0
Online privacyin the year ofthe dragonPhil CryerMember - Electronic Frontier FoundationTechnical Architect - Spry Digital ...
$ whoami secureworld expo   Saint Louis, MO - September 11-12, 2012
$ whoamiblog / fak3r.com$ cat twitter.txt@fak3r$ cat bio.txtprivacy advocatesecurity researcheropen source technologist se...
“With social media,users’ vanity hastrumped previously heldmores concerningprivacy”                  me, 2011
http://urania-josegalisifilho.blogspot.com/2012/06/interview-with-willian-gibson-by-larry.html
People’s data on socialnetworks becomespermanently shared.
So what will companiesdo to monetize all ofthis data they collect?
Use it to better targetyou with ads, ofcourse.
To you, your socialprofile...
=
Data
Your data
But to the social mediacompanies...
Your data
=
https://christian3200.files.wordpress.com/2011/04/moneyyyyy.jpg
http://cheezburger.com/View/2362193664
So, how much shouldpeople worry aboutthe loss of onlineprivacy?      http://online.wsj.com/article/SB100014240529702041907...
Danah Boyd “People want to share. But thatsdifferent than saying that people want to beexposed by others.”               P...
Chris Soghoian “...we now regularly trade ourmost private information for access tosocial-networking sites and free conten...
Whose Life Is It Anyway? Consumers are learningtheir data is currency                   http://www.adweek.com/news/adverti...
Whose Life Is It Anyway? Consumers are learningtheir data is currencyEach year, companies in the U.S. spendmore than $2 bi...
Could your privacy bebought from you?
Could your privacy be bought from you?Google [...] wants “panelists” for a program calledScreenwise who will add a browser...
Could your privacy be bought from you?What’s in it for you? Up to $25 in gift cards. [..] a$5 Amazon.com Gift Card code in...
$25 USD per yearhttp://www.forbes.com/sites/kashmirhill/2012/02/09/your-online-privacy-is-worth-less-than-a-six-pack-of-ma...
“New research finds people fork over $5,000worth of personal information a year toGoogle in exchange for access to its “fr...
“If you’re not paying forthe product, you are theproduct.”
•   955 million active users•   More than 57% login daily (552 million)•   Average user has 130 friends•   543 million use...
•   More than 70 languages available on the site•   Over 300,000 users helped translate the site    through the translatio...
http://graph.facebook.com/4
$ curl -s http://graph.facebook.com/4 | python -mjson.tool{    "first_name": "Mark",    "gender": "male",    "id": "4",   ...
Mark Zuckerberg starts Facebook at 19 while still atHarvard, but early messages don’t show a stronginterest in privacy...
An early instant message session with a friend...Zuck: Yeah so if you ever need info about anyone at HarvardZuck: Just ask...
Privacy no longer a social norm, says Facebookfounder“People have really gottencomfortable not onlysharing           morei...
Facebook Privacy: A bewildering Tangle ofOptions“To manage your privacy on Facebook, you will need tonavigate through 50 s...
https://www.nytimes.com/interactive/2010/05/12/business/facebook-privacy.html
https://www.nytimes.com/interactive/2010/05/12/business/facebook-privacy.html
http://facebook.com
Chris Soghoian “Facebook’s covert surveillanceof your browsing activities on non-Facebook websites...”               Altho...
Facebook has cut a deal with political website Politico that allows theindependent site machine-access to Facebook users m...
Facebook has cut a deal with political website Politico that allows theindependent site machine-access to Facebook users m...
Facebook has cut a deal with political website Politico that allows theindependent site machine-access to Facebook users m...
https://www.facebook.com/about/ads
Exclusive: Leaked Details of How Facebook Plans        To Sell Your Timeline to AdvertisersWhat most users don’t know is t...
Exclusive: Leaked Details of How Facebook Plans        To Sell Your Timeline to AdvertisersWhat most users don’t know is t...
Exclusive: Leaked Details of How Facebook Plans        To Sell Your Timeline to AdvertisersWhat most users don’t know is t...
Timeline is “mandatory”for every Facebook user
Timeline is “mandatory”for every Facebook user with no opt-out option
Facebook settles privacycase with the FederalTrade Commission         http://business.financialpost.com/2011/11/29/facebook...
Facebook has agreed to settle an investigation by the Federal Trade   Commission into deceptive privacy practices, committ...
Facebook has agreed to settle an investigation by the Federal Trade   Commission into deceptive privacy practices, committ...
Facebook’s entirebusiness model is underfire in the EU             http://venturebeat.com/2011/11/28/facebook-advertising-eu
The EU is considering a ban on Facebook’s practice of selling              demographic data to marketers and advertisers w...
The EU is considering a ban on Facebook’s practice of selling              demographic data to marketers and advertisers w...
Facebook threatened byGerman consumergroup over App Centerprivacy info  http://www.zdnet.com/facebook-threatened-by-german...
http://techcrunch.com/2012/08/25/5-design-tricks-facebook-uses-to-affect-your-privacy-decisions/
http://techcrunch.com/2012/08/25/5-design-tricks-facebook-uses-to-affect-your-privacy-decisions/
http://techcrunch.com/2012/08/25/5-design-tricks-facebook-uses-to-affect-your-privacy-decisions/
http://techcrunch.com/2012/08/25/5-design-tricks-facebook-uses-to-affect-your-privacy-decisions/
http://techcrunch.com/2012/08/25/5-design-tricks-facebook-uses-to-affect-your-privacy-decisions/
“Facebook is a free service so you arethe product; none of this should reallycome as a surprise. Still, its interesting—if...
“Your profile is the way you present yourself on Googleproducts and across the web. With your profile, youcan manage the i...
Google gives you a privacy dashboard to showjust how much it knows about you     http://techcrunch.com/2009/11/05/google-g...
Google changes privacy across all products                                                                                ...
Google’s new policy              replaces more than 60              existing product-specific              privacy documen...
The new privacy policy – which Google contends will allow it to better target ads —goes into effect on March 1. In a press...
“If Google received a warrant to disclose documents, and your business and personal docs are intermingled — that’s a probl...
The End of PrivacyIf Google can changeits privacy policytoday, it can change ittomorrow. And it will.[...] This is whatsmo...
Google announcesprivacy changes acrossproducts
Google announcesprivacy changes acrossproducts with no opt-out option
http://www.ftc.gov/opa/2011/03/google.shtm
On the day Buzz was launched, Gmail users got a message announcing the new service andwere given two options: “Sweet! Chec...
On the day Buzz was launched, Gmail users got a message announcing the new service andwere given two options: “Sweet! Chec...
In response to the Buzz launch, Google received thousands of complaints from consumers whowere concerned about public disc...
In response to the Buzz launch, Google received thousands of complaints from consumers whowere concerned about public disc...
https://plus.google.com
http://www.zdnet.com/blog/identity/ftc-asked-to-probe-google-search-integration/143
EPIC says a review should take place given an ongoing FTC investigation of possibleantitrust violations related to the way...
EPIC says a review should take place given an ongoing FTC investigation of possibleantitrust violations related to the way...
Search Plus is combining personal signals — your searchand web history — along with social signals to create a newform of ...
Google may use your Google account information, suchas items you +1 on Google properties and across the web, topersonalize...
Google Under Fire for Circumvention ofCookie Settings in Safari for iOS to TrackUsers  http://www.macrumors.com/2012/02/17...
Safari’s cookie blocking feature is unique in two ways: itsdefault and its substantive policy.Unlike every other browser v...
Safari’s cookie blocking feature is unique in two ways: itsdefault and its substantive policy.Unlike every other browser v...
Safari’s cookie blocking feature is unique in two ways: itsdefault and its substantive policy.Unlike every other browser v...
+   •     but, Google used a loophole to make Safari         allow cookies (which it will only do IF a user         intera...
Google settles Safari suit for $22.5 million             https://www.competitionpolicyinternational.com/google-to-settle-s...
Lastly, Google produces a laudable transparency report, but... Google complies with 93 percent of the 6,000 requests it re...
“...all these concerns about privacy tend to be old people issues.” Reid Hoffman, the founder of LinkedIn, in a segment du...
http://www.businessinsider.com/privacy-is-for-old-people-says-linkedin-founder-2011-10
http://fak3r.com/2011/10/12/linkedin-is-spamming-all-of-my-gmail-contacts
•   people I didn’t know well personally•   people that I work with from other countries    that aren’t on LinkedIn•   tec...
http://fak3r.com/2011/10/12/linkedin-is-spamming-all-of-my-gmail-contacts
•   so I did opt-in•   but they didn’t use the data in the manner I    approved•   support, didn’t help                   ...
Don’t forget about filesharing
http://www.dropbox.com
How Dropbox sacrifices user privacy forcost savings   •   claimed no Dropbox personal could access       your files   •   ...
How Dropbox sacrifices user privacy forcost savings                        On April 1, 2011, Marcia Hofmann at the        ...
Privacy Policy change (April 13, 2011)“All files stored on Dropbox servers areencrypted (AES 256) and are inaccessiblewith...
Privacy Policy change (April 13, 2011)“All files stored on Dropbox servers areencrypted (AES 256) and are inaccessiblewith...
http://getcloudapp.com
“CloudApp allows you to share images, links, music, videos andfiles. Here is how it works: choose a file, drag it to theme...
Unfortunately, the weak entropy ofcharacters used for their shortened URLsleads to (very) low privacy                     ...
http://cl.ly/2a3e                    http://getcloudapp.com
http://cl.ly/2a3e                    http://getcloudapp.com
http://cl.ly/3l1k                    http://getcloudapp.com
http://cl.ly/3l1k                    http://getcloudapp.com
http://cl.ly/4ety                    http://getcloudapp.com
http://cl.ly/4ety                    http://getcloudapp.com
This is fun...until you find personal documents                                        http://getcloudapp.com
I wrote a script that can randomly downloadgigabytes of users’ data, by guessing, or “bruteforcing” different URL combinat...
•   plenty of pictures, mp3s, graphics•   credit card receipts, court documents, W9    (US tax forms), personal emails, Fa...
People don’t know they’re sharing this data.Responsible Disclosure: I reported my findings toCloudApp (12/2011), they said...
They have not fixed the issue, I have releasedthe script to demonstrate this vulnerability.I’m still waiting to hear back ...
How could all of thissocial media data beused?
To fight crime
Facebook Unmasks Koobface (P2P botnets)   Gang, Aided By Their Foursquare Check-ins And   Social Networking Photoshttp://w...
Facebook Unmasks Koobface (P2P botnets)   Gang, Aided By Their Foursquare Check-ins And   Social Networking Photos       I...
For good, humanitarianpurposes
Twitter Tracks Cholera OutbreaksFaster Than Health Authorities                            Now researchers have shown that,...
For nefarious purposes
https://xkcd.comhttp://sylviamoessinger.wordpress.com/2011/05/04/h807-online-privacy-an-illusion-a10-1
Spokeo is a people search engine“...organizes vast quantities of white-pages listings, social information, and other peopl...
Spokeo is a people search engineNot just Name, Age, Sex, but they also include Race, Politics, Religion, Cost of your home...
http://cheezburger.com
Understand whyprivacy matters
The Right to Anonymity is a Matter of Privacy         Privacy from employers         Privacy from the political scene   ...
Communication Security; Riseups primer onsurveillance and security. Why security matters• Because network surveillance is ...
The Filter Bubble             "Internet firms increasingly             show us less of the wide             world, locatin...
Understand that privatebrowsing isn’t private
http://donottrackplus.com/learn/pbrowsing.php
Know what you aresharing
Block trackers before they get yourinformation – social sites, ad networks,companiesDo Not Track Plus                     ...
Blocks ads, flash and javascript trackers                                                               http://noscript.ne...
Opt-out of sharing
Via browser plugins               http://google.com/settings/ads/onweb
Or opt-out manuallyhttp://bit.ly/optout           http://www.google.com/ads/preferences/plugin/browsers.html
Remove Your GoogleSearch History
1. Sign into your Google accounthttps://www.eff.org/deeplinks/2012/02/how-remove-your-google-search-history-googles-new-pr...
2. Go to https://google.com/historyhttps://www.eff.org/deeplinks/2012/02/how-remove-your-google-search-history-googles-new...
3. Click "remove all Web History"https://www.eff.org/deeplinks/2012/02/how-remove-your-google-search-history-googles-new-p...
4. Click "OK"https://www.eff.org/deeplinks/2012/02/how-remove-your-google-search-history-googles-new-privacy-policy-takes-...
Pauses Web History, it will remain off untilyou enable it again, but this won’t stopGoogle’s other tracking methods   http...
Oops, my history was saved back to 2006 https://www.eff.org/deeplinks/2012/02/how-remove-your-google-search-history-google...
Browse securely
HTTPS is your friend          http://alexmillers.wordpress.com/2011/05/11/https-is-your-friend
why?
Session hijackingaka sidejacking             https://en.wikipedia.org/wiki/Session_hijacking
Logins: httpsThen drops to: http              https://en.wikipedia.org/wiki/Session_hijacking
Firesheep            http://codebutler.com/firesheep
HTTPS Everywhere      HTTPS Everywhere is a Firefox extension      produced as a collaboration between The Tor Project    ...
HTTPS EnforcerHTTPS Enforcer for GoogleChrome encrypts yourcommunications with anumber of major websites.                 ...
Encrypt your DNSqueries
OpenDNS tool secures DNStraffic DNSCrypt issignificant because itencrypts all DNS trafficbetween Internet users andOpenDNS...
Use better passwords
Use more passwords
why?
Zappos hacked, 24million accounts        http://money.cnn.com/2012/01/16/technology/zappos_hack/index.htm
Zappos hacked, 24million accountsZappos users here are the subject matter simply because it’sthe most recent attack, but i...
SlashGear 101: BasicPassword Security“The simplest way to keep yourself secure on the internetis to use different password...
Forget your passwords
NOT
Did you forget your     password?
why?
Mat Honanhttp://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/
In the space of one hour, my entire digital lifewas destroyed. First my Google accountwas taken over, then deleted. Next m...
Forget your passwords
Here’s how I do it
https://lastpass.com
https://lastpass.com
9Z!de*NM2y7%yZwtwZx7CC@utHyVD@5KcP$arcQTkt2Fhntu#8cET!pDqDXq9HcV
9Z!de*NM2y7%yZwtNot a perfect method, trusting a 3rd partywZx7CC@utHyVD@5KcP$arcQTkt2Fhntu#8cET!pDqDXq9HcV
9Z!de*NM2y7%yZwtNot a perfect method, trusting a 3rd partywZx7CC@utHyVD@5KWorks, but looking for a more secure waycP$arcQT...
9Z!de*NM2y7%yZwtNot a perfect method, trusting a 3rd partywZx7CC@utHyVD@5KWorks, but looking for a more secure waycP$arcQT...
Search more securely
“The world’s most private search engine”         https://ixquick.de
https://duckduckgo.com
"[...] we cannot rely on a few large companies, and compromise our privacy inthe process," says Michael Christen, YaCys pr...
Use free, open source,tools to protect yourself
•   Tor is short for The Onion Router•   originally designed as a onion routing project of    the U.S. Naval Research Labo...
https://torproject.org
The Tor BrowserBundle lets you useTor on Windows, MacOS X or Linuxwithout installingany software.                      htt...
Install Tor on aserver to contributeto the network’srobustness, andconnect yourself             https://torproject.org
•   a user-friendly way of deploying Tor bridges    to help users access an uncensored Internet•   runs on a Amazon EC2 mi...
A lightweight command line service that securelysynchronizes your data http://lipsync.info
javascript based authentication, uses remoteStorage, across-origin data storage protocol separating applicationservers fro...
DIY, run your ownservices, instead of usingothers
http://drupal.orghttp://www.joomla.org  http://wordpress.org
open source, Jabber/XMPP instant messaging server   Off-the-Record (OTR) Messaging, more secure      use SSL for encrypted...
open source microblogging software (like Twitter)run your own host, keep your own information           it powers http://i...
an open, distributed, federated, social networkmirrors functionality of Facebook, Google+signup on an official server, or ...
Get involved anddemand change
Focusing public attention on emerging privacy and civil liberties issues                                                  ...
Conclusion
Conclusionquestion how companies save, store and use yourpersonal data
Conclusionquestion how companies save, store and use yourpersonal datalearn   about online privacy, know your rights!
Conclusionquestion how companies save, store and use yourpersonal datalearn   about online privacy, know your rights!share...
Conclusionquestion how companies save, store and use yourpersonal datalearn   about online privacy, know your rights!share...
secureworld expo   Saint Louis, MO - September 11-12, 2012
slides / detailsphilcryer.com secureworld expo   Saint Louis, MO - September 11-12, 2012
slides / detailsphilcryer.comfollow / twitter@fak3r secureworld expo   Saint Louis, MO - September 11-12, 2012
slides / detailsphilcryer.comfollow / twitter@fak3rthank / youSecureWorldElectronic Frontier FoundationSpry Digital secure...
slides / detailsphilcryer.comfollow / twitter@fak3rthank / youSecureWorldElectronic Frontier FoundationSpry Digital secure...
slides / detailsphilcryer.comfollow / twitter@fak3rthank / youSecureWorldElectronic Frontier FoundationSpry Digital secure...
slides / detailsphilcryer.comfollow / twitter@fak3rthank / youSecureWorldElectronic Frontier FoundationSpry Digital secure...
Online Privacy in the Year of the Dragon
Online Privacy in the Year of the Dragon
Online Privacy in the Year of the Dragon
Online Privacy in the Year of the Dragon
Upcoming SlideShare
Loading in...5
×

Online Privacy in the Year of the Dragon

14,419

Published on

Description: Businesses change online privacy policies to make user's data, and their interaction with websites, more profitable for the website's owners. Users need to understand what privacy is being lost, how their data is being used and how they can improve their online privacy with knowledge and open source software.

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
14,419
On Slideshare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
23
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Transcript of "Online Privacy in the Year of the Dragon"

    1. 1. Online privacyin the year ofthe dragonPhil CryerMember - Electronic Frontier FoundationTechnical Architect - Spry Digital secureworld expo Saint Louis, MO - September 11-12, 2012
    2. 2. $ whoami secureworld expo Saint Louis, MO - September 11-12, 2012
    3. 3. $ whoamiblog / fak3r.com$ cat twitter.txt@fak3r$ cat bio.txtprivacy advocatesecurity researcheropen source technologist secureworld expo Saint Louis, MO - September 11-12, 2012
    4. 4. “With social media,users’ vanity hastrumped previously heldmores concerningprivacy” me, 2011
    5. 5. http://urania-josegalisifilho.blogspot.com/2012/06/interview-with-willian-gibson-by-larry.html
    6. 6. People’s data on socialnetworks becomespermanently shared.
    7. 7. So what will companiesdo to monetize all ofthis data they collect?
    8. 8. Use it to better targetyou with ads, ofcourse.
    9. 9. To you, your socialprofile...
    10. 10. =
    11. 11. Data
    12. 12. Your data
    13. 13. But to the social mediacompanies...
    14. 14. Your data
    15. 15. =
    16. 16. https://christian3200.files.wordpress.com/2011/04/moneyyyyy.jpg
    17. 17. http://cheezburger.com/View/2362193664
    18. 18. So, how much shouldpeople worry aboutthe loss of onlineprivacy? http://online.wsj.com/article/SB10001424052970204190704577024262567105738.html
    19. 19. Danah Boyd “People want to share. But thatsdifferent than saying that people want to beexposed by others.” Protecting privacy is about making certain that people have the ability to make informed decisions about how they engage in public. I do not think we’ve done enough. That said, I am opposed to approaches that protect people by disempowering them. I want to see approaches that force powerful entities to be transparent about their data practices. And I want to see approaches that put restrictions on how data can be used to harm people. http://online.wsj.com/article/SB10001424052970204190704577024262567105738.html
    20. 20. Chris Soghoian “...we now regularly trade ourmost private information for access tosocial-networking sites and free content” The dirty secret of the Web is that the free content and services that consumers enjoy come with a hidden price: their own private data. Many of the major online advertising companies are not interested in the data that we knowingly and willingly share. Instead, these parasitic firms covertly track our web- browsing activities, search behavior and geolocation information. Once collected, this mountain of data is analyzed to build digital dossiers on millions of consumers, in some cases identifying us by name, gender, age as well as the medical conditions and political issues we have researched online. http://online.wsj.com/article/SB10001424052970204190704577024262567105738.html
    21. 21. Whose Life Is It Anyway? Consumers are learningtheir data is currency http://www.adweek.com/news/advertising-branding/whose-life-it-anyway-137537
    22. 22. Whose Life Is It Anyway? Consumers are learningtheir data is currencyEach year, companies in the U.S. spendmore than $2 billion on third-partyconsumer data, according to ForresterResearch. [...] growing at such a fast clip thatthe World Economic Forum and other futuristshave called personal data the “new oil.” http://www.adweek.com/news/advertising-branding/whose-life-it-anyway-137537
    23. 23. Could your privacy bebought from you?
    24. 24. Could your privacy be bought from you?Google [...] wants “panelists” for a program calledScreenwise who will add a browser extension inChrome “that will share with Google the sitesyou visit and how you use them” — information thatGoogle will study in order to improve its products andservices. http://www.forbes.com/sites/kashmirhill/2012/02/09/your-online-privacy-is-worth-less-than-a-six-pack-of-marshmallow-fluff
    25. 25. Could your privacy be bought from you?What’s in it for you? Up to $25 in gift cards. [..] a$5 Amazon.com Gift Card code instantly when you signup and download the Google Screenwise browserextension. [...] $5 Amazon.com Gift Card codes everythree months for staying with it. It’s our way of saying“Thank you.” http://www.forbes.com/sites/kashmirhill/2012/02/09/your-online-privacy-is-worth-less-than-a-six-pack-of-marshmallow-fluff
    26. 26. $25 USD per yearhttp://www.forbes.com/sites/kashmirhill/2012/02/09/your-online-privacy-is-worth-less-than-a-six-pack-of-marshmallow-fluff
    27. 27. “New research finds people fork over $5,000worth of personal information a year toGoogle in exchange for access to its “freeservices” such as Gmail and search.” http://blogs.smartmoney.com/advice/2012/01/25/who-would-pay-5000-to-use-google-you
    28. 28. “If you’re not paying forthe product, you are theproduct.”
    29. 29. • 955 million active users• More than 57% login daily (552 million)• Average user has 130 friends• 543 million users of mobile products http://newsroom.fb.com/content/default.aspx?NewsAreaId=22
    30. 30. • More than 70 languages available on the site• Over 300,000 users helped translate the site through the translations application• 81%+ of users are outside of the US/Canada http://newsroom.fb.com/content/default.aspx?NewsAreaId=22
    31. 31. http://graph.facebook.com/4
    32. 32. $ curl -s http://graph.facebook.com/4 | python -mjson.tool{ "first_name": "Mark", "gender": "male", "id": "4", "last_name": "Zuckerberg", "link": "http://www.facebook.com/zuck", "locale": "en_US", "name": "Mark Zuckerberg", "username": "zuck"} http://graph.facebook.com/4
    33. 33. Mark Zuckerberg starts Facebook at 19 while still atHarvard, but early messages don’t show a stronginterest in privacy...
    34. 34. An early instant message session with a friend...Zuck: Yeah so if you ever need info about anyone at HarvardZuck: Just ask.Zuck: I have over 4,000 emails, pictures, addresses, SNS[Redacted Friends Name]: What? How’d you manage that one?Zuck: People just submitted it.Zuck: I don’t know why.Zuck: They “trust me”Zuck: Dumb f***s https://en.wikiquote.org/wiki/Mark_Zuckerberg http://articles.businessinsider.com/2010-09-13/tech/30033368_1_ims-mark-zuckerberg-facebook-ceo
    35. 35. Privacy no longer a social norm, says Facebookfounder“People have really gottencomfortable not onlysharing moreinformation anddifferent kinds, butmore openly and withmore people,” he said.“That social norm is justsomething that hasevolved over time.” http://www.guardian.co.uk/technology/2010/jan/11/facebook-privacy
    36. 36. Facebook Privacy: A bewildering Tangle ofOptions“To manage your privacy on Facebook, you will need tonavigate through 50 settings with more than 170options. Facebook says it wants to offer precise controls forsharing on the Internet.” https://www.nytimes.com/interactive/2010/05/12/business/facebook-privacy.html
    37. 37. https://www.nytimes.com/interactive/2010/05/12/business/facebook-privacy.html
    38. 38. https://www.nytimes.com/interactive/2010/05/12/business/facebook-privacy.html
    39. 39. http://facebook.com
    40. 40. Chris Soghoian “Facebook’s covert surveillanceof your browsing activities on non-Facebook websites...” Although consumers knowingly share information via Facebook, the privacy issues associated with that company are not related to the way consumers use it, but rather the other things the company does. These include the tricks the company has pulled to expose users’ private data to third-party app developers, the changing privacy defaults for profile data, as well as Facebook’s covert surveillance of your browsing activities on non-Facebook websites, as long as a “Like” button is present (even if you don’t click on it). http://online.wsj.com/article/SB10001424052970204190704577024262567105738.html
    41. 41. Facebook has cut a deal with political website Politico that allows theindependent site machine-access to Facebook users messages, bothpublic and private, when a Republican Presidential candidate is mentioned byname. The data is being collected and analyzed for sentiment by Facebook’s datateam, then delivered to Politico to serve as the basis of data-drivenpolitical analysis and journalism.The move is being widely condemned in the press as a violation of privacy butif Facebook would do this right, it could be a huge win for everyone. Facebookcould be the biggest, most dynamic census of human opinion and interaction inhistory. Unfortunately, failure to talk prominently about privacy protections,failure to make this opt-in (or even opt out!) and the inclusion ofprivate messages are all things that put at risk any remaining shreds of trust inFacebook that could have served as the foundation of a new era of social self-awareness. https://www.readwriteweb.com/archives/why_facebooks_data_sharing_matters.php
    42. 42. Facebook has cut a deal with political website Politico that allows theindependent site machine-access to Facebook users messages, bothpublic and private, when a Republican Presidential candidate is mentioned byname. The data is being collected and analyzed for sentiment by Facebook’s datateam, then delivered to Politico to serve as the basis of data-drivenpolitical analysis and journalism.The move is being widely condemned in the press as a violation of privacy butif Facebook would do this right, it could be a huge win for everyone. Facebookcould be the biggest, most dynamic census of human opinion and interaction inhistory. Unfortunately, failure to talk prominently about privacy protections,failure to make this opt-in (or even opt out!) and the inclusion ofprivate messages are all things that put at risk any remaining shreds of trust inFacebook that could have served as the foundation of a new era of social self-awareness. https://www.readwriteweb.com/archives/why_facebooks_data_sharing_matters.php
    43. 43. Facebook has cut a deal with political website Politico that allows theindependent site machine-access to Facebook users messages, bothpublic and private, when a Republican Presidential candidate is mentioned byname. The data is being collected and analyzed for sentiment by Facebook’s datateam, then delivered to Politico to serve as the basis of data-drivenpolitical analysis and journalism.The move is being widely condemned in the press as a violation of privacy butif Facebook would do this right, it could be a huge win for everyone. Facebookcould be the biggest, most dynamic census of human opinion and interaction inhistory. Unfortunately, failure to talk prominently about privacy protections,failure to make this opt-in (or even opt out!) and the inclusion ofprivate messages are all things that put at risk any remaining shreds of trust inFacebook that could have served as the foundation of a new era of social self-awareness. https://www.readwriteweb.com/archives/why_facebooks_data_sharing_matters.php
    44. 44. https://www.facebook.com/about/ads
    45. 45. Exclusive: Leaked Details of How Facebook Plans To Sell Your Timeline to AdvertisersWhat most users don’t know is that the new features being introduced are all centeredaround increasing the value of Facebook to advertisers, to the point where Facebookrepresentatives have been selling the idea that Timeline is actually about re-conceptualizing usersaround their consumer preferences, or as they put it, “brands are now an essential part ofpeople’s identities.”Disguising ads as your friends’ updates is being offered up as an antidote to the dismalclick-through rates for traditional web advertising. Sponsored stories in your feed and sidebar adsbased on your friends’ likes will become ubiquitous. Indeed in marketing materials, Facebooksays these new premium ads are 90 percent accurate, compared to the industryaverage of 35 percent. “When people hear about you [the brand] from friends, theylisten.” http://www.betabeat.com/2011/12/23/exclusive-leaked-details-of-how-facebook-plans-to-sell-your-timeline-to-advertisers
    46. 46. Exclusive: Leaked Details of How Facebook Plans To Sell Your Timeline to AdvertisersWhat most users don’t know is that the new features being introduced are all centeredaround increasing the value of Facebook to advertisers, to the point where Facebookrepresentatives have been selling the idea that Timeline is actually about re-conceptualizing usersaround their consumer preferences, or as they put it, “brands are now an essential part ofpeople’s identities.”Disguising ads as your friends’ updates is being offered up as an antidote to the dismalclick-through rates for traditional web advertising. Sponsored stories in your feed and sidebar adsbased on your friends’ likes will become ubiquitous. Indeed in marketing materials, Facebooksays these new premium ads are 90 percent accurate, compared to the industryaverage of 35 percent. “When people hear about you [the brand] from friends, theylisten.” http://www.betabeat.com/2011/12/23/exclusive-leaked-details-of-how-facebook-plans-to-sell-your-timeline-to-advertisers
    47. 47. Exclusive: Leaked Details of How Facebook Plans To Sell Your Timeline to AdvertisersWhat most users don’t know is that the new features being introduced are all centeredaround increasing the value of Facebook to advertisers, to the point where Facebookrepresentatives have been selling the idea that Timeline is actually about re-conceptualizing usersaround their consumer preferences, or as they put it, “brands are now an essential part ofpeople’s identities.”Disguising ads as your friends’ updates is being offered up as an antidote to the dismalclick-through rates for traditional web advertising. Sponsored stories in your feed and sidebar adsbased on your friends’ likes will become ubiquitous. Indeed in marketing materials, Facebooksays these new premium ads are 90 percent accurate, compared to the industryaverage of 35 percent. “When people hear about you [the brand] from friends, theylisten.” http://www.betabeat.com/2011/12/23/exclusive-leaked-details-of-how-facebook-plans-to-sell-your-timeline-to-advertisers
    48. 48. Timeline is “mandatory”for every Facebook user
    49. 49. Timeline is “mandatory”for every Facebook user with no opt-out option
    50. 50. Facebook settles privacycase with the FederalTrade Commission http://business.financialpost.com/2011/11/29/facebook-settles-privacy-case-wtih-ftc
    51. 51. Facebook has agreed to settle an investigation by the Federal Trade Commission into deceptive privacy practices, committing to cease making false claims and to submit to independent audits for 20 years.Facebook settles privacy The FTC said the world’s largest Internet social network had been repeatedly deceptive. For example, Facebook promised users that it would not share personal information with advertisers, but it did, the agency said.case with the FTC Also, the company failed to warn users that it was changing its website in December 2009 so that certain information that users designated as private, such as their “Friends List,” would be made public, the FTC said. “Facebook’s innovation does not have to come at the expense of consumer privacy,” FTC Chairman Jon Leibowitz said in a statement. http://business.financialpost.com/2011/11/29/facebook-settles-privacy-case-wtih-ftc
    52. 52. Facebook has agreed to settle an investigation by the Federal Trade Commission into deceptive privacy practices, committing to cease making false claims and to submit to independent audits for 20 years.Facebook settles privacy The FTC said the world’s largest Internet social network had been repeatedly deceptive. For example, Facebook promised users that it would not share personal information with advertisers, but it did, the agency said.case with the FTC Also, the company failed to warn users that it was changing its website in December 2009 so that certain information that users designated as private, such as their “Friends List,” would be made public, the FTC said. “Facebook’s innovation does not have to come at the expense of consumer privacy,” FTC Chairman Jon Leibowitz said in a statement. http://business.financialpost.com/2011/11/29/facebook-settles-privacy-case-wtih-ftc
    53. 53. Facebook’s entirebusiness model is underfire in the EU http://venturebeat.com/2011/11/28/facebook-advertising-eu
    54. 54. The EU is considering a ban on Facebook’s practice of selling demographic data to marketers and advertisers without specific permission from users.Facebook’s entire Now, however, the EC is planning to ban such activity unless users themselves specifically agree to it. The EU’s data protection working group is currently investigating how Facebook tracks users, stores data and uses that information to serve targetedbusiness model is under ads. The ban may take effect as soon as next year. (11/2011) [...] The European Commission is planning to stop the way the website "eavesdrops" on its users to gather information about theirfire in the EU political opinions, sexuality, religious beliefs – and even their whereabouts. Viviane Reding, the vice president of European Commission, said the Directive would amend current European data protection laws in the light of technological advances and ensure consistency in how offending firms are dealt with across the EU. http://venturebeat.com/2011/11/28/facebook-advertising-euhttp://www.telegraph.co.uk/technology/facebook/8917836/Facebook-faces-EU-curbs-on-selling-users-interests-to-advertisers.html
    55. 55. The EU is considering a ban on Facebook’s practice of selling demographic data to marketers and advertisers without specific permission from users.Facebook’s entire Now, however, the EC is planning to ban such activity unless users themselves specifically agree to it. The EU’s data protection working group is currently investigating how Facebook tracks users, stores data and uses that information to serve targetedbusiness model is under ads. The ban may take effect as soon as next year. [...] The European Commission is planning to stop the way the website "eavesdrops" on its users to gather information about theirfire in the EU political opinions, sexuality, religious beliefs – and even their whereabouts. Viviane Reding, the vice president of European Commission, said the Directive would amend current European data protection laws in the light of technological advances and ensure consistency in how offending firms are dealt with across the EU. http://venturebeat.com/2011/11/28/facebook-advertising-euhttp://www.telegraph.co.uk/technology/facebook/8917836/Facebook-faces-EU-curbs-on-selling-users-interests-to-advertisers.html
    56. 56. Facebook threatened byGerman consumergroup over App Centerprivacy info http://www.zdnet.com/facebook-threatened-by-german-consumer-group-over-app-center-privacy-info-7000003309/
    57. 57. http://techcrunch.com/2012/08/25/5-design-tricks-facebook-uses-to-affect-your-privacy-decisions/
    58. 58. http://techcrunch.com/2012/08/25/5-design-tricks-facebook-uses-to-affect-your-privacy-decisions/
    59. 59. http://techcrunch.com/2012/08/25/5-design-tricks-facebook-uses-to-affect-your-privacy-decisions/
    60. 60. http://techcrunch.com/2012/08/25/5-design-tricks-facebook-uses-to-affect-your-privacy-decisions/
    61. 61. http://techcrunch.com/2012/08/25/5-design-tricks-facebook-uses-to-affect-your-privacy-decisions/
    62. 62. “Facebook is a free service so you arethe product; none of this should reallycome as a surprise. Still, its interesting—ifalso a bit scary—to see the design choicesintended to make you part with yourpersonal information.” http://techcrunch.com/2012/08/25/5-design-tricks-facebook-uses-to-affect-your-privacy-decisions/
    63. 63. “Your profile is the way you present yourself on Googleproducts and across the web. With your profile, youcan manage the information that people see -such as your bio, contact details, and links to other sitesabout you or created by you.” https://profiles.google.com
    64. 64. Google gives you a privacy dashboard to showjust how much it knows about you http://techcrunch.com/2009/11/05/google-gives-you-a-privacy-dashboard-to-show-just-how-much-it-knows-about-you
    65. 65. Google changes privacy across all products Google said Tuesday it will require users to allow the company to follow their activities across e-mail, search ... and other services, a radical shift in strategy that is expected to invite greater scrutiny of its privacy and competitive practices.http://www.washingtonpost.com/business/technology/google-tracks-consumers-across-products-users-cant-opt-out/2012/01/24/gIQArgJHOQ_story.html
    66. 66. Google’s new policy replaces more than 60 existing product-specific privacy documents for services including Gmail, YouTube and Google Docs (plus Picassa, Blogger, Google Talk, Google Earth, etc.) Google says the unified terms will provide better search results and serve up ads that are more likely to be of interest.http://www.scientificamerican.com/article.cfm?id=how-googles-new-privacy-p
    67. 67. The new privacy policy – which Google contends will allow it to better target ads —goes into effect on March 1. In a press release, the company said it may combine the informationusers submit under their email accounts with information from other Google services or thirdparties. What people do and share on the social networking site Google+, Gmail andYouTube will be combined to create a more three-dimensional picture of consumers’likes and dislikes, according to reports. Google did not return calls seeking comment. http://blogs.smartmoney.com/advice/2012/01/25/who-would-pay-5000-to-use-google-you
    68. 68. “If Google received a warrant to disclose documents, and your business and personal docs are intermingled — that’s a problem,” he said. “Some would like to say, “No, thank you” and keep their accounts separate.” “Google should make it easy for people to set up and manage separate accounts if they wish to do so,” Kurt Opsahl, senior staff attorney for the Electronic Frontier Foundation.http://www.scientificamerican.com/article.cfm?id=how-googles-new-privacy-p
    69. 69. The End of PrivacyIf Google can changeits privacy policytoday, it can change ittomorrow. And it will.[...] This is whatsmotivating their policychange this week, andsomeday its likely tomotivate them to sell mypersonal information afterall. http://www.flickr.com/photos/47691521@N07/4638981545 http://motherjones.com/kevin-drum/2012/01/end-privacy-google
    70. 70. Google announcesprivacy changes acrossproducts
    71. 71. Google announcesprivacy changes acrossproducts with no opt-out option
    72. 72. http://www.ftc.gov/opa/2011/03/google.shtm
    73. 73. On the day Buzz was launched, Gmail users got a message announcing the new service andwere given two options: “Sweet! Check out Buzz,” and “Nah, go to my inbox.” However, the FTCcomplaint alleged that some Gmail users who clicked on “Nah...” were nonethelessenrolled in certain features of the Google Buzz social network.For those Gmail users who clicked on “Sweet!,” the FTC alleges that they were not adequatelyinformed that the identity of individuals they emailed most frequently would bemade public by default. Google also offered a “Turn Off Buzz” option that did not fullyremove the user from the social network. http://www.ftc.gov/opa/2011/03/google.shtm
    74. 74. On the day Buzz was launched, Gmail users got a message announcing the new service andwere given two options: “Sweet! Check out Buzz,” and “Nah, go to my inbox.” However, the FTCcomplaint alleged that some Gmail users who clicked on “Nah...” were nonethelessenrolled in certain features of the Google Buzz social network.For those Gmail users who clicked on “Sweet!,” the FTC alleges that they were not adequatelyinformed that the identity of individuals they emailed most frequently would bemade public by default. Google also offered a “Turn Off Buzz” option that did not fullyremove the user from the social network. http://www.ftc.gov/opa/2011/03/google.shtm
    75. 75. In response to the Buzz launch, Google received thousands of complaints from consumers whowere concerned about public disclosure of their email contacts which included, insome cases, ex-spouses, patients, students, employers, or competitors. According tothe FTC complaint, Google made certain changes to the Buzz product in response to thosecomplaints.When Google launched Buzz, its privacy policy stated that “When you sign up for a particularservice that requires registration, we ask you to provide personal information. If we use thisinformation in a manner different than the purpose for which it was collected, then we will askfor your consent prior to such use.” The FTC complaint charges that Google violated itsprivacy policies by using information provided for Gmail for another purpose -social networking - without obtaining consumers’ permission in advance. http://www.ftc.gov/opa/2011/03/google.shtm
    76. 76. In response to the Buzz launch, Google received thousands of complaints from consumers whowere concerned about public disclosure of their email contacts which included, insome cases, ex-spouses, patients, students, employers, or competitors. According tothe FTC complaint, Google made certain changes to the Buzz product in response to thosecomplaints.When Google launched Buzz, its privacy policy stated that “When you sign up for a particularservice that requires registration, we ask you to provide personal information. If we use thisinformation in a manner different than the purpose for which it was collected, then we will askfor your consent prior to such use.” The FTC complaint charges that Google violated itsprivacy policies by using information provided for Gmail for another purpose -social networking - without obtaining consumers’ permission in advance. http://www.ftc.gov/opa/2011/03/google.shtm
    77. 77. https://plus.google.com
    78. 78. http://www.zdnet.com/blog/identity/ftc-asked-to-probe-google-search-integration/143
    79. 79. EPIC says a review should take place given an ongoing FTC investigation of possibleantitrust violations related to the way Google compiles search results, as well as, anApril 2011 settlement Google made with the FTC regarding deceptive privacy practices.EPIC claims the integration of Google+ and Google search, called Search plus Your World, raisesconcerns over fair competition and the search giant’s adherence to the FTC settlement.EPIC said in its letter to the FTC, “Google’s [search] changes make the personal data of users moreaccessible.” The letter was signed by Marc Rotenberg, executive director of EPIC.EPIC’s concerns were over personal data - photos, posts, and contact details - beinggathered from Google+ users and included in search results. “Google allows users to optout of receiving search results that include personal data, but users cannot opt out of having theirinformation found by their Google+ contacts through Google search,” the letter said. http://www.zdnet.com/blog/identity/ftc-asked-to-probe-google-search-integration/143
    80. 80. EPIC says a review should take place given an ongoing FTC investigation of possibleantitrust violations related to the way Google compiles search results, as well as, anApril 2011 settlement Google made with the FTC regarding deceptive privacy practices.EPIC claims the integration of Google+ and Google search, called Search plus Your World, raisesconcerns over fair competition and the search giant’s adherence to the FTC settlement.EPIC said in its letter to the FTC, “Google’s [search] changes make the personal data of users moreaccessible.” The letter was signed by Marc Rotenberg, executive director of EPIC.EPIC’s concerns were over personal data - photos, posts, and contact details - beinggathered from Google+ users and included in search results. “Google allows users to optout of receiving search results that include personal data, but users cannot opt out of havingtheir information found by their Google+ contacts through Google search,” the lettersaid. http://www.zdnet.com/blog/identity/ftc-asked-to-probe-google-search-integration/143
    81. 81. Search Plus is combining personal signals — your searchand web history — along with social signals to create a newform of personalized results. It’s not just who you are that nowinfluences what you see. It’s who you know. What yourfriends like, share or create can influence what showsup first when you search for something. http://marketingland.com/faq-google-search-plus-your-world-3533
    82. 82. Google may use your Google account information, suchas items you +1 on Google properties and across the web, topersonalize content and ads on non-Google websites. http://www.google.com/privacy/ads
    83. 83. Google Under Fire for Circumvention ofCookie Settings in Safari for iOS to TrackUsers http://www.macrumors.com/2012/02/17/google-under-fire-for-circumvention-of-cookie-settings-in-safari-for-ios-to-track-users
    84. 84. Safari’s cookie blocking feature is unique in two ways: itsdefault and its substantive policy.Unlike every other browser vendor, Apple enables 3rd partycookie blocking by default. Every iPhone, iPad, iPod Touch,and Mac ships with the privacy feature turned on.Apple’s Safari web browser is configured to block third-partycookies by default. We identified four advertising companiesthat unexpectedly place trackable cookies in Safari.Google and Vibrant Media intentionally circumventSafari’s privacy feature. Media Innovation Group andPointRoll serve scripts that appear to be derived fromcircumvention example code. http://webpolicy.org/2012/02/17/safari-trackers
    85. 85. Safari’s cookie blocking feature is unique in two ways: itsdefault and its substantive policy.Unlike every other browser vendor, Apple enables 3rd partycookie blocking by default. Every iPhone, iPad, iPod Touch,and Mac ships with the privacy feature turned on.Apple’s Safari web browser is configured to block third-partycookies by default. We identified four advertising companiesthat unexpectedly place trackable cookies in Safari.Google and Vibrant Media intentionally circumventSafari’s privacy feature. Media Innovation Group andPointRoll serve scripts that appear to be derived fromcircumvention example code. http://webpolicy.org/2012/02/17/safari-trackers
    86. 86. Safari’s cookie blocking feature is unique in two ways: itsdefault and its substantive policy.Unlike every other browser vendor, Apple enables 3rd partycookie blocking by default. Every iPhone, iPad, iPod Touch,and Mac ships with the privacy feature turned on.Apple’s Safari web browser is configured to block third-partycookies by default. We identified four advertising companiesthat unexpectedly place trackable cookies in Safari.Google and Vibrant Media intentionally circumventSafari’s privacy feature. Media Innovation Group andPointRoll serve scripts that appear to be derived fromcircumvention example code. http://webpolicy.org/2012/02/17/safari-trackers http://www.macrumors.com/2012/02/17/google-under-fire-for-circumvention-of-cookie-settings-in-safari-for-ios-to-track-users
    87. 87. + • but, Google used a loophole to make Safari allow cookies (which it will only do IF a user interacts with an ad) • an ad from DoubleClick (owned by Google) sent an invisible form, so Safari would think the user was interacting with the ad • thus, cookie accepted, tracking occurred • Google discouraged Safari users to opt-outhttp://www.macrumors.com/2012/02/17/google-under-fire-for-circumvention-of-cookie-settings-in-safari-for-ios-to-track-users
    88. 88. Google settles Safari suit for $22.5 million https://www.competitionpolicyinternational.com/google-to-settle-safari-suit-for-22-5-million/
    89. 89. Lastly, Google produces a laudable transparency report, but... Google complies with 93 percent of the 6,000 requests it receives for user data from law enforcement agencies is very different from the approach news organizations would take to handing over sources. https://www.google.com/transparencyreport/governmentrequests/US/?p=2011-06&t=USER_DATA_REQUEST
    90. 90. “...all these concerns about privacy tend to be old people issues.” Reid Hoffman, the founder of LinkedIn, in a segment during last year’s World Economic Forum at Davos, Switzerlandhttp://www.businessinsider.com/privacy-is-for-old-people-says-linkedin-founder-2011-10
    91. 91. http://www.businessinsider.com/privacy-is-for-old-people-says-linkedin-founder-2011-10
    92. 92. http://fak3r.com/2011/10/12/linkedin-is-spamming-all-of-my-gmail-contacts
    93. 93. • people I didn’t know well personally• people that I work with from other countries that aren’t on LinkedIn• technical mailing lists that I subscribe to• myself, four times• and in one case, a deceased relative http://fak3r.com/2011/10/12/linkedin-is-spamming-all-of-my-gmail-contacts
    94. 94. http://fak3r.com/2011/10/12/linkedin-is-spamming-all-of-my-gmail-contacts
    95. 95. • so I did opt-in• but they didn’t use the data in the manner I approved• support, didn’t help http://fak3r.com/2011/10/12/linkedin-is-spamming-all-of-my-gmail-contacts
    96. 96. Don’t forget about filesharing
    97. 97. http://www.dropbox.com
    98. 98. How Dropbox sacrifices user privacy forcost savings • claimed no Dropbox personal could access your files • but the way they do de-duplication of files proved this wasn’t true • Dropbox has the encryption keys, not the user • other services do encrypt their users data with a key only known to the user http://paranoia.dubfire.net/2011/04/how-dropbox-sacrifices-user-privacy-for.html
    99. 99. How Dropbox sacrifices user privacy forcost savings On April 1, 2011, Marcia Hofmann at the Electronic Frontier Foundation contacted Dropbox to let them know about the flaw, and that a researcher would be publishing the information on April 12th. At 6:15PM west coast time on April 11th, an attorney from Fenwick & West retained by Dropbox left Marcia a voicemail message, in which he reveled that: "the company is updating their privacy policy and security overview that is on the website to add further detail." http://paranoia.dubfire.net/2011/04/how-dropbox-sacrifices-user-privacy-for.html
    100. 100. Privacy Policy change (April 13, 2011)“All files stored on Dropbox servers areencrypted (AES 256) and are inaccessiblewithout your account password.” http://www.dropbox.com
    101. 101. Privacy Policy change (April 13, 2011)“All files stored on Dropbox servers areencrypted (AES 256) and are inaccessiblewithout your account password.” http://www.dropbox.com
    102. 102. http://getcloudapp.com
    103. 103. “CloudApp allows you to share images, links, music, videos andfiles. Here is how it works: choose a file, drag it to themenubar and let us take care of the rest. We provide youwith a short link automatically copied to your clipboard that youcan use to share your upload with co-workers and friends.” http://getcloudapp.com
    104. 104. Unfortunately, the weak entropy ofcharacters used for their shortened URLsleads to (very) low privacy http://getcloudapp.com
    105. 105. http://cl.ly/2a3e http://getcloudapp.com
    106. 106. http://cl.ly/2a3e http://getcloudapp.com
    107. 107. http://cl.ly/3l1k http://getcloudapp.com
    108. 108. http://cl.ly/3l1k http://getcloudapp.com
    109. 109. http://cl.ly/4ety http://getcloudapp.com
    110. 110. http://cl.ly/4ety http://getcloudapp.com
    111. 111. This is fun...until you find personal documents http://getcloudapp.com
    112. 112. I wrote a script that can randomly downloadgigabytes of users’ data, by guessing, or “bruteforcing” different URL combinations http://getcloudapp.com
    113. 113. • plenty of pictures, mp3s, graphics• credit card receipts, court documents, W9 (US tax forms), personal emails, Facebook posts, instant messages, passport scans• ...and everything was unencrypted http://getcloudapp.com
    114. 114. People don’t know they’re sharing this data.Responsible Disclosure: I reported my findings toCloudApp (12/2011), they said they have a noticeon their site that it may not be secure...but theystill allow this kind of convenient ‘sharing’ http://getcloudapp.com
    115. 115. They have not fixed the issue, I have releasedthe script to demonstrate this vulnerability.I’m still waiting to hear back from CloudApp.https://github.com/philcryer/ca-harvester http://getcloudapp.com
    116. 116. How could all of thissocial media data beused?
    117. 117. To fight crime
    118. 118. Facebook Unmasks Koobface (P2P botnets) Gang, Aided By Their Foursquare Check-ins And Social Networking Photoshttp://www.forbes.com/sites/kashmirhill/2012/01/17/facebook-unmasks-koobface-gang-aided-by-their-foursquare-check-ins-and-social-networking-photos
    119. 119. Facebook Unmasks Koobface (P2P botnets) Gang, Aided By Their Foursquare Check-ins And Social Networking Photos Independent security researchers and members of the Facebook security team tracked digital breadcrumbs to expose the five men responsible for Koobface [...] they tracked them down based on IP fingerprints, Foursquare check-ins, Twitter activity, friend lists on a Russian social networking site, and Flickr photos showing the gang vacationing across Europe.http://www.forbes.com/sites/kashmirhill/2012/01/17/facebook-unmasks-koobface-gang-aided-by-their-foursquare-check-ins-and-social-networking-photos
    120. 120. For good, humanitarianpurposes
    121. 121. Twitter Tracks Cholera OutbreaksFaster Than Health Authorities Now researchers have shown that, for the 2010 cholera epidemic in Haiti, social media like Twitter can track outbreaks as much as two weeks sooner than official health reports, especially when used by people with mobile phones. http://chronicle.com/blogs/percolator/twitter-tracks-cholera-outbreaks-faster-than-health-authorities/28205
    122. 122. For nefarious purposes
    123. 123. https://xkcd.comhttp://sylviamoessinger.wordpress.com/2011/05/04/h807-online-privacy-an-illusion-a10-1
    124. 124. Spokeo is a people search engine“...organizes vast quantities of white-pages listings, social information, and other people-related data from a large variety of public sources. Our mission is to help people find andconnect with others, more easily than ever” http://www.spokeo.com
    125. 125. Spokeo is a people search engineNot just Name, Age, Sex, but they also include Race, Politics, Religion, Cost of your home,Occupation, Education level, Salary, Hobbies... even your Zodaic sign (?) http://www.spokeo.com
    126. 126. http://cheezburger.com
    127. 127. Understand whyprivacy matters
    128. 128. The Right to Anonymity is a Matter of Privacy Privacy from employers Privacy from the political scene Privacy from the public eye Achieving anonymity online https://www.eff.org/deeplinks/2012/01/right-anonymity-matter-privacy
    129. 129. Communication Security; Riseups primer onsurveillance and security. Why security matters• Because network surveillance is so pervasive, it is a social problem that affects everyone all the time. In contrast, device and message security are important for people who are being individually targeted by repressive authorities• Improving your network security is fairly easy, in comparison to device or message security. https://help.riseup.net/en/security
    130. 130. The Filter Bubble "Internet firms increasingly show us less of the wide world, locating us in the neighborhood of the familiar. The risk, as Eli Pariser shows, is that each of us may unwittingly come to inhabit a ghetto of one."Watch -> http://bit.ly/filter-bubble http://www.thefilterbubble.com
    131. 131. Understand that privatebrowsing isn’t private
    132. 132. http://donottrackplus.com/learn/pbrowsing.php
    133. 133. Know what you aresharing
    134. 134. Block trackers before they get yourinformation – social sites, ad networks,companiesDo Not Track Plus https://www.ghostery.com http://donottrack.us http://donottrackplus.com
    135. 135. Blocks ads, flash and javascript trackers http://noscript.net http://adblockplus.org https://addons.mozilla.org/en-US/firefox/addon/flashblock
    136. 136. Opt-out of sharing
    137. 137. Via browser plugins http://google.com/settings/ads/onweb
    138. 138. Or opt-out manuallyhttp://bit.ly/optout http://www.google.com/ads/preferences/plugin/browsers.html
    139. 139. Remove Your GoogleSearch History
    140. 140. 1. Sign into your Google accounthttps://www.eff.org/deeplinks/2012/02/how-remove-your-google-search-history-googles-new-privacy-policy-takes-effect
    141. 141. 2. Go to https://google.com/historyhttps://www.eff.org/deeplinks/2012/02/how-remove-your-google-search-history-googles-new-privacy-policy-takes-effect
    142. 142. 3. Click "remove all Web History"https://www.eff.org/deeplinks/2012/02/how-remove-your-google-search-history-googles-new-privacy-policy-takes-effect
    143. 143. 4. Click "OK"https://www.eff.org/deeplinks/2012/02/how-remove-your-google-search-history-googles-new-privacy-policy-takes-effect
    144. 144. Pauses Web History, it will remain off untilyou enable it again, but this won’t stopGoogle’s other tracking methods https://www.eff.org/deeplinks/2012/02/how-remove-your-google-search-history-googles-new-privacy-policy-takes-effect
    145. 145. Oops, my history was saved back to 2006 https://www.eff.org/deeplinks/2012/02/how-remove-your-google-search-history-googles-new-privacy-policy-takes-effect
    146. 146. Browse securely
    147. 147. HTTPS is your friend http://alexmillers.wordpress.com/2011/05/11/https-is-your-friend
    148. 148. why?
    149. 149. Session hijackingaka sidejacking https://en.wikipedia.org/wiki/Session_hijacking
    150. 150. Logins: httpsThen drops to: http https://en.wikipedia.org/wiki/Session_hijacking
    151. 151. Firesheep http://codebutler.com/firesheep
    152. 152. HTTPS Everywhere HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS. https://www.eff.org/deeplinks/2011/11/long-term-privacy-forward-secrecy
    153. 153. HTTPS EnforcerHTTPS Enforcer for GoogleChrome encrypts yourcommunications with anumber of major websites. https://github.com/kcherenkov/HTTPS-Enforcer
    154. 154. Encrypt your DNSqueries
    155. 155. OpenDNS tool secures DNStraffic DNSCrypt issignificant because itencrypts all DNS trafficbetween Internet users andOpenDNS. This technologicaladvancement thwarts efforts byattackers, or even InternetService Providers (ISPs), fromspying on DNS activity, or worse,maliciously redirecting DNStraffic. http://www.opendns.com/technology/dnscrypt https://net-security.org/secworld.php?id=12075
    156. 156. Use better passwords
    157. 157. Use more passwords
    158. 158. why?
    159. 159. Zappos hacked, 24million accounts http://money.cnn.com/2012/01/16/technology/zappos_hack/index.htm
    160. 160. Zappos hacked, 24million accountsZappos users here are the subject matter simply because it’sthe most recent attack, but it’s true for whatever set ofservices you use on the daily. If you’ve got an eBay account,an account for your online bank account, and an account forZappos, you need, need, NEED to have a differentpassword for each of them. What you do when you keepthe same password for each of these sites is to open yourselfup to a MUCH wider array of hackers than if you change yourpassword for each. http://money.cnn.com/2012/01/16/technology/zappos_hack/index.htm
    161. 161. SlashGear 101: BasicPassword Security“The simplest way to keep yourself secure on the internetis to use different passwords on each ‘secure’ site youinteract with.” http://www.slashgear.com/slashgear-101-basic-password-security-16209438
    162. 162. Forget your passwords
    163. 163. NOT
    164. 164. Did you forget your password?
    165. 165. why?
    166. 166. Mat Honanhttp://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/
    167. 167. In the space of one hour, my entire digital lifewas destroyed. First my Google accountwas taken over, then deleted. Next myTwitter account was compromised, andused as a platform to broadcast racist andhomophobic messages. And worst of all, myAppleID account was broken into, andmy hackers used it to remotely erase all ofthe data on my iPhone, iPad, and MacBook. http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/
    168. 168. Forget your passwords
    169. 169. Here’s how I do it
    170. 170. https://lastpass.com
    171. 171. https://lastpass.com
    172. 172. 9Z!de*NM2y7%yZwtwZx7CC@utHyVD@5KcP$arcQTkt2Fhntu#8cET!pDqDXq9HcV
    173. 173. 9Z!de*NM2y7%yZwtNot a perfect method, trusting a 3rd partywZx7CC@utHyVD@5KcP$arcQTkt2Fhntu#8cET!pDqDXq9HcV
    174. 174. 9Z!de*NM2y7%yZwtNot a perfect method, trusting a 3rd partywZx7CC@utHyVD@5KWorks, but looking for a more secure waycP$arcQTkt2Fhntu#8cET!pDqDXq9HcV
    175. 175. 9Z!de*NM2y7%yZwtNot a perfect method, trusting a 3rd partywZx7CC@utHyVD@5KWorks, but looking for a more secure waycP$arcQTkt2Fhntu Ideally an Open Source option#8cET!pDqDXq9HcV
    176. 176. Search more securely
    177. 177. “The world’s most private search engine” https://ixquick.de
    178. 178. https://duckduckgo.com
    179. 179. "[...] we cannot rely on a few large companies, and compromise our privacy inthe process," says Michael Christen, YaCys project leader. "YaCys free search is the vitallink between free users and free information. YaCy hands control over search backto us, the users." “A peer to peer (P2P), distributed, anonymous search engine anyone can run and contribute to” http://yacy.net http://www.theregister.co.uk/2011/11/29/yacy_google_open_source_engine
    180. 180. Use free, open source,tools to protect yourself
    181. 181. • Tor is short for The Onion Router• originally designed as a onion routing project of the U.S. Naval Research Laboratory• a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet• mechanism for maintaining civil liberties online (safeguarding online privacy and security) and promoting free speech https://torproject.org
    182. 182. https://torproject.org
    183. 183. The Tor BrowserBundle lets you useTor on Windows, MacOS X or Linuxwithout installingany software. https://www.torproject.org/projects/torbrowser.html.en
    184. 184. Install Tor on aserver to contributeto the network’srobustness, andconnect yourself https://torproject.org
    185. 185. • a user-friendly way of deploying Tor bridges to help users access an uncensored Internet• runs on a Amazon EC2 micro cloud computing platform• Amazon has introduced a free usage tier for a year https://cloud.torproject.org
    186. 186. A lightweight command line service that securelysynchronizes your data http://lipsync.info
    187. 187. javascript based authentication, uses remoteStorage, across-origin data storage protocol separating applicationservers from data storage, your stuff on remote servers,but you still hold the keys
    188. 188. DIY, run your ownservices, instead of usingothers
    189. 189. http://drupal.orghttp://www.joomla.org http://wordpress.org
    190. 190. open source, Jabber/XMPP instant messaging server Off-the-Record (OTR) Messaging, more secure use SSL for encrypted communications Google uses this service for Google Talk http://www.ejabberd.im
    191. 191. open source microblogging software (like Twitter)run your own host, keep your own information it powers http://identi.ca http://identi.ca http://status.net/open-source
    192. 192. an open, distributed, federated, social networkmirrors functionality of Facebook, Google+signup on an official server, or host your own have full control over what you share https://joindiaspora.com
    193. 193. Get involved anddemand change
    194. 194. Focusing public attention on emerging privacy and civil liberties issues PROTECTING CIVIL LIBERTIES IN THE DIGITAL AGE
    195. 195. Conclusion
    196. 196. Conclusionquestion how companies save, store and use yourpersonal data
    197. 197. Conclusionquestion how companies save, store and use yourpersonal datalearn about online privacy, know your rights!
    198. 198. Conclusionquestion how companies save, store and use yourpersonal datalearn about online privacy, know your rights!share what you discover, educate others via blogs,social networks, or just talk about it
    199. 199. Conclusionquestion how companies save, store and use yourpersonal datalearn about online privacy, know your rights!share what you discover, educate others via blogs,social networks, or just talk about itexplore by running your own server, use open sourcetools to protect yourself and help others (it’s fun)
    200. 200. secureworld expo Saint Louis, MO - September 11-12, 2012
    201. 201. slides / detailsphilcryer.com secureworld expo Saint Louis, MO - September 11-12, 2012
    202. 202. slides / detailsphilcryer.comfollow / twitter@fak3r secureworld expo Saint Louis, MO - September 11-12, 2012
    203. 203. slides / detailsphilcryer.comfollow / twitter@fak3rthank / youSecureWorldElectronic Frontier FoundationSpry Digital secureworld expo Saint Louis, MO - September 11-12, 2012
    204. 204. slides / detailsphilcryer.comfollow / twitter@fak3rthank / youSecureWorldElectronic Frontier FoundationSpry Digital secureworld expo Saint Louis, MO - September 11-12, 2012
    205. 205. slides / detailsphilcryer.comfollow / twitter@fak3rthank / youSecureWorldElectronic Frontier FoundationSpry Digital secureworld expo Saint Louis, MO - September 11-12, 2012
    206. 206. slides / detailsphilcryer.comfollow / twitter@fak3rthank / youSecureWorldElectronic Frontier FoundationSpry Digital secureworld expo Saint Louis, MO - September 11-12, 2012
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×