An introduction to online privacy

1. PROTECT YOUR PRIVACY:
SAFETY & SECURITY IN AN ONLINE WORLD
Marcos Lopez-Carlson
marcos.lopezcarlson@gmail.com
@marcoscopic

2. TWIN CITIES MEDIA ALLIANCE
The Twin Cities Media Alliance began in the
winter of 2005 with the mission of bringing
together media professionals and engaged
citizens to improve the quality, accountability
and diversity of the local media, and giving the
public the tools they need to become more
active participants in the emerging media
environment.

3. WHAT WE WILL COVER
 What is privacy & security?
 What are the risks?
 Encryption; data security
 Password Management; access security
 Browser Controls; surfing security
 Multifactors & Wifi protection; mobile
security

4. WHAT IS PRIVACY & SECURITY
 Privacy is a changing idea and a reflection of the
times
 What was once considered public is now private,
and vice versa
 What do you think of when I mention privacy?

5. WHAT ARE THE RISKS?
 Man in the middle attack: a third-party gets between two
online sites, and impersonates both parties
 Password theft: stealing passwords with a dictionary
attack, wifi sniffing or recycled passwords from a
compromised site
 WiFi Sniffers: intercepts information packets between your
computer and the network
 Ransomware: malware which locks down your computer or
files, demands a ransom in order to release the files
 Malicious apps: malware which disguises itself as a
legitimate app, often as a free version

6. WHAT IS ENCRYPTION?
 Encryption is the process of encoding information
so that only authorized parties can read it.
 Unencrypted data is called plain text
 Encrypted data is called cipher text
Encryption is not new. It has been around as long as
humans have been communicating privately…

7. HOW DOES ENCRYPTION WORK?
 Information is encrypted using a key
 That key turns the plain text into cyphertext
 The encrypted message is transported
 The message is decrypted at the destination
 128 bit encryption has 2128 possibilities or 1 in…

8. WHAT IS ENCRYPTION?
3,402,823,669,209,384,
634,633,746,074,300,
000,000,000,000,000,
000,000,000,000,000,
000,000

9. HOW IS ENCRYPTION USED?
 For safe browsing
 Preventing man-in-the-middle attacks
 Online purchasing
 SSL keeps credit card information safe
 Bank access
 SSL keeps bank account information secure
 Data storage
 Use to keep offline, online and cloud files from being
legible

10. PASSWORD MANAGEMENT
Understanding weak vs strong passwords
 Weak passwords are simple and unimportant, use
them for websites which DO NOT have access to
important information
 Strong passwords are complex, use them for
websites which have access to money and
personal information (this includes Facebook!)

11. PASSWORD MANAGEMENT
What makes a good password?
Avoid simple substitutions and words
hint: p@ssw0rd is a terrible password
Do not use common words and phrases

12. PASSWORD MANAGEMENT
One idea: Use a Password recipe-
A simple recipe to turn URLs into passwords
Ex. google.com
1. Number of letters in the URL 9
2. Multiply by 2 18
3. Add the vowels ooeo
4. Capitalize the first letter G
5. Add symbol !
1. Google.com = 918ooeG!

13. PASSWORD MANAGEMENT
One thing to remember, length is the most important
attribute!
https://blog.kaspersky.com/password-check/

14. PASSWORD MANAGEMENT
Password managers create and store your
passwords. They also sync across devices.
 Cloud based
 LastPass
 Dashlane
 Locally available (with a USB)
 KeePass
 1Password
 Password Safe

15. PASSWORD MANAGEMENT
Do NOT store your passwords in your browser. They
are not encrypted, they are plain text
To store your passwords locally, use an encrypted file

16. BROWSING SAFELY
Using encryption when browsing

17. BROWSING SAFELY
Best browsers for security
#1 Firefox
#2 Chrome
#3 Opera
#4 Safari
#5 Internet Explorer
If possible, try to stick with one of the first three.

18. BROWSING SAFELY
Extensions, add-ons & tools:
Privacy Badger: blocks banner ads, pop-up ads, rollover ads,
and more. It stops you from visiting known malware-hosting
domains, and also disables third-party tracking cookies and
scripts.
HTTPS Everywhere: automatically shunts your connection
to a SSL when possible.

19. BROWSING SAFELY
What about private mode (or incognito mode)?
Prevents your browser from remembering what you
have done…
Hence the name porn mode
Does NOT keep your ISP (internet service provider)
from knowing your traffic, nor does it protect you
from “man in the middle” attacks

20. MULTIFACTOR & WIFI SAFETY
Multifactor authentication requires MULTIPLE
FORMS of identification
 PIN numbers
 Memorized, like an ATM, or sent via text messaging per
login
 Biometrics
 Fingerprint scanner, facial recognition, voice scanners
 Security keys (Yubikey, et al)
 An encrypted USB key which confirms identity
 Google Authenticator
 Secure key generated on your mobile device

21. PUBLIC SAFETY
When using public WiFi, protect yourself from WiFi
sniffers, man-in-the-middle attacks and malicious
snooping
 Verify the name of the network you are using
 Turn off file sharing
 Use https
 Turn off WiFi if you are not using it
 Keep the private stuff (like banking) for home

22. MOBILE SECURITY
 Use a PIN or other multifactor authenticator
 Use a device locator
 iPhone, Find My Phone
 Android, Device Manager
 Back up your phone data
 Consider encrypting your phone
 Using a PIN or screen pattern decrypts phone
 iPhone screenlock automatically encrypts the phone
 Turn it on in Android Settings

23. BEST PRACTICES
 Be Password Smart
 Think twice before entering your password
 Don’t recycle passwords
 Consider a password manager & multifactor
authentication
 Browse like a Pro
 Use https by default
 Turn off browser password & form autofilling
 Be Safe in Public
 Use encryption
 Turn off file sharing

24. QUESTIONS?
PROTECT YOUR PRIVACY:
SAFETY & SECURITY IN AN ONLINE WORLD
Marcos Lopez-Carlson
marcos.lopezcarlson@gmail.com
@marcoscopic