (exit node) and ending with the first (entry node). As your data moves through the network a layer of encryption is peeled off and forwarded to the next node.

▸ As you can see the exit node decrypts the last layer, and forwards your data to its destination. Which means your data is in "plaintext" at this time, but complete anonymity is accomplished. With at least 3 nodes no node knows both the source and destination.

Source: http://security.stackexchange.com/questions/72679/differences-between-using-tor-browser-and-vpn

TOR (THE ONION ROUTER)

TOR (THE ONION ROUTER) Tor is good at anonymity. It needs to be used in conjunction with HTTPS for good privacy.Further reading: https://www.eff.org/pages/tor-and-https

TORBROWSER

https://www.torproject.org/projects/torbrowser.html.en

THE THREAT

WHO CAN SEE WHAT?ISP (OR VPN) NSA AD TECH WEBSITE

AD BLOCKER

Location Location Location

Site Visited Site Visited Site Visited

Data Data Data

Login & Password Login & Password Login & Password

VPNLocation

* Site Visited Site Visited Site Visited

* Data Data Data

* Login & Password Login & Password

TOR

Location Location |

| Site Visited Site Visited Site Visited

| Data Data Data

| Login & Password Login & Password

Tor Tor | Tor Tor Tor

THE THREAT

WHO CAN SEE WHAT?ISP (OR VPN) NSA AD TECH WEBSITE

AD BLOCKER

Location Location Location

Site Visited Site Visited Site Visited

Data Data Data

Login & Password Login & Password Login & Password

VPNLocation

* Site Visited Site Visited Site Visited

* Data Data Data

* Login & Password Login & Password

TOR

Location Location |

| Site Visited Site Visited Site Visited

| Data Data Data

| Login & Password Login & Password

Tor Tor | Tor Tor Tor

HTTPSLocation Location Location Location

Site Visited Site Visited Site Visited Site Visited

Data Data

Login & Password

REFERENCES

FURTHER READING: PRIVACY

Schneier on Security: The Value of Privacy: https://www.schneier.com/blog/archives/2006/05/the_value_of_pr.html

Cory Doctorow: The Privacy Wars Are About to Get A Whole Lot Worsehttp://www.locusmag.com/Perspectives/2016/09/cory-doctorowthe-privacy-wars-are-about-to-get-a-whole-lot-worse/

The Four Kinds of Privacy: http://www.lifewithalacrity.com/2015/04/the-four-kinds-of-privacy.html

Security, privacy, and anonymity: https://blog.getcloak.com/2015/03/30/security-privacy-anonymity/

NSA surveillance: A guide to staying secure: https://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance

Encryption Works: A Guide to Protecting Your Privacy for Journalists, Sources, and Everyone Else: https://github.com/freedomofpress/encryption-works/blob/master/encryption_works.md

Tor: The Anonymous Internet, and If It's Right for You:http://gizmodo.com/tor-the-anonymous-internet-and-if-its-right-for-you-1222400823

REFERENCES

FURTHER READING: TECHNICAL

EFF’s Surveillance Self-Defense: https://ssd.eff.org

Virtual Private Networks (VPNs) - The guardians of your online privacy: https://scotthelme.co.uk/vpn-security-privacy-online/

What Is Tor and Should I Use It?: http://lifehacker.com/what-is-tor-and-should-i-use-it-1527891029

Differences between using Tor browser and VPN: http://security.stackexchange.com/questions/72679/differences-between-using-tor-browser-and-vpn

Is your browser safe against tracking? https://panopticlick.eff.org/