Your SlideShare is downloading. ×
How to get back your privacy?
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

How to get back your privacy?

888
views

Published on

- Why we do this talk ? …

- Why we do this talk ?
- The digital identity
- HOW TO : Encryption
- WTF is encryption ?
- What can I encrypt ? How?
- HOW TO : Anonymity
- Why does it matter ?

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
888
On Slideshare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion How to get back your privacy? Naam, Genma EPITA / Gconfs naam@riseup.net genma@riseup.net 01/17/14 Naam, Genma Anonymity and encryption
  • 2. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Overview 1 2 3 4 Intro Why we do this talk ? The digital identity HOW TO : Encryption WTF is encryption ? What can I encrypt ? How ? HOW TO : Anonymity Why does it matter ? There is always a tool that ts your need Conclusion We're not in a XOXO world Cryptoparty Naam, Genma Anonymity and encryption
  • 3. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Sensitive data Denition a set of values of qualitative or quantitative variables individual pieces of information Some of them are (important|critical)s, don't play with Mallory. Naam, Genma Anonymity and encryption
  • 4. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity The right to stay anonymous The Convention for the Protection of Human Rights and Fundamental Freedoms states that : Article 8 - Right to respect for private and family life Everyone has the right to respect for his private and family life (...). There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others Naam, Genma . Anonymity and encryption
  • 5. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Current situation Naam, Genma Anonymity and encryption
  • 6. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity You will also see Tons of softwares, distributions, techniques to defeat too inquisitive people and censorship. What's a Cryptoparty and what you could learn from it. Naam, Genma Anonymity and encryption
  • 7. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity About me Where can you nd me on Internet ? Blog (in French) : http ://genma.free.fr Twitter : http ://twitter.com/genma My Hobbies ? Many things Crypto Privacy Naam, Genma Anonymity and encryption
  • 8. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Digital identity, what is it ? Denition Digital identity is all the public data you can nd about someone using Internet research. It's the famous e-reputation. Naam, Genma Anonymity and encryption
  • 9. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity What do you think of me ? Google you name The results shown are they exactly what you want ? Naam, Genma Anonymity and encryption
  • 10. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Saying Words y, writings remain This adage is especially true with the Internet. It must be assumed that what is said will always be accessible, even years later. Everything on the Internet is public or will be (even if it is "private", Terms of Use may change). it is therefore not an abuse of freedom of expression and it remains respectful of laws Naam, Genma Anonymity and encryption
  • 11. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Pseudonymity Dention Contraction of anonymity and pseudonym words, the term pseudonymity reects quite well the contradictory of being a public gure and to remain anonymous ... Have a pseudonym does not mean to say and do anything. This is the image that I return, this is my credibility (past, present and future). A pseudonym is also a public identity, which is associated with dierent account : my blog, my Twitter, my Facebook account. The digital identity are all these public data associated with this identity. Naam, Genma Anonymity and encryption
  • 12. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Samples Twitter Linkedin Naam, Genma Anonymity and encryption
  • 13. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Pseudonymity is disapearing... Facebook Facebook doesn't allow the creation of an account with a pseudonym, if you really want there is some easy steps to follow. The goal is to force people to express themselves using their real names, Naam, Genma Anonymity and encryption
  • 14. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Pseudonymity is seen as a problem The problem is that the anonymity is taken as an excuse to condemn the use of the Internet as a tool for freedom of expression. If people are monitored, they do not say what they think, they do not criticize the politicians. With the Internet, the citizen is gradually taking power on politicians. Naam, Genma Anonymity and encryption
  • 15. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Conclusion Pseudonymity is a necessity Manage your digital identity. Pseudonymity is the rst step to take back you privacy. Naam, Genma Anonymity and encryption
  • 16. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Something unclear ? Feel free to ask for questions now. Naam, Genma Anonymity and encryption
  • 17. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Denition - cryptage, encrypt, encryption ? Encryption Encryption is to encrypt a document / le using an encryption key. The reverse operation is decryption. Cryptage Term  cryptage  is derived from the English encryption and does not exist in French. Decryption is the fact of breaking the encryption when the private key is unknown. Cryptography Science is called Cryptography. Naam, Genma Anonymity and encryption
  • 18. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption, how does it work ? Symetric Encryption This involves encrypting a message with the same key that will be used for decryption process. Sample : Caesar code, with an oset letter. A->C, B->D etc. Nous venons en paix -> Pqwu xgpqpu gp rckz The reverse process is applied to get the message. What is an encryption key ? A key is called so because it opens / closes the padlock that is the used encryption algorithm. Here, the algorithm is the oset. The key is the number of oset of letter (here two letters). Naam, Genma Anonymity and encryption
  • 19. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Asymetric Encryption 1/2 Public key - Private key Asymetric Encryption is based on the pair public key - private key. ⇒ What you need to know : My private key is... private and my own. My public key is shared with everyone. The encryption algorithm The encryption algorithm is more complexe than the fact of shifting letters ; it is based on mathematical concepts (rst number ...) Naam, Genma Anonymity and encryption
  • 20. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Asymetric Encryption 2/2 Encryption With the public key of my correspondent, I encrypt a le. ⇒ The le can only be decrypted by the person who possesses the private key corresponding to the public key that I used (and therefore my correspondent). Decryption With its private key, my correspondent decrypts the le. ⇒ He can then read the message. Concret case Mail Encryption with PGP. Naam, Genma Anonymity and encryption
  • 21. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Bob send a message to Alice Naam, Genma Anonymity and encryption
  • 22. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Why encryption ? Naam, Genma Anonymity and encryption
  • 23. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encrypt - The arguments against Nobody does... FALSE. Without knowing it, you do it every day. Sample 1 : "padlock" when connecting (https) Sample 2 : Wi key. Nothing to hide... FALSE. Who would accept the postman reading his medical post ? Encryption, it's for the pedo-nazi... FALSE. For journalists / bloggers dissidents who are denouncing dictatorships... Naam, Genma Anonymity and encryption
  • 24. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encrypt - The arguments for Encryption, it's not so complicated It is not more complicated than using a "software". You just have to understand the principle. Protection and security My personnal data are safe Cf. PRISM, NSA... Privacy Only the person for who the "message" is, is able to read it. Naam, Genma Anonymity and encryption
  • 25. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Edward Snowden Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Naam, Genma Anonymity and encryption
  • 26. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption limit Which is encrypted can be decrypted today tomorrow Tomorrow's computers will allow to decrypt the encrypted data today. It the private key is lost We no longer have access to data. Metadata, social graph PGP does not protect against the analysis of metadata (servers transit, addresses, headers, subject). Do not forget to clean the meta-data les (EXIF tag photos, oce documents with tracked changes). DNS... Case of tracking Internet ... Naam, Genma Anonymity and encryption
  • 27. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Law and encryption In France, the law therefore considers that the use of cryptology is free (LCEN Article 30-1) and there is therefore now no limit to the size of the encryption key that can be used . In case of search, the refusal of submission of the encryption key may result in 3 years imprisonment and 45000e. This penalty is increased if Encryption was used to commit a crime. It is therefore recommended to give the decryption key, except in the case where the decrypted data would result in a judicial proceeding in which the nal sentence would be greater than the interference with the judicial investigation. Naam, Genma Anonymity and encryption
  • 28. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption Locally - your data Hard disk USB Key Smartphone Network - Communications Https : HTTPSEveryWhere for Firefox E-mails : GPG with Enigmail for Thunderbird Connexion : VPN, SSH, TOR... ⇒ Each "use", there is an encryption solution. Naam, Genma Anonymity and encryption
  • 29. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Emails - PGP, GPG ? PGP Pretty Good Privacy - PGP is an encryption software created by the American Phil Zimmermann in 1991. OpenPGP This standard describes the format of messages, signatures or certicates that can send software such as GNU Privacy Guard. It is therefore not a software but a format for the secure exchange of data, which owes its name to the historic program Pretty Good Privacy (PGP). GnuPG GnuPG (GNU Privacy Guard) is the free software. Naam, Genma Anonymity and encryption
  • 30. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Harddisk encryption Software integrated in operating systems Windows 7/8 : Bitlocker (Backdoor) MacOS : FileVault GNU/Linux : Encfs... Can you trust closed source software ? Independently of the operating system ⇒ TrueCrypt. For a USB key/an external hard drive. Naam, Genma Anonymity and encryption
  • 31. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? TrueCrypt audit Naam, Genma Anonymity and encryption
  • 32. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption and privacy Encryption meets the need for privacy and allows data protection. Naam, Genma Anonymity and encryption
  • 33. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption for connexions : SSL/TLS Session layer based, aect application layer (TFP, HTTP, SMTP, IMAP, POP , DNS, RTMP ...) Prefer using TLS over SSL when you have choice. Asymetrical encryption, forward secrecy (Die-Hellman). Only use up to date browser in order to have the correct ngerprint caught on your computer and avoid MITM attack. If your browser does not have a certicate pinning system install certicate patrol (assuming your rst connection is safe) or HTTPS everywhere with the SSL observatory ON. Naam, Genma Anonymity and encryption
  • 34. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Die-Hellman key exchange With color two people that never met agrees on the same keys heavy use of one-way function Select a public color, then each part select a private secret one. each part mix private/public key and send it to the other. Each part mix the mixture of the other with their own private color and arrive to the same nal private color. Naam, Genma Anonymity and encryption
  • 35. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Die-Hellman key exchange With maths : (modular|clock) arithmetic work on prime modulus and generator of that modulus. 3 mod 17 = X with 0 <= X <= 17 hard to reverse when len(prime modulus) increase. so each part agrees on a prime modulus (p) and a generator (g). Then calculate g mod (p ) = Mix and send it publicly. each part compute now n secret Mix secret ( ) = Key mod p Naam, Genma Anonymity and encryption
  • 36. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption for chat sessions : OTR OTR : O-the-Record Messaging Die-Hellman key exchange o-the-record conversation repudiable authentication by using message authentication codes. (authentication ON | digital signature OFF) Bob cannot prove that Alice generated the MAC. Install Pidgin (cross-plateform) with plugin (available from the OTR homepage) and start playing. Naam, Genma Anonymity and encryption
  • 37. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption for disk Many possibilities, but full disk encryption is advised in case you really care about privacy. For this purpose you have a plethora of choice. Stacked lesystem encryption (eCryptfs, EncFs, disk utility ...) Disk encryption (dm-crypt, GELI, FileVault, DiskCryptor, trueCrypt ...) Case study : Plain dm-crypt full disk encryption bootloader and key on external device (can also be done with Diskcryptor) Naam, Genma Anonymity and encryption
  • 38. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption for smartphone Android Chatsecure (Facebook chat, GTalk, Jabber) [OTR Messaging] Textsecure (SMS) LUKS Manager (ROOT requiered) iOS Chatsecure (Facebook chat, GTalk, Jabber) [OTR Messaging] FDE available by default, bypass techniques available, proprietary built system... (More details : iPhone Forensic, O'Reilly) Naam, Genma Anonymity and encryption
  • 39. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Example : chatsecure with facebook Naam, Genma Anonymity and encryption
  • 40. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Example : chatsecure with facebook Win. Facebook cannot read your messages. But you can't read it anymore after your current session. Naam, Genma Anonymity and encryption
  • 41. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption for les Mails : Use GPG create your keys share your public key enter the matrix Web Of Trust (WOT) encrypt/sign your message and send it. receive mails too. Files Basically you can do the same with 'regular le'... Make sure not to store keys near encrypted les, prefer symetrical encryption if les will not be shared. Naam, Genma Anonymity and encryption
  • 42. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Choosing a password : Diceware method The diceware method allow you to construct very strong password with the following advantages : Very easy to remember strong passphrase with high entropy ( 20char +) truly random ; password is totally detached from user habits/knowledge etc. Test your password strength in bits Entropy calculated by : H = =1 L ∗ n tn LogN k Log 2 Do NOT test your password strength online. Take a calculator and calcul the entropy yourself. Naam, Genma Anonymity and encryption
  • 43. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Diceware, overall strength Naam, Genma Anonymity and encryption
  • 44. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Diceware, how does it work You only need a true random source and an ocial mapped dictionary. Draw 1 : 5 1 5 5 5 ... Draw 2 : 5 4 5 6 6 14245 bit Draw 3 : 6 5 6 4 6 14246 bitch Draw 4 : 5 4 3 1 2 14247 bite Draw 5 : 2 2 3 5 4 ... Results in French : phase ribose vv rebut clebs in English : rest sober 80 skye data Naam, Genma Anonymity and encryption
  • 45. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Something unclear ? Feel free to ask for questions now. Naam, Genma Anonymity and encryption
  • 46. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Anonymity Naam, Genma Anonymity and encryption
  • 47. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Anonymity, why does it matter ? In real life, anonymity is necessary for democraty (voting paper). On line, anonymity is necessary for freedom of expression. Naam, Genma Anonymity and encryption
  • 48. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need TOR the Onion router Naam, Genma Anonymity and encryption
  • 49. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Onion routing principles Naam, Genma Anonymity and encryption
  • 50. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need TOR : The Onion Router It's an open-source implementation of the principles we just saw supported by The Tor Project. Naam, Genma Anonymity and encryption
  • 51. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need TOR : The Onion Router Pros Hiding you identity and location, prevents from eyesdropping. Hiding you browsing habits and act like a debrider on the informations that you're authorized to see. encrypting your (incom|outgo)ing trac between nodes. Cons Slower connexion, forget about downloading big les, torrents (deanonymize eect) etc... Still vulnerable to some kind of analysis (timing deduction or infection between applications). entry/exit nodes are vulnerables, no magic here. (Partial solution if you setup an exit enclaving node) Naam, Genma Anonymity and encryption
  • 52. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need If you use it, do it smartly Don't use standalone TOR or Vidalia bundlle Prefer the use of the TBB (Tor Browser Bundle) or even better : tails (live Debian), in hostile environment (public places etc) Try Tor browser launcher for your distribution, that keep TBB updated. Grab-it from here : https ://github.com/micahee/torbrowser-launcher Naam, Genma Anonymity and encryption
  • 53. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need If it's free, then you're the product Naam, Genma Anonymity and encryption
  • 54. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need What is the tracking ? Tracking over the Internet websites, announcers use it to learn your browsing habits. they save what websites are you're visiting, what do you like or dislike and what you buy. Data are processed in order to display the best ads that t your preferences. Naam, Genma Anonymity and encryption
  • 55. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need What's the magic ? Ads and widget are spying you The Like button : Allows FaceBook to know what you visit, even if you don't click on it, even if you are properly disconnected from Facebook. Same for the +1 by Google, and Google Analytics script. In fact every ad and many widget do it. Naam, Genma Anonymity and encryption
  • 56. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Want to test ? Try LightBeam (ex Collusion) with Firefox That add-on allow you to see in real time which websites are tracking you and the inter-connexion between the actual website and others. Kind of weird sometime. Naam, Genma Anonymity and encryption
  • 57. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Firefox Firefox addons Naam, Genma Anonymity and encryption
  • 58. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Firefox scripts : Ghostery Block all trackers. Naam, Genma Anonymity and encryption
  • 59. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Firefox scripts : Self destructing cookie Automatic cookie deletion techniques. Prevent tracking and spying. Possibility to setup a whitelist if you really want to keep some cookies for some domains even if you're not currently using it. Naam, Genma Anonymity and encryption
  • 60. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Firefox scripts : HTTPSEverywhere Made by the electronic frontier fondation (EFF), it forces the HTTPS when available on the website. If you have one, consider registering it for your visitors (see https ://www.e.org/httpseverywhere/rulesets). Also, activate the SSL Observatory : it prevents from MITM attacks and more generally against corrupted certicates. Naam, Genma Anonymity and encryption
  • 61. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Firefox scripts : Certicate Patrol Does approximately the same thing than the SSLObservatory. Less transparent in everyday use. Naam, Genma Anonymity and encryption
  • 62. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Search engines Problems with search engines Naam, Genma Anonymity and encryption
  • 63. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Search engines Duckduckgo (ddg.gg) personalizable interface for your needs. Ixquick/startpage (ixquick.com/startpage.com) more than one search engine begind, automatic proxy if you want to. binsearch (binsearch.info) search for binaries (newsgroups etc) that google is hiding from you. Naam, Genma Anonymity and encryption
  • 64. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Metadatas are evil Metadatas are evil Naam, Genma Anonymity and encryption
  • 65. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Metadatas are evil Naam, Genma Anonymity and encryption
  • 66. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Metadatas are evil Naam, Genma Anonymity and encryption
  • 67. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Metadatas are evil Denition (http ://dictionary.reference.com/browse/meta-data) Data about data. information that is held as a description of stored data. Examples EXIF tags on photography (Date, cameras info, GPS coordinates...) data stored on documents like .doc(x) ... Naam, Genma Anonymity and encryption
  • 68. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Metadatas are evil Naam, Genma Anonymity and encryption
  • 69. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Solution ? YES, partialy There is a good tool to erase metadatas from a large spectrum of letypes. It's called MAT (mat.boum.org). Reside in Tails, standalone package (Debian), Git repos. it has a GUI, no worry (can also be used in command line, don't worry too). Files support : Images : .png, JPEG (.jpg, .jpeg, . . . ) Documents : .odt, .odx, .ods, . . . , .docx, .pptx, .xlsx, . . . , .pdf Tape ARchives (.tar, .tar.bz2, . . . ) Media : .mp3, .mp2, .mp1, . . . , .ogg, . . . , .ac Torrent (.torrent) Naam, Genma Anonymity and encryption
  • 70. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Something unclear ? Feel free to ask for questions now. Naam, Genma Anonymity and encryption
  • 71. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Conclusion Conclusion Naam, Genma Anonymity and encryption
  • 72. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Crypto-anarchy Everyone does encryption and what is really important is encrypted and embedded in it. It creates noise which prevents mass surveillance (PRISM ...) Careful ! At the current time, encryption is not widespread, anyone who encrypts their e-mails can be considered as suspicious. Naam, Genma Anonymity and encryption
  • 73. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Relativity of anonymity today Analysis on language elements We can identify someone by studying the typography, style, vocabulary, culture, ideas .. the frequency of words used, the turn of phrase, the kind ... Theses techniques are used to determine who hides behind... Anonymous Care of Logs Schedules connections times and estimated time zone also provide information ... Naam, Genma Anonymity and encryption
  • 74. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Relativity theory Snowden's leak are recent, documents leaked are pretty old. We have very strong tool but we do not know what they have. State of the art techniques to defeat those technologies (processor noise etc...). Naam, Genma Anonymity and encryption
  • 75. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Want to help ? With money : You can make donation to those open-source projects. With action : Use their services, give feedback, there is always something to do. By spreading words, teach others how to use it. Naam, Genma Anonymity and encryption
  • 76. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Cryptoparty Interested parties with computers, devices, and the desire to learn to use the most basic crypto programs and privacy tools and the fundamental concepts of their operation ! CryptoParties are free to attend, public, and are commercially and politically non-aligned. What you'll do Use crypto-tool, ask for questions, teach to others want you already know. What you'll not do Maths, learn deep crypto-concepts, ... Unless you want it. Naam, Genma Anonymity and encryption
  • 77. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Something unclear ? Feel free to ask for questions now. Naam, Genma Anonymity and encryption
  • 78. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Rendez vous at the Cryptoparty Naam, Genma Anonymity and encryption
  • 79. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Annexes Naam, Genma Anonymity and encryption
  • 80. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty An Exchange of mails really secure The problem with encrypted email ? We still know who talks to whom. Solution Exchange mail between two known / trusted servers who are dialoguing in https SSL / TLS between them. Encrypt messages via PGP Naam, Genma Anonymity and encryption
  • 81. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Steganography - Steghide Can you see a dierence between these two pictures ? vs The second image contains the text "This is my hidden text." This is what is called steganography. Software : steghide Naam, Genma Anonymity and encryption
  • 82. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Bitmessage Bitmessage , a protocol for sending / receiving messages and acentric fully encrypted, based on a mechanism simillaire bitcoin . Naam, Genma Anonymity and encryption
  • 83. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Bitmessage Characteristics and comparison with an email solution + PGP Send a pair hand , no need to create a server, register a domain name, or enroll in a service. You can create as many addresses as you want. No need to trust a tier ( CA for example). Censorship-resistant . Person , including a government can not delete your address or messages. It is not possible to impersonate a sender (spoong). Naam, Genma Anonymity and encryption
  • 84. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Bitmessage Bitmessage has a feature broadcast . The identity of the sender and receiver of messages is easier to hide an email with PGP + solution . Unlike PGP , the subject is encrypted by default . Should be easier to use, no need to keep the public keys of your correspondents . Opportunity to develop additional functionality based on the protocol. Naam, Genma Anonymity and encryption
  • 85. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty ZeroBin ZeroBin is a minimalist, opensource online pastebin/discussion board where the server has zero knowledge of hosted data. Data is encrypted/decrypted in the browser using 256 bits AES. You can test it online or install on your own server. Naam, Genma Anonymity and encryption
  • 86. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty ZeroBin Naam, Genma Anonymity and encryption
  • 87. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty ZeroBin When pasting a text into ZeroBin : You paste your text in the browser and click the Send button. A random 256 bits key is generated in the browser. Data is compressed and encrypted with AES using specialized javascript libraries. Encrypted data is sent to server and stored. The browser displays the nal URL with the key. The key is never transmitted to the server, which therefore cannot decrypt data. Naam, Genma Anonymity and encryption
  • 88. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty ZeroBin Naam, Genma Anonymity and encryption
  • 89. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty ZeroBin When opening a ZeroBin URL : The browser requests encrypted data from the server The decryption key is in the anchor part of the URL which is never sent to server. Data is decrypted in the browser using the key and displayed. Naam, Genma Anonymity and encryption