Web brother is watching you

2,566 views

Published on

Several aspects regarding the user privacy in the context of actual Web applications: treats and possible solutions.

Published in: Technology, News & Politics
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,566
On SlideShare
0
From Embeds
0
Number of Embeds
551
Actions
Shares
0
Downloads
24
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Web brother is watching you

  1. 1. Dr. Sabin Buragawww.purl.org/net/busaco Web brother is watching you!?
  2. 2. have you heard the news ?
  3. 3. Mark Zuckerberg (Facebook) www.guardian.co.uk/technology/2010/jan/11/facebook-privacy the age of privacy is over
  4. 4. Eric Schmidt (Google) http://gawker.com/5419271/google-ceo-secrets-are-for-filthy-people if you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place
  5. 5. what is privacy?
  6. 6. privacy is about secrecy
  7. 7. privacy is about secrecy
  8. 8. privacy: a person’s right to control access to his/her personal information
  9. 9. privacy: a person’s right to control access to his/her personal information
  10. 10. privacy is an inherent human right
  11. 11. privacy is an inherent human right a requirement for maintaining the human condition with dignity and respect Bruce Schneier, 2006
  12. 12. basic kinds of privacy rights
  13. 13. basic kinds of privacy rights unreasonable intrusion
  14. 14. basic kinds of privacy rights unreasonable intrusion e.g., physical/virtual invasion of the private space, searching wallet or USB disks, repeated & persistent phone calls, obtaining data without person’s consent,…
  15. 15. basic kinds of privacy rights appropriation of a person’s name or likeness
  16. 16. basic kinds of privacy rights appropriation of a person’s name or likeness the use of a person’s name on a product label or in advertising a product or service injury to personal feelings
  17. 17. basic kinds of privacy rights publication of private facts
  18. 18. basic kinds of privacy rights publication of private facts examples: personal letters, medical treatment, photographs of person in his/her home, ordered goodies, Web browser history…
  19. 19. basic kinds of privacy rights publication that places a person in a false light
  20. 20. basic kinds of privacy rights publication that places a person in a false light defamation acts
  21. 21. liberty versus control
  22. 22. if there is the privacy of garbage
  23. 23. if there is the privacy of garbage …then why not the privacy of virtual life?
  24. 24. “Making Sense of Privacy and Publicity” danah boyd, SXSW 2010 www.danah.org/papers/talks/2010/SXSW2010.html
  25. 25. main offenders
  26. 26. marketers
  27. 27. marketers spying on Web users
  28. 28. marketers companies are collecting information (via cookies, entered text, Flash cookies,…) on Web pages you visit
  29. 29. http://blogs.wsj.com/wtk/
  30. 30. solution: Ghostery
  31. 31. password crackers
  32. 32. password crackers using high speed GPU (video card) processors or SSD drives to crack passwords https://cyberarms.wordpress.com/
  33. 33. password crackers http://tinyurl.com/ybhrhbv “using SSD drives could crack passwords at a rate of 300 billion passwords a second, and could decode complex password in under 5.3 seconds”
  34. 34. users having access to (public wireless) networks
  35. 35. users having access to (public wireless) networks capturing HTTP messages: client ↔ server
  36. 36. users having access to (public wireless) networks capturing HTTP messages: client ↔ server  impersonating the victims on a variety of Web sites
  37. 37. users having access to (public wireless) networks available tools: WireShark, Firebug (Lite), HTTPwatch, Fiddler,…
  38. 38. users having access to (public wireless) networks available tools: WireShark, Firebug (Lite), HTTPwatch, Fiddler,…
  39. 39. users having access to (public wireless) networks available tools: Firesheep – a “benevolent” HTTP session hijacker (October 2010)
  40. 40. users having access to (public wireless) networks available tools: Firesheep – a “benevolent” HTTP session hijacker
  41. 41. resolving this issue: “How to Deploy HTTPS Correctly” Chris Palmer (November 2010) www.eff.org/pages/how-deploy-https-correctly
  42. 42. HTTPS Everywhere extension www.eff.org/https-everywhere
  43. 43. …but real-time encryption is computationally expansive!
  44. 44. NOT any more! www.imperialviolet.org/2010/06/25/overclocking-ssl.html “SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory per connection and less than 2% of network overhead”
  45. 45. a long term solution?
  46. 46. WebID (FOAF+TLS) a secure authentication protocol for the social Web to enable the building of distributed, open and secure social networks Henry Story, 2010
  47. 47. WebID (FOAF+TLS) using semantic Web standards + security protocols built into current Web browsers  web of trust
  48. 48. Web brother is still watching you ?

×