Dr. Sabin Buragawww.purl.org/net/busaco
Web brother
is watching you!?
have you heard the news ?
Mark Zuckerberg (Facebook)
www.guardian.co.uk/technology/2010/jan/11/facebook-privacy
the age of privacy is over
Eric Schmidt (Google)
http://gawker.com/5419271/google-ceo-secrets-are-for-filthy-people
if you have something that you do...
what is privacy?
privacy is about secrecy
privacy is about secrecy
privacy: a person’s right to control access
to his/her personal information
privacy: a person’s right to control access
to his/her personal information
privacy is an inherent human right
privacy is an inherent human right
a requirement for maintaining
the human condition with dignity and respect
Bruce Schnei...
basic kinds of privacy rights
basic kinds of privacy rights
unreasonable intrusion
basic kinds of privacy rights
unreasonable intrusion
e.g., physical/virtual invasion of the private space,
searching walle...
basic kinds of privacy rights
appropriation of a person’s name or likeness
basic kinds of privacy rights
appropriation of a person’s name or likeness
the use of a person’s name on a product label o...
basic kinds of privacy rights
publication of private facts
basic kinds of privacy rights
publication of private facts
examples: personal letters, medical treatment,
photographs of p...
basic kinds of privacy rights
publication that places a person in a false light
basic kinds of privacy rights
publication that places a person in a false light
defamation acts
liberty
versus
control
if there is the privacy of garbage
if there is the privacy of garbage
…then why not the privacy of virtual life?
“Making Sense of Privacy and Publicity”
danah boyd, SXSW 2010
www.danah.org/papers/talks/2010/SXSW2010.html
main offenders
marketers
marketers
spying on Web users
marketers
companies are collecting information
(via cookies, entered text, Flash cookies,…)
on Web pages you visit
http://blogs.wsj.com/wtk/
solution: Ghostery
password crackers
password crackers
using high speed GPU (video card) processors
or SSD drives to crack passwords
https://cyberarms.wordpres...
password crackers
http://tinyurl.com/ybhrhbv
“using SSD drives could crack passwords at a rate
of 300 billion passwords a ...
users having access to
(public wireless) networks
users having access to
(public wireless) networks
capturing HTTP messages: client ↔ server
users having access to
(public wireless) networks
capturing HTTP messages: client ↔ server

impersonating the victims on ...
users having access to
(public wireless) networks
available tools:
WireShark, Firebug (Lite), HTTPwatch, Fiddler,…
users having access to
(public wireless) networks
available tools:
WireShark, Firebug (Lite), HTTPwatch, Fiddler,…
users having access to
(public wireless) networks
available tools:
Firesheep – a “benevolent” HTTP session hijacker
(Octob...
users having access to
(public wireless) networks
available tools:
Firesheep – a “benevolent” HTTP session hijacker
resolving this issue:
“How to Deploy HTTPS Correctly”
Chris Palmer (November 2010)
www.eff.org/pages/how-deploy-https-corr...
HTTPS Everywhere extension
www.eff.org/https-everywhere
…but real-time encryption
is computationally expansive!
NOT any more!
www.imperialviolet.org/2010/06/25/overclocking-ssl.html
“SSL/TLS accounts for less than 1% of the CPU load,
...
a long term solution?
WebID (FOAF+TLS)
a secure authentication protocol for the social Web
to enable the building of distributed,
open and secur...
WebID (FOAF+TLS)
using semantic Web standards +
security protocols built into current Web browsers

web of trust
Web brother
is still watching you
?
Web brother is watching you
Web brother is watching you
Upcoming SlideShare
Loading in …5
×

Web brother is watching you

2,309
-1

Published on

Several aspects regarding the user privacy in the context of actual Web applications: treats and possible solutions.

Published in: Technology, News & Politics
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,309
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
23
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Web brother is watching you

  1. 1. Dr. Sabin Buragawww.purl.org/net/busaco Web brother is watching you!?
  2. 2. have you heard the news ?
  3. 3. Mark Zuckerberg (Facebook) www.guardian.co.uk/technology/2010/jan/11/facebook-privacy the age of privacy is over
  4. 4. Eric Schmidt (Google) http://gawker.com/5419271/google-ceo-secrets-are-for-filthy-people if you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place
  5. 5. what is privacy?
  6. 6. privacy is about secrecy
  7. 7. privacy is about secrecy
  8. 8. privacy: a person’s right to control access to his/her personal information
  9. 9. privacy: a person’s right to control access to his/her personal information
  10. 10. privacy is an inherent human right
  11. 11. privacy is an inherent human right a requirement for maintaining the human condition with dignity and respect Bruce Schneier, 2006
  12. 12. basic kinds of privacy rights
  13. 13. basic kinds of privacy rights unreasonable intrusion
  14. 14. basic kinds of privacy rights unreasonable intrusion e.g., physical/virtual invasion of the private space, searching wallet or USB disks, repeated & persistent phone calls, obtaining data without person’s consent,…
  15. 15. basic kinds of privacy rights appropriation of a person’s name or likeness
  16. 16. basic kinds of privacy rights appropriation of a person’s name or likeness the use of a person’s name on a product label or in advertising a product or service injury to personal feelings
  17. 17. basic kinds of privacy rights publication of private facts
  18. 18. basic kinds of privacy rights publication of private facts examples: personal letters, medical treatment, photographs of person in his/her home, ordered goodies, Web browser history…
  19. 19. basic kinds of privacy rights publication that places a person in a false light
  20. 20. basic kinds of privacy rights publication that places a person in a false light defamation acts
  21. 21. liberty versus control
  22. 22. if there is the privacy of garbage
  23. 23. if there is the privacy of garbage …then why not the privacy of virtual life?
  24. 24. “Making Sense of Privacy and Publicity” danah boyd, SXSW 2010 www.danah.org/papers/talks/2010/SXSW2010.html
  25. 25. main offenders
  26. 26. marketers
  27. 27. marketers spying on Web users
  28. 28. marketers companies are collecting information (via cookies, entered text, Flash cookies,…) on Web pages you visit
  29. 29. http://blogs.wsj.com/wtk/
  30. 30. solution: Ghostery
  31. 31. password crackers
  32. 32. password crackers using high speed GPU (video card) processors or SSD drives to crack passwords https://cyberarms.wordpress.com/
  33. 33. password crackers http://tinyurl.com/ybhrhbv “using SSD drives could crack passwords at a rate of 300 billion passwords a second, and could decode complex password in under 5.3 seconds”
  34. 34. users having access to (public wireless) networks
  35. 35. users having access to (public wireless) networks capturing HTTP messages: client ↔ server
  36. 36. users having access to (public wireless) networks capturing HTTP messages: client ↔ server  impersonating the victims on a variety of Web sites
  37. 37. users having access to (public wireless) networks available tools: WireShark, Firebug (Lite), HTTPwatch, Fiddler,…
  38. 38. users having access to (public wireless) networks available tools: WireShark, Firebug (Lite), HTTPwatch, Fiddler,…
  39. 39. users having access to (public wireless) networks available tools: Firesheep – a “benevolent” HTTP session hijacker (October 2010)
  40. 40. users having access to (public wireless) networks available tools: Firesheep – a “benevolent” HTTP session hijacker
  41. 41. resolving this issue: “How to Deploy HTTPS Correctly” Chris Palmer (November 2010) www.eff.org/pages/how-deploy-https-correctly
  42. 42. HTTPS Everywhere extension www.eff.org/https-everywhere
  43. 43. …but real-time encryption is computationally expansive!
  44. 44. NOT any more! www.imperialviolet.org/2010/06/25/overclocking-ssl.html “SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory per connection and less than 2% of network overhead”
  45. 45. a long term solution?
  46. 46. WebID (FOAF+TLS) a secure authentication protocol for the social Web to enable the building of distributed, open and secure social networks Henry Story, 2010
  47. 47. WebID (FOAF+TLS) using semantic Web standards + security protocols built into current Web browsers  web of trust
  48. 48. Web brother is still watching you ?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×