Your SlideShare is downloading. ×
The internet is broken, by Ola Bini
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

The internet is broken, by Ola Bini

422
views

Published on

Brazil, March, 2014 …

Brazil, March, 2014

This presentation talks about the various ways that the technology of the Internet does not currently suit our needs for privacy and anonymity, and some ways we can combat these issues. We will discuss everything from the layout of cables and physical infrastructure to the issues with application layer systems. We might also spend some
time discussing what legislation and policy measures are necessary as a complement to technical solutions.

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
422
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Ola Bini computational metalinguist & paranoia principal ola@olabini.se https://olabini.se/blog 698E 2885 C1DE 74E3 2CD5 03AD 295C 7469 84AF 7F0C The Internet Is Broken
  • 2. Threat models
  • 3. What's really happening
  • 4. Why is it important?
  • 5. Weak points
  • 6. Internet Exchanges
  • 7. DNS
  • 8. Email
  • 9. Not widely deployed Users trained to disregard certificate errors TLS 1.0 deployed, TLS 1.2 not widely supported Most of the 1.0 ciphers have been broken CA system is hierarchical (you trust ca 650 auths) Including the China Government Known attacks: BEAST, CRIME, BREACH HTTPS
  • 10. NSA tactics
  • 11. Attacking crypto Compromise standards Sneak in weaknesses in implementations Force downgrade to weaker algorithms Attack crypto directly Attack weak random number generators Force providers to give out their keys Attack the endpoints and bypass completely
  • 12. Attacking endpoints Backdoors in software Hardware implants (a wide variety of them) Guessing passwords Attacking nearby routers and use to listen Using baseband attacks and backdoors in cell phones
  • 13. Active attacks Man-on-the-side attacks 0days, primarily in browsers Spear phishing
  • 14. Crypto basics Algorithms Keys Symmetric encryption Asymmetric encryption Hashing Random numbers Kerckhoffs's principle
  • 15. How To Fight Back
  • 16. Principles FLOSH – Free and Libre Open Software and Hardware Decentralization End-to-end encryption
  • 17. Fighting back as developers Learn cryptography Use opt-in share buttons Learn safe and secure coding practices Use content security policies Build decentralized systems Build free software Do not use Google-hosted JavaScript etc Get into open hardware
  • 18. Fighting back as admins Deploy only HTTPS Use HTTP Strict Transport Security (HSTS) Use Perfect Forward Secrecy Use Piwik and locally hosted analytics
  • 19. Fighting back as individuals Protest Inform others Use Tor Learn to use encrypted email Learn to use OTR for chats Move away from centralized services Use Jitsi instead of Skype Learn safe password usage Use ad-blockers Use open source
  • 20. What does the world need? Decentralized services An anti-browser revolution Email/Voice/IM federated all over the world A privacy haven Transport and naming security Free software and hardware Safe payment processing Non biased search engines An alternative to cell phones
  • 21. Privacy haven?
  • 22. Questions? Ola Bini obini@thoughtworks.com https://olabini.se @olabini obini@thoughtworks.com

×