Online privacy concerns (and what we can do about it)

4,096 views

Published on

User's online privacy is constantly in a state of flux. Witness Google's consolidation of their privacy polices, ever changing Facebook rules or how commerce determines how sites handle user data, and then note the lack of any opt-out for the user when these changes occur. Online entities make these changes not for the benefit of the user, but for the benefit of the shareholders, obviously, but if they can do this now, they can do it later. Simply put, a privacy policy today can change tomorrow; and user's privacy can be thrown by the wayside. Knowing this should signal an alarm for everyone to understand HOW their data is being stored and used online. We'll look at recent developments that have caused concern among privacy advocates, poke fun at some of the silly ways these new measures are sold to the populace and then cover what can be done to increase users' privacy online utilizing common sense and open source software. (Presented at the St. Louis Linux User's Group, June 20, 2013)

Published in: Technology
0 Comments
7 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
4,096
On SlideShare
0
From Embeds
0
Number of Embeds
835
Actions
Shares
0
Downloads
49
Comments
0
Likes
7
Embeds 0
No embeds

No notes for slide

Online privacy concerns (and what we can do about it)

  1. 1. June 20, 2013Online PrivacyConcernsPhil Cryer(and what we can do about it)
  2. 2. Phil Cryer
  3. 3. better known online as...@fak3rPhil Cryer
  4. 4. better known online as...@fak3rPhil CryerOpen Source Technologist
  5. 5. better known online as...@fak3rPhil CryerOpen Source TechnologistInfosec Speaker+Researcher
  6. 6. better known online as...@fak3rPhil CryerOpen Source TechnologistInfosec Speaker+ResearcherPrivacy Advocate
  7. 7. “With social media,users’ vanity hastrumped previously heldmores concerningprivacy” me, 2011
  8. 8. http://urania-josegalisifilho.blogspot.com/2012/06/interview-with-willian-gibson-by-larry.html
  9. 9. People’s data on socialnetworks becomespermanently shared.
  10. 10. So what will companiesdo to monetize all of thisdata they collect?
  11. 11. Use it to better targetyou with ads, of course.
  12. 12. To you, your socialprofile
  13. 13. To you, your socialprofile =
  14. 14. To you, your socialprofile = data
  15. 15. To you, your socialprofile = your data
  16. 16. But to the social mediacompanies
  17. 17. But to the social mediacompanies your data
  18. 18. But to the social mediacompanies your data =
  19. 19. https://christian3200.files.wordpress.com/2011/04/moneyyyyy.jpg
  20. 20. http://cheezburger.com/View/2362193664
  21. 21. So, how much shouldpeople worry about theloss of online privacy?
  22. 22. http://online.wsj.com/article/SB10001424052970204190704577024262567105738.htmlDanah Boyd “People want to share. But thatsdifferent than saying that people want to beexposed by others.”Protecting privacy is about making certain that people have theability to make informed decisions about how they engage inpublic. I do not think we’ve done enough.That said, I am opposed to approaches that protect people bydisempowering them. I want to see approaches that forcepowerful entities to be transparent about their data practices.And I want to see approaches that put restrictions on how datacan be used to harm people.
  23. 23. http://online.wsj.com/article/SB10001424052970204190704577024262567105738.htmlChris Soghoian “...we now regularly trade ourmost private information for access to social-networking sites and free content”The dirty secret of the Web is that the free content and servicesthat consumers enjoy come with a hidden price: their ownprivate data.Many of the major online advertising companies are notinterested in the data that we knowingly and willingly share.Instead, these parasitic firms covertly track our web-browsingactivities, search behavior and geolocation information. Oncecollected, this mountain of data is analyzed to build digitaldossiers on millions of consumers, in some cases identifying usby name, gender, age as well as the medical conditions andpolitical issues we have researched online.
  24. 24. http://www.adweek.com/news/advertising-branding/whose-life-it-anyway-137537Whose Life Is It Anyway? Consumers are learningtheir data is a kind of currency.
  25. 25. http://www.adweek.com/news/advertising-branding/whose-life-it-anyway-137537Whose Life Is It Anyway? Consumers are learningtheir data is a kind of currency.Each year, companies in the U.S. spend more than $2 billion onthird-party consumer data, according to Forrester Research.[...] growing at such a fast clip that the World Economic Forumand other futurists have called personal data the “new oil.”
  26. 26. Companies’ ‘free’ services comeat the cost of your privacy
  27. 27. Could your privacy bebought from you?
  28. 28. http://www.forbes.com/sites/kashmirhill/2012/02/09/your-online-privacy-is-worth-less-than-a-six-pack-of-marshmallow-fluff
  29. 29. http://www.forbes.com/sites/kashmirhill/2012/02/09/your-online-privacy-is-worth-less-than-a-six-pack-of-marshmallow-fluffGoogle [...] wants “panelists” for a program called Screenwisewho will add a browser extension in Chrome “that will sharewith Google the sites you visit and how you use them” —information that Google will study in order to improve itsproducts and services.
  30. 30. http://www.forbes.com/sites/kashmirhill/2012/02/09/your-online-privacy-is-worth-less-than-a-six-pack-of-marshmallow-fluffWhat’s in it for you? Up to $25 in gift cards. [..] a $5 Amazon.comGift Card code instantly when you sign up and download theGoogle Screenwise browser extension. [...] $5 Amazon.com GiftCard codes every three months for staying with it. It’s our wayof saying “Thank you”
  31. 31. http://www.forbes.com/sites/kashmirhill/2012/02/09/your-online-privacy-is-worth-less-than-a-six-pack-of-marshmallow-fluff$25 USD per year
  32. 32. “New research finds people fork over $5,000 worth of personalinformation a year to Google in exchange for access to its “freeservices” such as Gmail and search. While many view this as a fairtrade, privacy experts say the Internet giant’s latest plan to pooluser data from its various sites make it less so”http://blogs.smartmoney.com/advice/2012/01/25/who-would-pay-5000-to-use-google-you
  33. 33. If you’re not paying for theproduct, you are the product
  34. 34. • 1.1 billion monthly active users• 751 million daily active users of mobileproducts• More than 65% login daily (655 million)• Average user has 130 friendshttp://newsroom.fb.com/content/default.aspx?NewsAreaId=22
  35. 35. • More than 70 languages available on the site• Over 300,000 users helped translate the sitethrough the translations application• 79% of users are outside of the US/Canadahttp://newsroom.fb.com/content/default.aspx?NewsAreaId=22
  36. 36. $ _curl -s http://graph.facebook.com/4 | python -mjson.tool{"first_name": "Mark","gender": "male","id": "4","last_name": "Zuckerberg","link": "http://www.facebook.com/zuck","locale": "en_US","name": "Mark Zuckerberg","username": "zuck"}http://graph.facebook.com/4
  37. 37. http://graph.facebook.com/4
  38. 38. $ curl -s http://graph.facebook.com/4 | python -mjson.tool{"first_name": "Mark","gender": "male","id": "4","last_name": "Zuckerberg","link": "http://www.facebook.com/zuck","locale": "en_US","name": "Mark Zuckerberg","username": "zuck"}http://graph.facebook.com/4
  39. 39. Mark Zuckerberg starts Facebook at 19 while stillat Harvard, but early messages don’t show a stronginterest in privacy...
  40. 40. An early instant message session with a friend...Zuck: Yeah so if you ever need info about anyone at HarvardZuck: Just ask.Zuck: I have over 4,000 emails, pictures, addresses, SNS[Name Redacted]: What? How’d you manage that one?Zuck: People just submitted it.Zuck: I don’t know why.Zuck: They “trust me”Zuck: Dumb f***shttp://articles.businessinsider.com/2010-09-13/tech/30033368_1_ims-mark-zuckerberg-facebook-ceohttps://en.wikiquote.org/wiki/Mark_Zuckerberg
  41. 41. http://www.guardian.co.uk/technology/2010/jan/11/facebook-privacyPrivacy no longer a social norm, says Facebookfounder“People have really gottencomfortable not onlysharing moreinformation ... with morepeople,” he said. “Thatsocial norm is justsomething that hasevolved over time.”
  42. 42. https://www.nytimes.com/interactive/2010/05/12/business/facebook-privacy.htmlFacebook Privacy: A bewildering Tangle ofOptions“To manage your privacy on Facebook, you will need tonavigate through 50 settings with more than 170 options.Facebook says it wants to offer precise controls for sharingon the Internet.”
  43. 43. https://www.nytimes.com/interactive/2010/05/12/business/facebook-privacy.html
  44. 44. https://www.nytimes.com/interactive/2010/05/12/business/facebook-privacy.html
  45. 45. http://facebook.com
  46. 46. http://online.wsj.com/article/SB10001424052970204190704577024262567105738.htmlChris Soghoian “Facebook’s covert surveillanceof your browsing activities on non-Facebookwebsites...”Although consumers knowingly share information viaFacebook, the privacy issues associated with that company arenot related to the way consumers use it, but rather the otherthings the company does.These include the tricks the company has pulled to expose users’private data to third-party app developers, the changingprivacy defaults for profile data, as well as Facebook’s covertsurveillance of your browsing activities on non-Facebookwebsites, as long as a “Like” button is present (even if you don’tclick on it).
  47. 47. Facebook has cut a deal with political website Politico that allows theindependent site machine-access to Facebook users messages, both public andprivate, when a Republican Presidential candidate is mentioned by name. Thedata is being collected and analyzed for sentiment by Facebook’s data team, thendelivered to Politico to serve as the basis of data-driven political analysis andjournalism.The move is being widely condemned in the press as a violation of privacy but ifFacebook would do this right, it could be a huge win for everyone. Facebook couldbe the biggest, most dynamic census of human opinion and interaction inhistory. Unfortunately, failure to talk prominently about privacy protections,failure to make this opt-in (or even opt out!) and the inclusion of privatemessages are all things that put at risk any remaining shreds of trust inFacebook that could have served as the foundation of a new era of social self-awareness.https://www.readwriteweb.com/archives/why_facebooks_data_sharing_matters.php
  48. 48. https://www.readwriteweb.com/archives/why_facebooks_data_sharing_matters.phpFacebook has cut a deal with political website Politico that allows theindependent site machine-access to Facebook users messages, both public andprivate, when a Republican Presidential candidate is mentioned by name. Thedata is being collected and analyzed for sentiment by Facebook’s data team, thendelivered to Politico to serve as the basis of data-driven political analysis andjournalism.The move is being widely condemned in the press as a violation of privacy but ifFacebook would do this right, it could be a huge win for everyone. Facebook couldbe the biggest, most dynamic census of human opinion and interaction inhistory. Unfortunately, failure to talk prominently about privacy protections,failure to make this opt-in (or even opt out!) and the inclusion of privatemessages are all things that put at risk any remaining shreds of trust inFacebook that could have served as the foundation of a new era of social self-awareness.
  49. 49. https://www.readwriteweb.com/archives/why_facebooks_data_sharing_matters.phpFacebook has cut a deal with political website Politico that allows theindependent site machine-access to Facebook users messages, both public andprivate, when a Republican Presidential candidate is mentioned by name. Thedata is being collected and analyzed for sentiment by Facebook’s data team, thendelivered to Politico to serve as the basis of data-driven political analysis andjournalism.The move is being widely condemned in the press as a violation of privacy but ifFacebook would do this right, it could be a huge win for everyone. Facebook couldbe the biggest, most dynamic census of human opinion and interaction inhistory. Unfortunately, failure to talk prominently about privacy protections,failure to make this opt-in (or even opt out!) and the inclusion of privatemessages are all things that put at risk any remaining shreds of trust inFacebook that could have served as the foundation of a new era of social self-awareness.
  50. 50. https://www.facebook.com/about/ads
  51. 51. Leaked Details of How Facebook Plans ToSell Your Timeline to AdvertisersWhat most users don’t know is that the new features being introduced are all centered aroundincreasing the value of Facebook to advertisers, to the point where Facebook representatives havebeen selling the idea that Timeline is actually about re-conceptualizing users around theirconsumer preferences, or as they put it, “brands are now an essential part of people’s identities.”Disguising ads as your friends’ updates is being offered up as an antidote to the dismal click-through rates for traditional web advertising.  Sponsored stories in your feed and sidebar adsbased on your friends’ likes will become ubiquitous. Indeed in marketing materials, Facebook saysthese new premium ads are 90 percent accurate, compared to the industry average of 35 percent.“When people hear about you [the brand] from friends, they listen.”http://www.betabeat.com/2011/12/23/exclusive-leaked-details-of-how-facebook-plans-to-sell-your-timeline-to-advertisers
  52. 52. http://www.betabeat.com/2011/12/23/exclusive-leaked-details-of-how-facebook-plans-to-sell-your-timeline-to-advertisersLeaked Details of How Facebook Plans ToSell Your Timeline to AdvertisersWhat most users don’t know is that the new features being introduced are all centered aroundincreasing the value of Facebook to advertisers, to the point where Facebook representatives havebeen selling the idea that Timeline is actually about re-conceptualizing users around theirconsumer preferences, or as they put it, “brands are now an essential part of people’s identities.”Disguising ads as your friends’ updates is being offered up as an antidote to the dismal click-through rates for traditional web advertising.  Sponsored stories in your feed and sidebar adsbased on your friends’ likes will become ubiquitous. Indeed in marketing materials, Facebook saysthese new premium ads are 90 percent accurate, compared to the industry average of 35 percent.“When people hear about you [the brand] from friends, they listen.”
  53. 53. http://www.betabeat.com/2011/12/23/exclusive-leaked-details-of-how-facebook-plans-to-sell-your-timeline-to-advertisersLeaked Details of How Facebook Plans ToSell Your Timeline to AdvertisersWhat most users don’t know is that the new features being introduced are all centered aroundincreasing the value of Facebook to advertisers, to the point where Facebook representatives havebeen selling the idea that Timeline is actually about re-conceptualizing users around theirconsumer preferences, or as they put it, “brands are now an essential part of people’s identities.”Disguising ads as your friends’ updates is being offered up as an antidote to the dismal click-through rates for traditional web advertising.  Sponsored stories in your feed and sidebar adsbased on your friends’ likes will become ubiquitous. Indeed in marketing materials, Facebook saysthese new premium ads are 90 percent accurate, compared to the industry average of 35 percent.“When people hear about you [the brand] from friends, they listen.”
  54. 54. Timeline Is mandatory for allFacebook usersWith No Opt-OutOption
  55. 55. Timeline Is mandatory for allFacebook users With No Opt-OutOption
  56. 56. http://business.financialpost.com/2011/11/29/facebook-settles-privacy-case-wtih-ftcFacebook settlesprivacy case with theFederal TradeCommission
  57. 57. http://business.financialpost.com/2011/11/29/facebook-settles-privacy-case-wtih-ftcFacebook settlesprivacy case with theFederal TradeCommissionFacebook has agreed to settle an investigation by the Federal TradeCommission into deceptive privacy practices, committing to ceasemaking false claims and to submit to independent audits for 20 years.The FTC said the world’s largest Internet social network had beenrepeatedly deceptive. For example, Facebook promised users that itwould not share personal information with advertisers, but it did, theagency said.Also, the company failed to warn users that it was changing itswebsite in December 2009 so that certain information that usersdesignated as private, such as their “Friends List,” would be madepublic, the FTC said.“Facebook’s innovation does not have to come at the expense ofconsumer privacy,” FTC Chairman Jon Leibowitz said in a statement.
  58. 58. http://business.financialpost.com/2011/11/29/facebook-settles-privacy-case-wtih-ftcFacebook settlesprivacy case with theFederal TradeCommissionFacebook has agreed to settle an investigation by the Federal TradeCommission into deceptive privacy practices, committing to ceasemaking false claims and to submit to independent audits for 20 years.The FTC said the world’s largest Internet social network had beenrepeatedly deceptive. For example, Facebook promised users that itwould not share personal information with advertisers, but it did, theagency said.Also, the company failed to warn users that it was changing itswebsite in December 2009 so that certain information that usersdesignated as private, such as their “Friends List,” would be madepublic, the FTC said.“Facebook’s innovation does not have to come at the expense ofconsumer privacy,” FTC Chairman Jon Leibowitz said in a statement.
  59. 59. http://venturebeat.com/2011/11/28/facebook-advertising-euFacebook’s businessmodel came under firein the EU
  60. 60. http://venturebeat.com/2011/11/28/facebook-advertising-euFacebook’s businessmodel is under fire inthe EUhttp://www.telegraph.co.uk/technology/facebook/8917836/Facebook-faces-EU-curbs-on-selling-users-interests-to-advertisers.htmlThe EU is considering a ban on Facebook’s practice of sellingdemographic data to marketers and advertisers without specificpermission from users.Now, however, the EC is planning to ban such activity unless usersthemselves specifically agree to it. The EU’s data protection workinggroup is currently investigating how Facebook tracks users, storesdata and uses that information to serve targeted ads.[...] The European Commission is planning to stop the way the website"eavesdrops" on its users to gather information about their politicalopinions, sexuality, religious beliefs – and even their whereabouts.Viviane Reding, the vice president of European Commission, said theDirective would amend current European data protection laws in thelight of technological advances and ensure consistency in howoffending firms are dealt with across the EU.
  61. 61. http://venturebeat.com/2011/11/28/facebook-advertising-euFacebook’s entirebusiness model is underfire in the EUhttp://www.telegraph.co.uk/technology/facebook/8917836/Facebook-faces-EU-curbs-on-selling-users-interests-to-advertisers.htmlThe EU is considering a ban on Facebook’s practice of sellingdemographic data to marketers and advertisers without specificpermission from users.Now, however, the EC is planning to ban such activity unless usersthemselves specifically agree to it. The EU’s data protection workinggroup is currently investigating how Facebook tracks users, storesdata and uses that information to serve targeted ads.[...] The European Commission is planning to stop the way the website"eavesdrops" on its users to gather information about their politicalopinions, sexuality, religious beliefs – and even their whereabouts.Viviane Reding, the vice president of European Commission, said theDirective would amend current European data protection laws in thelight of technological advances and ensure consistency in howoffending firms are dealt with across the EU.
  62. 62. http://www.zdnet.com/facebook-threatened-by-german-consumer-group-over-app-center-privacy-info-7000003309/Facebook threatened byGerman consumergroup over App Centerprivacy info
  63. 63. http://www.zdnet.com/facebook-threatened-by-german-consumer-group-over-app-center-privacy-info-7000003309/Facebook threatened byGerman consumergroup over App Centerprivacy infoThe problem, according to the consumer protection group, is in the"non-exhaustive" information that the App Center shows in small greywriting before the user chooses to click "play game", "send to mobile"or "visit website".[The Verbraucherzentrale Bundesverband] VZBV said on Monday thatFacebook was breaking European data protection law by not explicitlyinviting the user to give their consent.
  64. 64. http://techcrunch.com/2012/08/25/5-design-tricks-facebook-uses-to-affect-your-privacy-decisions/
  65. 65. http://techcrunch.com/2012/08/25/5-design-tricks-facebook-uses-to-affect-your-privacy-decisions/
  66. 66. http://techcrunch.com/2012/08/25/5-design-tricks-facebook-uses-to-affect-your-privacy-decisions/
  67. 67. http://techcrunch.com/2012/08/25/5-design-tricks-facebook-uses-to-affect-your-privacy-decisions/
  68. 68. http://techcrunch.com/2012/08/25/5-design-tricks-facebook-uses-to-affect-your-privacy-decisions/
  69. 69. design choices are intended tomake you part with yourpersonal informationhttp://techcrunch.com/2012/08/25/5-design-tricks-facebook-uses-to-affect-your-privacy-decisions/
  70. 70. http://techcrunch.com/2009/11/05/google-gives-you-a-privacy-dashboard-to-show-just-how-much-it-knows-about-you
  71. 71. http://techcrunch.com/2009/11/05/google-gives-you-a-privacy-dashboard-to-show-just-how-much-it-knows-about-youGoogle gives you a privacy dashboard to show justhow much it knows about you
  72. 72. https://profiles.google.com“Your profile is the way you present yourself onGoogle products and across the web. With yourprofile, you can manage the information thatpeople see - such as your bio, contact details,and links to other sites about you or created byyou.”
  73. 73. http://www.washingtonpost.com/business/technology/google-tracks-consumers-across-products-users-cant-opt-out/2012/01/24/gIQArgJHOQ_story.htmlGoogle changes privacy across all products“Google said [...] it willrequire users to allow thecompany to follow theiractivities across e-mail,search ... and otherservices, a radical shift instrategy that is expectedto invite greater scrutinyof its privacy andcompetitive practices.”
  74. 74. Google’s new policy replacesmore than 60 existingproduct-specific privacydocuments for servicesincluding Gmail, YouTube andGoogle Docs (plus Picassa,Blogger, Google Talk, GoogleEarth, etc.)Google says the unified termswill provide better searchresults and serve up ads thatare more likely to be ofinterest.http://www.scientificamerican.com/article.cfm?id=how-googles-new-privacy-p
  75. 75. http://blogs.smartmoney.com/advice/2012/01/25/who-would-pay-5000-to-use-google-you“...[Google] said it may combine the information users submit under their email accounts withinformation from other Google services or third parties. What people do and share on the socialnetworking site Google+, Gmail and YouTube will be combined to create a more three-dimensionalpicture of consumers’ likes and dislikes, according to reports. Google did not return calls seekingcomment.”
  76. 76. “If Google received a warrant to disclosedocuments, and your business and personal docsare intermingled — that’s a problem,” he said.“Some would like to say, “No, thank you” andkeep their accounts separate.”“Google should make it easy for people to set upand manage separate accounts if they wish to doso,” Kurt Opsahl, senior staff attorney for theElectronic Frontier Foundation.http://www.scientificamerican.com/article.cfm?id=how-googles-new-privacy-p
  77. 77. http://motherjones.com/kevin-drum/2012/01/end-privacy-googlehttp://www.flickr.com/photos/47691521@N07/4638981545The End of Privacy?If Google can change itsprivacy policy today, itcan change it tomorrow.And it will. [...] This iswhats motivating theirpolicy change this week,and someday its likely tomotivate them to sell mypersonal informationafter all.
  78. 78. https://en.wikipedia.org/wiki/All_your_base_are_belong_to_us
  79. 79. Google changes privacy policyacross All products With NoOpt-Out Option
  80. 80. Google changes privacy policyacross All products With NoOpt-Out Option
  81. 81. http://www.ftc.gov/opa/2011/03/google.shtm
  82. 82. On the day Buzz was launched, Gmail users got a message announcing the new service andwere given two options: “Sweet! Check out Buzz,” and “Nah, go to my inbox.” However, the FTCcomplaint alleged that some Gmail users who clicked on “Nah...” were nonetheless enrolled incertain features of the Google Buzz social network.For those Gmail users who clicked on “Sweet!,” the FTC alleges that they were not adequatelyinformed that the identity of individuals they emailed most frequently would be made publicby default. Google also offered a “Turn Off Buzz” option that did not fully remove the user fromthe social network.http://www.ftc.gov/opa/2011/03/google.shtm
  83. 83. On the day Buzz was launched, Gmail users got a message announcing the new service andwere given two options: “Sweet! Check out Buzz,” and “Nah, go to my inbox.” However, the FTCcomplaint alleged that some Gmail users who clicked on “Nah...” were nonetheless enrolled incertain features of the Google Buzz social network.For those Gmail users who clicked on “Sweet!,” the FTC alleges that they were not adequatelyinformed that the identity of individuals they emailed most frequently would be made publicby default. Google also offered a “Turn Off Buzz” option that did not fully remove the user fromthe social network.http://www.ftc.gov/opa/2011/03/google.shtm
  84. 84. In response to the Buzz launch, Google received thousands of complaints from consumers whowere concerned about public disclosure of their email contacts which included, in some cases,ex-spouses, patients, students, employers, or competitors. According to the FTC complaint,Google made certain changes to the Buzz product in response to those complaints.When Google launched Buzz, its privacy policy stated that “When you sign up for a particularservice that requires registration, we ask you to provide personal information. If we use thisinformation in a manner different than the purpose for which it was collected, then we willask for your consent prior to such use.” The FTC complaint charges that Google violated itsprivacy policies by using information provided for Gmail for another purpose - socialnetworking - without obtaining consumers’ permission in advance.http://www.ftc.gov/opa/2011/03/google.shtm
  85. 85. In response to the Buzz launch, Google received thousands of complaints from consumers whowere concerned about public disclosure of their email contacts which included, in some cases,ex-spouses, patients, students, employers, or competitors. According to the FTC complaint,Google made certain changes to the Buzz product in response to those complaints.When Google launched Buzz, its privacy policy stated that “When you sign up for a particularservice that requires registration, we ask you to provide personal information. If we use thisinformation in a manner different than the purpose for which it was collected, then we willask for your consent prior to such use.” The FTC complaint charges that Google violated itsprivacy policies by using information provided for Gmail for another purpose - socialnetworking - without obtaining consumers’ permission in advance.http://www.ftc.gov/opa/2011/03/google.shtm
  86. 86. https://plus.google.com
  87. 87. http://www.zdnet.com/blog/identity/ftc-asked-to-probe-google-search-integration/143
  88. 88. http://www.zdnet.com/blog/identity/ftc-asked-to-probe-google-search-integration/143EPIC says a review should take place given an ongoing FTC investigation of possible antitrustviolations related to the way Google compiles search results, as well as, an April 2011 settlementGoogle made with the FTC regarding deceptive privacy practices.EPIC claims the integration of Google+ and Google search, called Search plus Your World, raisesconcerns over fair competition and the search giant’s adherence to the FTC settlement.EPIC said in its letter to the FTC, “Google’s [search] changes make the personal data of users moreaccessible.”  The letter was signed by Marc Rotenberg, executive director of EPIC.EPIC’s concerns were over personal data -  photos, posts, and contact details - being gathered fromGoogle+ users and included in search results. “Google allows users to opt out of receiving searchresults that include personal data, but users cannot opt out of having their information found bytheir Google+ contacts through Google search,” the letter said.
  89. 89. http://www.zdnet.com/blog/identity/ftc-asked-to-probe-google-search-integration/143EPIC says a review should take place given an ongoing FTC investigation of possible antitrustviolations related to the way Google compiles search results, as well as, an April 2011 settlementGoogle made with the FTC regarding deceptive privacy practices.EPIC claims the integration of Google+ and Google search, called Search plus Your World, raisesconcerns over fair competition and the search giant’s adherence to the FTC settlement.EPIC said in its letter to the FTC, “Google’s [search] changes make the personal data of users moreaccessible.”  The letter was signed by Marc Rotenberg, executive director of EPIC.EPIC’s concerns were over personal data -  photos, posts, and contact details - being gathered fromGoogle+ users and included in search results. “Google allows users to opt out of receiving searchresults that include personal data, but users cannot opt out of having their information found bytheir Google+ contacts through Google search,” the letter said.
  90. 90. http://marketingland.com/faq-google-search-plus-your-world-3533Search Plus is combining personal signals — your search andweb history — along with social signals to create a new form ofpersonalized results. It’s not just who you are that nowinfluences what you see. It’s who you know. What your friendslike, share or create can influence what shows up first when yousearch for something.
  91. 91. http://www.google.com/privacy/adsGoogle may use your Google account information, such as itemsyou +1 on Google properties and across the web, to personalizecontent and ads on non-Google websites.
  92. 92. http://www.macrumors.com/2012/02/17/google-under-fire-for-circumvention-of-cookie-settings-in-safari-for-ios-to-track-usersGoogle Under Fire for Circumvention of CookieSettings in Safari for iOS to Track Users
  93. 93. http://webpolicy.org/2012/02/17/safari-trackersSafari’s cookie blocking feature is unique in two ways: its defaultand its substantive policy.Unlike every other browser vendor, Apple enables 3rd partycookie blocking by default. Every iPhone, iPad, iPod Touch, andMac ships with the privacy feature turned on.Apple’s Safari web browser is configured to block third-partycookies by default. We identified four advertising companiesthat unexpectedly place trackable cookies in Safari. Google andVibrant Media intentionally circumvent Safari’s privacy feature.Media Innovation Group and PointRoll serve scripts that appearto be derived from circumvention example code.
  94. 94. http://webpolicy.org/2012/02/17/safari-trackersSafari’s cookie blocking feature is unique in two ways: its defaultand its substantive policy.Unlike every other browser vendor, Apple enables 3rd partycookie blocking by default. Every iPhone, iPad, iPod Touch, andMac ships with the privacy feature turned on.Apple’s Safari web browser is configured to block third-partycookies by default. We identified four advertising companiesthat unexpectedly place trackable cookies in Safari. Google andVibrant Media intentionally circumvent Safari’s privacy feature.Media Innovation Group and PointRoll serve scripts that appearto be derived from circumvention example code.
  95. 95. Safari’s cookie blocking feature is unique in two ways: its defaultand its substantive policy.Unlike every other browser vendor, Apple enables 3rd partycookie blocking by default. Every iPhone, iPad, iPod Touch, andMac ships with the privacy feature turned on.Apple’s Safari web browser is configured to block third-partycookies by default. We identified four advertising companiesthat unexpectedly place trackable cookies in Safari. Google andVibrant Media intentionally circumvent Safari’s privacy feature.Media Innovation Group and PointRoll serve scripts that appearto be derived from circumvention example code.http://webpolicy.org/2012/02/17/safari-trackershttp://www.macrumors.com/2012/02/17/google-under-fire-for-circumvention-of-cookie-settings-in-safari-for-ios-to-track-users
  96. 96. http://webpolicy.org/2012/02/17/safari-trackershttp://www.macrumors.com/2012/02/17/google-under-fire-for-circumvention-of-cookie-settings-in-safari-for-ios-to-track-users+• Google used a loophole to make Safari allowcookies (which it will only do IF a user interactswith an ad)• an ad from DoubleClick (owned by Google) sentan invisible form, so Safari would think the userwas interacting with the ad• thus, cookie accepted, tracking occurred• Google discouraged Safari users to opt-out+
  97. 97. https://www.competitionpolicyinternational.com/google-to-settle-safari-suit-for-22-5-million/Google settles Safari suit for $22.5 million
  98. 98. Google Publicized User’s privatedata and also worked aroundBrowser security settings
  99. 99. https://www.google.com/transparencyreport/governmentrequests/US/?p=2011-06&t=USER_DATA_REQUESTLastly, Google produces a laudable transparency report, but...“Google complies with 93 percent of the 6,000 requests it receives for user data fromlaw enforcement agencies is very different from the approach news organizationswould take to handing over sources.”
  100. 100. http://allthingsd.com/20130611/google-wants-permission-to-disclose-how-many-national-security-requests-it-gets/Text
  101. 101. http://allthingsd.com/20130611/google-wants-permission-to-disclose-how-many-national-security-requests-it-gets/Text“We therefore ask you to help make it possible for Google to publish in our Transparency Reportaggregate numbers of national security requests, including FISA disclosures—in terms of both thenumber we receive and their scope. Google’s numbers would clearly show that our compliancewith these requests falls far short of the claims being made. Google has nothing to hide”Google Wants Permission to Disclose How Many National SecurityRequests It Gets
  102. 102. Google challenges U.S. gag order, citing First Amendmenthttp://www.washingtonpost.com/business/technology/google-challenges-us-gag-order-citing-first-amendment/2013/06/18/96835c72-d832-11e2-a9f2-42ee3912ae0e_story.htmlText“Google asked the secretive Foreign Intelligence Surveillance Court on Tuesday to ease long-standing gag orders over data requests the court makes, arguing that the company has aconstitutional right to speak about information it is forced to give the government. [...] A high-profile legal showdown might help Google’s efforts to portray itself as aggressively resistinggovernment surveillance, and a victory could bolster the company’s campaign to portraygovernment surveillance requests as targeted narrowly and affecting only a small number ofusers”
  103. 103. “...all these concerns about privacytend to be old people issues.” ReidHoffman, the founder of LinkedIn, ina segment during last year’s WorldEconomic Forum at Davos,Switzerlandhttp://www.businessinsider.com/privacy-is-for-old-people-says-linkedin-founder-2011-10
  104. 104. http://www.businessinsider.com/privacy-is-for-old-people-says-linkedin-founder-2011-10
  105. 105. http://fak3r.com/2011/10/12/linkedin-is-spamming-all-of-my-gmail-contacts
  106. 106. http://fak3r.com/2011/10/12/linkedin-is-spamming-all-of-my-gmail-contacts• people I didn’t know well personally• people that I work with from other countriesthat aren’t on LinkedIn• technical mailing lists that I subscribe to• myself, four times• and in one case, a deceased relative
  107. 107. http://fak3r.com/2011/10/12/linkedin-is-spamming-all-of-my-gmail-contacts
  108. 108. http://fak3r.com/2011/10/12/linkedin-is-spamming-all-of-my-gmail-contacts• so yes, I did opt-in• but they didn’t use the data in the manner Iapproved• plus support didn’t provide any help
  109. 109. ...and let’s not forgetabout file sharing
  110. 110. http://www.dropbox.com
  111. 111. http://paranoia.dubfire.net/2011/04/how-dropbox-sacrifices-user-privacy-for.htmlHow Dropbox sacrifices user privacy for costsavings• claimed no Dropbox personal could access your files• but the way they do de-duplication of files proved thiswasn’t true• Dropbox has the encryption keys, not the user• other services do encrypt their users data with a keyonly known to the user
  112. 112. http://paranoia.dubfire.net/2011/04/how-dropbox-sacrifices-user-privacy-for.htmlHow Dropbox sacrifices user privacy for costsavingsOn April 1, 2011, Marcia Hofmann at theElectronic Frontier Foundation contactedDropbox to let them know about the flaw, andthat a researcher would be publishing theinformation on April 12th.At 6:15PM west coast time on April 11th, anattorney from Fenwick & West retained byDropbox left Marcia a voicemail message, inwhich he reveled that: "the company is updatingtheir privacy policy and security overview thatis on the website to add further detail."
  113. 113. http://www.dropbox.comDropbox Privacy Policy change“All files stored on Dropbox servers areencrypted (AES 256) and are inaccessiblewithout your account password.”
  114. 114. http://www.dropbox.comDropbox Privacy Policy change“All files stored on Dropbox servers areencrypted (AES 256) and are inaccessiblewithout your account password.”
  115. 115. http://getcloudapp.com
  116. 116. http://getcloudapp.com“CloudApp allows you to share images, links, music, videos andfiles. Here is how it works: choose a file, drag it to the menubarand let us take care of the rest. We provide you with a short linkautomatically copied to your clipboard that you can use to shareyour upload with co-workers and friends.”
  117. 117. http://getcloudapp.comUnfortunately the weak entropy of charactersused for their shortened URLs leads to (very) lowprivacy
  118. 118. http://getcloudapp.com/[0-9][a-zA-Z][a-zA-Z0-9][a-zA-Z]
  119. 119. http://cl.ly/2a3ehttp://getcloudapp.com
  120. 120. http://getcloudapp.comhttp://cl.ly/2a3e
  121. 121. http://cl.ly/3l1khttp://getcloudapp.com
  122. 122. http://getcloudapp.comhttp://cl.ly/3l1k
  123. 123. http://cl.ly/4g8dhttp://getcloudapp.com
  124. 124. http://getcloudapp.comhttp://cl.ly/4ety
  125. 125. http://cl.ly/4etyhttp://getcloudapp.com
  126. 126. http://getcloudapp.comhttp://cl.ly/4g8d
  127. 127. http://getcloudapp.comThis is fun...until you find personal documents
  128. 128. http://getcloudapp.comI wrote a script that can randomly downloadgigabytes of users’ data, by guessing, or “bruteforcing” different URL combinations
  129. 129. http://getcloudapp.com• plenty of pictures, mp3s, graphics• credit card receipts, court documents, W9forms, personal emails, Facebook posts,instant messages, passport scans• ...and everything was unencrypted
  130. 130. http://getcloudapp.comPeople don’t know they’re sharing this data.Responsible Disclosure: I reported my findings toCloudApp, they said they have a notice on theirsite that it may not be secure... but they still allowthis kind of convenient ‘sharing’
  131. 131. http://getcloudapp.comI have released the script to demonstrate thisvulnerability.https://github.com/philcryer/ca-harvester
  132. 132. Companies are not going to lookout for, or protect, your data
  133. 133. How else could all of thissocial media data be used?
  134. 134. To fight crime
  135. 135. http://www.forbes.com/sites/kashmirhill/2012/01/17/facebook-unmasks-koobface-gang-aided-by-their-foursquare-check-ins-and-social-networking-photosFacebook Unmasks Koobface Gang (P2P botnets)Aided By Their Foursquare Check-ins And SocialNetworking Photos
  136. 136. http://www.forbes.com/sites/kashmirhill/2012/01/17/facebook-unmasks-koobface-gang-aided-by-their-foursquare-check-ins-and-social-networking-photos“...security researchers and members of the Facebook securityteam tracked digital breadcrumbs to expose the five menresponsible for Koobface [...] they tracked them down basedon IP fingerprints, Foursquare check-ins, Twitter activity,friend lists on a Russian social networking site, Flickr photosshowing the gang vacationing across Europe.”Facebook Unmasks Koobface Gang (P2P botnets)Aided By Their Foursquare Check-ins And SocialNetworking Photos
  137. 137. For good, humanitarianpurposes
  138. 138. http://chronicle.com/blogs/percolator/twitter-tracks-cholera-outbreaks-faster-than-health-authorities/28205Twitter Tracks Cholera OutbreaksFaster Than Health AuthoritiesNow researchers have shown that, forthe 2010 cholera epidemic in Haiti,social media like Twitter can trackoutbreaks as much as two weekssooner than official health reports,especially when used by people withmobile phones.
  139. 139. For nefarious purposes
  140. 140. https://xkcd.comhttp://sylviamoessinger.wordpress.com/2011/05/04/h807-online-privacy-an-illusion-a10-1
  141. 141. http://www.spokeo.comSpokeo is a people search engine“...organizes vast quantities of white-pages listings, social information, and otherpeople-related data from a large variety of public sources. Our mission is to helppeople find and connect with others, more easily than ever”
  142. 142. http://www.spokeo.com“Not just Name, Age, Sex, but they also include Race, Politics, Religion, Cost of yourhome, Occupation, Education level, Salary, Hobbies... even your Zodaic sign” (?)Spokeo is a people search engine
  143. 143. http://cheezburger.com
  144. 144. Understand why privacymatters
  145. 145. https://spideroak.comhttp://zeroknowledgeprivacy.org/library/why-privacy-matters/
  146. 146. Communication Security; Riseups primer onsurveillance and security. Why security mattershttps://help.riseup.net/en/security• Because network surveillance is so pervasive, it is a socialproblem that affects everyone all the time. In contrast, deviceand message security are important for people who are beingindividually targeted by repressive authorities.• Improving your network security is fairly easy, in comparisonto device or message security.
  147. 147. The Right to Anonymity is a Matter of Privacyhttps://www.eff.org/deeplinks/2012/01/right-anonymity-matter-privacy• Privacy from employers• Privacy from the political scene• Privacy from the public eye• Achieving anonymity online is a right
  148. 148. http://www.thefilterbubble.comThe Filter Bubble"Internet firms increasinglyshow us less of the wide world,locating us in the neighborhoodof the familiar. The risk, as EliPariser shows, is that each of usmay unwittingly come to inhabita ghetto of one."http://bit.ly/filter-bubble
  149. 149. http://www.wired.com/opinion/2013/06/why-i-have-nothing-to-hide-is-the-wrong-way-to-think-about-surveillance/“If everyone’s every action were being monitored,and everyone technically violates some obscurelaw at some time, then punishment becomes purelyselective. Those in power will essentially have whatthey need to punish anyone they’d like, wheneverthey choose, as if there were no rules at all.We’re not dealing with a balanceof forces looking for the perfectcompromise between security andprivacy, but an enormous steamroller”Why ‘I Have Nothing to Hide’ Is the Wrong Way to Think AboutSurveillance
  150. 150. Understand that privatebrowsing isn’t private
  151. 151. http://donottrackplus.com/learn/pbrowsing.php
  152. 152. Know what you are sharing
  153. 153. Do Not Track Plushttps://www.ghostery.comhttp://donottrack.ushttp://donottrackplus.comBlock trackers before they get your information– social sites, ad networks, companies,(governments?)
  154. 154. https://addons.mozilla.org/en-US/firefox/addon/flashblockBlocks ads, flash and javascript trackershttp://adblockplus.orghttp://noscript.net
  155. 155. Opt-out of sharing
  156. 156. Via browser pluginshttp://google.com/settings/ads/onweb
  157. 157. http://www.google.com/ads/preferences/plugin/browsers.htmlOr opt-out manuallyhttp://bit.ly/optout
  158. 158. Remove Your Google SearchHistory
  159. 159. https://www.eff.org/deeplinks/2012/02/how-remove-your-google-search-history-googles-new-privacy-policy-takes-effect1 Sign into your Google account
  160. 160. https://www.eff.org/deeplinks/2012/02/how-remove-your-google-search-history-googles-new-privacy-policy-takes-effect2 Go to https://google.com/history
  161. 161. https://www.eff.org/deeplinks/2012/02/how-remove-your-google-search-history-googles-new-privacy-policy-takes-effect3 Click "remove all Web History"
  162. 162. https://www.eff.org/deeplinks/2012/02/how-remove-your-google-search-history-googles-new-privacy-policy-takes-effect4 Click "OK"
  163. 163. https://www.eff.org/deeplinks/2012/02/how-remove-your-google-search-history-googles-new-privacy-policy-takes-effectThis pauses web history, and it will remain offuntil you enable it again, but this won’t stopGoogle’s other tracking methods
  164. 164. https://www.eff.org/deeplinks/2012/02/how-remove-your-google-search-history-googles-new-privacy-policy-takes-effectOops, my history was saved back a few years :)
  165. 165. Don’t share Too Much
  166. 166. http://www.npr.org/blogs/thetwo-way/2013/06/17/192646711/cringe-miss-utah-fumbles-on-income-inequality-question?utm_source=npr&utm_medium=facebook&utm_campaign=20130617http://www.npr.org/blogs/thetwo-way/2013/06/17/192646711/cringe-miss-utah-fumbles-on-income-inequality-question?utm_source=npr&utm_medium=facebook&utm_campaign=20130617
  167. 167. http://www.theonion.com/video/nation-demands-new-photograph-of-edward-snowden,32831/?utm_source=Facebook&utm_medium=SocialMarketing&utm_campaign=standard-post:other:default?utm_source=Facebook&utm_medium=SocialMarketing&utm_campaign=standard-post:other:defaulthttp://www.theonion.com/video/nation-demands-new-photograph-of-edward-snowden,32831/
  168. 168. http://www.politico.com/story/2013/06/nsa-keith-alexander-cyber-shield-92880.html#.Ub9NiDLHxwA.twitter#.Ub9NiDLHxwA.twitterhttp://www.politico.com/story/2013/06/nsa-keith-alexander-cyber-shield-92880.html
  169. 169. Browse securely
  170. 170. http://alexmillers.wordpress.com/2011/05/11/https-is-your-friendHTTPS is your friend
  171. 171. HTTPS for the entiresession. Why?
  172. 172. Session hijacking akasidejackinghttps://en.wikipedia.org/wiki/Session_hijacking
  173. 173. You login with https butthen drops you to httphttps://en.wikipedia.org/wiki/Session_hijacking
  174. 174. http://codebutler.com/firesheepFiresheep
  175. 175. “HTTPS Everywhere is an extension for Firefox and GoogleChrome, created by EFF and the Tor Project. It automaticallyswitches thousands of sites from insecure "http" to secure"https". It will protect you against many forms ofsurveillance and account hijacking, and *some* forms ofcensorship”https://www.eff.org/https-everywhere
  176. 176. Encrypt your DNS queries
  177. 177. http://dnscrypt.org/“A tool for securing communicationsbetween a client and a DNS resolver[...] significant because it encrypts allDNS traffic between Internet usersand OpenDNS*. This [...] thwartsefforts by attackers, MiTM, or evenInternet Service Providers (ISPs),from spying on DNS activity, orworse, maliciously redirecting DNStraffic“* can be used with any DNS provider, not just OpenDNSDNSCrypt
  178. 178. Use Better passwords
  179. 179. Use more passwords
  180. 180. http://www.slashgear.com/slashgear-101-basic-password-security-16209438SlashGear 101: BasicPassword Security“The simplest way to keep yourself secure on the internet is touse different passwords on each ‘secure’ site you interact with.”
  181. 181. http://money.cnn.com/2012/01/16/technology/zappos_hack/index.htmZappos hacked, 24million accounts
  182. 182. http://money.cnn.com/2012/01/16/technology/zappos_hack/index.htmZappos users here are the subject matter simply because it’s themost recent attack, but it’s true for whatever set of services youuse on the daily. If you’ve got an eBay account, an account foryour online bank account, and an account for Zappos, youneed, need, NEED to have a different password for each ofthem. What you do when you keep the same password for eachof these sites is to open yourself up to a MUCH wider array ofhackers than if you change your password for each.Zappos hacked, 24million accounts
  183. 183. Forget your passwords
  184. 184. NOT
  185. 185. Did You Forget Your Password?
  186. 186. http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/Mat Honan
  187. 187. http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/“In the space of one hour, my entire digitallife was destroyed. First my Google accountwas taken over, then deleted. Next myTwitter account was compromised, and usedas a platform to broadcast racist andhomophobic messages. And worst of all, myAppleID account was broken into, and myhackers used it to remotely erase all of thedata on my iPhone, iPad, and MacBook.”
  188. 188. http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/“In the space of one hour, my entire digitallife was destroyed. First my Google accountwas taken over, then deleted. Next myTwitter account was compromised, and usedas a platform to broadcast racist andhomophobic messages. And worst of all, myAppleID account was broken into, and myhackers used it to remotely erase all of thedata on my iPhone, iPad, and MacBook.”
  189. 189. Forget your passwords
  190. 190. https://lastpass.com
  191. 191. https://lastpass.com
  192. 192. 9Z!de*NM2y7%yZwtwZx7CC@utHyVD@5KcP$arcQTkt2Fhntu#8cET!pDqDXq9HcV
  193. 193. Not a perfect method, trusting a 3rdparty9Z!de*NM2y7%yZwtwZx7CC@utHyVD@5KcP$arcQTkt2Fhntu#8cET!pDqDXq9HcV
  194. 194. 9Z!de*NM2y7%yZwtwZx7CC@utHyVD@5KcP$arcQTkt2Fhntu#8cET!pDqDXq9HcVWorks, but looking for a more secure wayNot a perfect method, trusting a 3rdparty
  195. 195. 9Z!de*NM2y7%yZwtwZx7CC@utHyVD@5KcP$arcQTkt2Fhntu#8cET!pDqDXq9HcVWorks, but looking for a more secure wayNot a perfect method, trusting a 3rdpartyIdeally an Open Source option
  196. 196. Search more securely
  197. 197. Take a deep breath. Youre safe here.Click here to learn how Ixquick protects you fromgovernment surveillance.https://ixquick.de/
  198. 198. Take a deep breath. Youre safe here.Click here to learn how Ixquick protects you fromgovernment surveillance.https://ixquick.de/
  199. 199. https://duckduckgo.comSearch anonymously.  Find instantly.
  200. 200. https://duckduckgo.comSearch anonymously.  Find instantly.
  201. 201. https://duckduckgo.comSearch anonymously.  Find instantly.
  202. 202. TheAnonymousInternet:PrivacyToolsGrowinPopularityFollowingNSARevelationshttp://business.time.com/2013/06/20/the-anonymous-internet-privacy-tools-grow-in-popularity-following-nsa-revelations/
  203. 203. TheAnonymousInternet:PrivacyToolsGrowinPopularityFollowingNSARevelationshttp://business.time.com/2013/06/20/the-anonymous-internet-privacy-tools-grow-in-popularity-following-nsa-revelations/“[DuckDuckGo] ...search queries almost double since June 6, when Google wasidentified as one of nine companies that are part of Prism, a secret data-gatheringprogram the government uses to target foreign threats. Its 3 million daily directsearches is still a drop in the bucket compared to the billions Google executes everyday, but CEO Gabriel Weinberg says the site’s privacy features are steadilyattracting more users. [...] “That aspect of our site has been more attractive to agrowing portion of users,” Weinberg says “It was pretty creepy when you thinkabout how much the search engine actually knows about you because it’s arguablythe most personal set of data that you share on the Internet.”
  204. 204. TheAnonymousInternet:PrivacyToolsGrowinPopularityFollowingNSARevelationshttp://business.time.com/2013/06/20/the-anonymous-internet-privacy-tools-grow-in-popularity-following-nsa-revelations/“Kobeissi points out that even if these tools help with anonymisation, they can’tcompletely deter dedicated government surveillance. “The real solution is not justtelling people to depend on these tools. The real solution is to get an honest politicaldiscussion going on to limit or get rid of these surveillance tactics.”
  205. 205. “A peer to peer (P2P), distributed, anonymous search engineanyone can run and contribute to”"[...] we cannot rely on a few large companies, and compromise our privacy in the process,"says Michael Christen, YaCys project leader. "YaCys free search is the vital link betweenfree users and free information. YaCy hands control over search back to us, the users."http://yacy.nethttp://www.theregister.co.uk/2011/11/29/yacy_google_open_source_engine
  206. 206. Pay Differently
  207. 207. http://bitcoin.org
  208. 208. • a P2P digital currency• a protocol and software that enables instant peer-to-peer transactions and worldwide payments• it is open source under the MIT licensehttps://bitcoin.org/http://business.time.com/2013/06/20/the-anonymous-internet-privacy-tools-grow-in-popularity-following-nsa-revelations/
  209. 209. • a P2P digital currency• a protocol and software that enables instant peer-to-peer transactions and worldwide payments• it is open source under the MIT license• has burst into the mainstream consciousness this year• now being accepted everywhere from New York bars todating website OKCupidhttps://bitcoin.org/http://business.time.com/2013/06/20/the-anonymous-internet-privacy-tools-grow-in-popularity-following-nsa-revelations/
  210. 210. • a P2P digital currency• a protocol and software that enables instant peer-to-peer transactions and worldwide payments• it is open source under the MIT license• has burst into the mainstream consciousness this year• now being accepted everywhere from New York bars todating website OKCupidBuyer beware though:Bitcoin values areextremely volatilehttps://bitcoin.org/http://business.time.com/2013/06/20/the-anonymous-internet-privacy-tools-grow-in-popularity-following-nsa-revelations/
  211. 211. • a P2P digital currency• a protocol and software that enables instant peer-to-peer transactions and worldwide payments• it is open source under the MIT license• has burst into the mainstream consciousness this year• now being accepted everywhere from New York bars todating website OKCupidBuyer beware though:Bitcoin values areextremely volatilehttps://bitcoin.org/http://business.time.com/2013/06/20/the-anonymous-internet-privacy-tools-grow-in-popularity-following-nsa-revelations/
  212. 212. • a P2P digital currency• a protocol and software that enables instant peer-to-peer transactions and worldwide payments• it is open source under the MIT license• has burst into the mainstream consciousness this year• now being accepted everywhere from New York bars todating website OKCupidBuyer beware though:Bitcoin values areextremely volatilehttps://bitcoin.org/http://business.time.com/2013/06/20/the-anonymous-internet-privacy-tools-grow-in-popularity-following-nsa-revelations/
  213. 213. • a P2P digital currency• a protocol and software that enables instant peer-to-peer transactions and worldwide payments• it is open source under the MIT license• has burst into the mainstream consciousness this year• now being accepted everywhere from New York bars todating website OKCupidBuyer beware though:Bitcoin values areextremely volatilehttps://bitcoin.org/http://business.time.com/2013/06/20/the-anonymous-internet-privacy-tools-grow-in-popularity-following-nsa-revelations/
  214. 214. Share more securely
  215. 215. https://spideroak.com/
  216. 216. Provides similar functionality to DropBox and Google Drive...BUT is a “zero-knowledge” client, meaning the company can’t seethe content of user files, which are automatically encryptedTaking your data into your own hands has its pros/cons:SpiderOak can’t retrieve your password for you if you forget ithttps://spideroak.com/http://business.time.com/2013/06/20/the-anonymous-internet-privacy-tools-grow-in-popularity-following-nsa-revelations/
  217. 217. https://spideroak.com/http://business.time.com/2013/06/20/the-anonymous-internet-privacy-tools-grow-in-popularity-following-nsa-revelations/Provides similar functionality to DropBox and Google Drive...BUT is a “zero-knowledge” client, meaning the company can’t seethe content of user files, which are automatically encryptedTaking your data into your own hands has its pros/cons:SpiderOak can’t retrieve your password for you if you forget it
  218. 218. https://spideroak.com/http://business.time.com/2013/06/20/the-anonymous-internet-privacy-tools-grow-in-popularity-following-nsa-revelations/Provides similar functionality to DropBox and Google Drive...BUT is a “zero-knowledge” client, meaning the company can’t seethe content of user files, which are automatically encryptedTaking your data into your own hands has its pros/cons:SpiderOak can’t retrieve your password for you if you forget it
  219. 219. Use open source tools toprotect yourself
  220. 220. https://torproject.org
  221. 221. https://torproject.orgOriginally called The Onion Router, and started out as a US Naval projectProtects you by bouncing your communications around a distributed network ofrelays run by volunteers all around the worldPrevents somebody watching your Internet connection from learning what sitesyou visit, and it prevents the sites you visit from learning your physical locationAllows users to surf the Internet (...almost...) anonymously by making IPaddresses difficult to traceDownloads increase between 20% and 30% following the NSA newsIt has been downloaded 36 million times in the past year and has more than halfa million daily users
  222. 222. https://torproject.orgOriginally called The Onion Router, and started out as a US Naval projectProtects you by bouncing your communications around a distributed network ofrelays run by volunteers all around the worldPrevents somebody watching your Internet connection from learning what sitesyou visit, and it prevents the sites you visit from learning your physical locationAllows users to surf the Internet (...almost...) anonymously by making IPaddresses difficult to traceDownloads increase between 20% and 30% following the NSA newsIt has been downloaded 36 million times in the past year and has more than halfa million daily users
  223. 223. https://torproject.orgOriginally called The Onion Router, and started out as a US Naval projectProtects you by bouncing your communications around a distributed network ofrelays run by volunteers all around the worldPrevents somebody watching your Internet connection from learning what sitesyou visit, and it prevents the sites you visit from learning your physical locationAllows users to surf the Internet (...almost...) anonymously by making IPaddresses difficult to traceDownloads increase between 20% and 30% following the NSA newsIt has been downloaded 36 million times in the past year and has more than halfa million daily users
  224. 224. https://torproject.orgOriginally called The Onion Router, and started out as a US Naval projectProtects you by bouncing your communications around a distributed network ofrelays run by volunteers all around the worldPrevents somebody watching your Internet connection from learning what sitesyou visit, and it prevents the sites you visit from learning your physical locationAllows users to surf the Internet (...almost...) anonymously by making IPaddresses difficult to traceDownloads increase between 20% and 30% following the NSA newsIt has been downloaded 36 million times in the past year and has more than halfa million daily users
  225. 225. https://www.torproject.org/projects/torbrowser.html.enThe Tor BrowserBundle lets you useTor on Windows, MacOS X or Linux withoutinstalling anysoftware.
  226. 226. https://torproject.orgInstall Tor on a serverto contribute to thenetwork’s robustness,and connect yourself
  227. 227. https://cloud.torproject.org• a user-friendly way of deploying Tor bridges to helpusers access an uncensored Internet• runs on a Amazon EC2 micro cloud computingplatform• Amazon has introduced a free usage tier for a year
  228. 228. http://fak3r.com/2012/08/11/howto-run-a-tor-node-in-the-cloud-for-free/fak3r.com post: HOWTO run a tor node in the cloud for free
  229. 229. Don’t forget about Mobilecommunications (the NSA isn’t)
  230. 230. https://guardianproject.info/apps/orbot/Orbot“The official version of the Tor onion routing service forAndroid. Orbot is a free proxy app that empowers otherapps to use [...] Tor to encrypt your Internet traffic and thenhides it by bouncing through a series of computers aroundthe world. Any installed app can use Tor if it has a proxyfeature”
  231. 231. “True anonymity on the mobile Web just came a few stepscloser for tens of millions more smartphone users.he firstofficial implementation of Tor for iPhone and iPad. Tortriple-encrypts data and then routes it through threedifferent computers around the world, each one removingonly one layer of encryption.”https://itunes.apple.com/us/app/covert-browser/id477438328?mt=8Covert BrowserCovertBrowser
  232. 232. “Whipsersystems - Secure your communication with our mobileapplications. Its that simple. Encrypted Communication AndStorage [...] easy to use tools for secure mobile communicationand secure mobile storage. Open Source Software”https://whispersystems.org/
  233. 233. “Free, secure, unlimited messaging with your friends overFacebook Chat, Google Chat & Jabber Works with Android,iPhone, Mac, Linux or PC. [...] iPhone with ChatSecure, Macwith Adium, Linux with Jitsi, Windows with Pidgin”https://guardianproject.info/apps/gibber/Gibberbot
  234. 234. https://crypto.cat/Crytocat
  235. 235. https://crypto.cat/CrytocatEncrypted IM can be easy and accessibleCryptocat is an open source experimentWorks right in your browserGoal is to provide the easiest, most accessible way to chat while maintaining your privacy onlineIts useful for everyoneFriends use Cryptocat to talk without revealing messages to a third partyActivists use Cryptocat to keep private matters privateJournalists use Cryptocat to keep their stories and research confidentialCryptocat is not a magic bullet. You should never trust any pieceof software with your life, and Cryptocat is no exception
  236. 236. https://crypto.cat/CrytocatEncrypted IM can be easy and accessibleCryptocat is an open source experimentWorks right in your browserGoal is to provide the easiest, most accessible way to chat while maintaining your privacy onlineIts useful for everyoneFriends use Cryptocat to talk without revealing messages to a third partyActivists use Cryptocat to keep private matters privateJournalists use Cryptocat to keep their stories and research confidentialCryptocat is not a magic bullet. You should never trust any pieceof software with your life, and Cryptocat is no exception
  237. 237. https://crypto.cat/CrytocatEncrypted IM can be easy and accessibleCryptocat is an open source experimentWorks right in your browserGoal is to provide the easiest, most accessible way to chat while maintaining your privacy onlineIts useful for everyoneFriends use Cryptocat to talk without revealing messages to a third partyActivists use Cryptocat to keep private matters privateJournalists use Cryptocat to keep their stories and research confidentialCryptocat is not a magic bullet. You should never trust any pieceof software with your life, and Cryptocat is no exception
  238. 238. https://crypto.cat/CrytocatEncrypted IM can be easy and accessibleCryptocat is an open source experimentWorks right in your browserGoal is to provide the easiest, most accessible way to chat while maintaining your privacy onlineIts useful for everyoneFriends use Cryptocat to talk without revealing messages to a third partyActivists use Cryptocat to keep private matters privateJournalists use Cryptocat to keep their stories and research confidentialCryptocat is not a magic bullet. You should never trust any pieceof software with your life, and Cryptocat is no exception
  239. 239. DIY, run your own services,instead of using others
  240. 240. http://drupal.orghttp://wordpress.orghttp://joomla.org
  241. 241. http://octopress.com
  242. 242. http://octopress.com
  243. 243. http://octopress.com
  244. 244. http://octopress.com
  245. 245. http://jekyllrb.com
  246. 246. http://github.com
  247. 247. Open source, Jabber/XMPP instant messaging server, offers Off-the-Record (OTR) Messaging, more secure, SSL for encryptedcommunications, note that Google uses this same service forGoogle Talkhttp://www.ejabberd.im
  248. 248. http://identi.caOpen source microblogging software (think Twitter),run your own host, keep your own information, and itpowers Identi.cahttp://status.net/open-source
  249. 249. An open, distributed, federated, social network, mirrorsfunctionality of Facebook, Google+, signup on an officialserver, or host your own and have full control over whatyou sharehttps://joindiaspora.com
  250. 250. A lightweight command line service that securelysynchronizes your data http://lipsync.info
  251. 251. “...javascript based authentication, uses remoteStorage, across-origin data storage protocol separating applicationservers from data storage, your stuff on remote servers, butyou still hold the keys“
  252. 252. Get involved and demand change
  253. 253. Focusing public attention on emerging privacy and civil liberties issuesProtecting Civil Liberties in the Digital Age
  254. 254. In conclusion...
  255. 255. Question How companies save, store and useyour personal data
  256. 256. Question How companies save, store and useyour personal dataLearn about online privacy and know your rights!
  257. 257. Question How companies save, store and useyour personal dataLearn about online privacy and know your rights!Share what you discover, educate others viablogs, social networks, or just talk about it
  258. 258. Question How companies save, store and useyour personal dataLearn about online privacy and know your rights!Share what you discover, educate others viablogs, social networks, or just talk about itExplore Run your own server, use open sourcetools to protect yourself while helping others, it’s fuN!
  259. 259. ContactSlidesFollowphilcryer.combit.ly/pc-slides@Fak3r
  260. 260. St louis Linux Users GroupContactSlidesFollowThanksSBS CreatixEffphilcryer.combit.ly/pc-slides@Fak3r

×