Online Privacy Tools

@jschauma
“This is your last chance, kid. Honest
people don't have anything to hide.”
Jan Schaumann <jschauma@twitter.com> 5CCF 31AE 6746 74E9 8972
772D 3F73 4F36 DBEC 11C0
Don’t they?
Wednesday, September 4, 13

@jschauma https://t.co/YKl4CA7Fq0 vs. https://t.co/pvHUvf7zg4

@jschauma
“But what if I decreed that from now on,
every time you went to evacuate some
solid waste, you'd have to do it in a
glass room perched in the middle of
Times Square, and you'd be buck
naked?”
“[Privacy is] about your life belonging to you.”

@jschauma
The right to whisper.
What #privacy is about.

@jschauma https://t.co/F9EbNnCBLV

@jschauma https://t.co/G8Xdh7y2oJ

@jschauma https://t.co/gVe4YjV7WF

@jschauma
How do we lose privacy?

@jschauma https://duckduckgo.com/?q=nsa+spying

@jschauma https://en.wikipedia.org/wiki/Fundamental_human_needs

@jschauma Metadata.
https://t.co/pgbZaI307M

@jschauma
https://t.co/pgbZaI307M
John McAfee knows about metadata.

@jschauma The Internet.

@jschauma Clown Computing.

@jschauma Networking.

IP: 166.84.7.99
IP: 207.38.152.228

@jschauma For example: http://freegeoip.net/
IP: 166.84.7.99
IP: 207.38.152.228
Location: 40.7143, -74.006

@jschauma Metadata.
IP: 166.84.7.99
IP: 207.38.152.228
Location: 40.7143, -74.006
Time: 25/Aug/2013:20:50:41 -0400

@jschauma Metadata.
IP: 166.84.7.99
IP: 207.38.152.228
Location: 40.7143, -74.006
Time: 25/Aug/2013:20:50:41 -0400
Request: /blog/images/implied-facepalm.jpg

@jschauma Metadata.
IP: 166.84.7.99
IP: 207.38.152.228
Location: 40.7143, -74.006
Time: 25/Aug/2013:20:50:41 -0400
User Agent: Mozilla/5.0 (Macintosh; Intel Mac
OS X 10.8; rv:23.0) Gecko/20100101 Firefox/
23.0

@jschauma Metadata.
IP: 166.84.7.99
IP: 207.38.152.228
Location: 40.7143, -74.006
Time: 25/Aug/2013:20:50:41 -0400
23.0
Referer: http://emptyclosets.com/forum/
entertainment-media/106418-justin-bieber-says-
interview-im-ready-dad-wtf.html

@jschauma Metadata.
IP: 166.84.7.99
IP: 207.38.152.228
Location: 40.7143, -74.006
Time: 25/Aug/2013:20:50:41 -0400
23.0
001010101110101010101
111010101101010101101
010110011000101010110
101101100110101010101
010011001001010101010
010010101101010110101
101011011010101101011
110100001000001111010

@jschauma Cooooookies.

@jschauma Seems legit.

@jschauma https://t.co/GiNaI568ym

@jschaumahttps://t.co/aauYRJv1L4

@jschauma
Cryptography may provide:
https://www.schneier.com/book-ce.html

@jschauma
Conﬁdentiality

@jschauma
Conﬁdentiality
Integrity

@jschauma
Conﬁdentiality
Integrity
Authenticity

@jschauma
Security is HARD.
What are we protecting?
Who are we protecting it from?
Who or what can defeat our solution?
Can we do better?
http://youtu.be/NO0cvqT1tAE
What are we still leaking?

@jschauma Low hanging fruit ﬁrst.

@jschauma
Default to HTTPS.

@jschauma
Default to HTTPS.
Many sites (Twitter, Facebook, Gmail, ...) already
default to HTTPS.

@jschauma
Default to HTTPS.
default to HTTPS.
Dig in preferences for ‘Enable SSL by default’ or similar
setting.

@jschauma
Default to HTTPS.
default to HTTPS.
Dig in preferences for ‘Enable SSL by default’ or similar
setting.
Use the EFF’s ‘HTTPS-Everywhere’ browser plugin:
https://www.eff.org/https-everywhere
FTW!

@jschauma https://youtu.be/iQsKdtjwtYI

Authentication

Conﬁdentiality
Authentication

Integrity
Conﬁdentiality
Authentication

@jschauma

@jschauma
Security is HARD.
What are we protecting?
Who are we protecting it from?
Who or what can defeat our solution?
Can we do better?
https://youtu.be/NO0cvqT1tAE
What are we still leaking?

@jschauma HTTPS protects data in transit.
IP: 166.84.7.99
IP: 207.38.152.228
Location: 40.7143, -74.006
Time: 25/Aug/2013:20:50:41 -0400
23.0
001010101110101010101
111010101101010101101
010110011000101010110
101101100110101010101
010011001001010101010
010010101101010110101
101011011010101101011
110100001000001111010

@jschauma https://t.co/iOf6M1xSoO

@jschauma
“If you are not paying for it, you’re not the customer
- you’re the product being sold.”

@jschauma
Where I come from...
http://nullreferrer.com/

@jschauma
Where I come from...
http://nullreferrer.com/
...is really none of your business.

@jschauma https://t.co/NhkRgUqSFv

@jschauma https://t.co/PHDdu91aDP
Control your cookie consumption!

@jschauma
Private Browsing

@jschauma
Private Browsing
https://www.eff.org/issues/do-not-track

@jschauma https://t.co/1GrWzbcXDT

@jschauma
Google Analytics Google Analytics
Website

@jschauma
Google Analytics
Website

@jschauma
Google Analytics
DoubleClick
Website

@jschauma
Google Analytics
DoubleClick
Facebook Connect
Website

@jschauma
Google Analytics
DoubleClick
Facebook Connect
Jquery
Website

@jschauma
Google Analytics
DoubleClick
Facebook Connect
Jquery
https://t.co/RqPmbO0u3e
...
Website

@jschauma
Google Analytics
DoubleClick
Facebook Connect
Jquery
https://t.co/RqPmbO0u3e
...
Website
Location: 40.7143, -74.006
Time: 25/Aug/2013:20:50:41 -0400
IP: 207.38.152.228
...

@jschauma
Block trackers:
https://www.ghostery.com/
https://twitter.com/ghostery
https://www.abine.com/dntdetail.php
https://twitter.com/abine

@jschauma https://t.co/DiMYreMHPX

@jschauma https://t.co/ryJj7m3CKz

@jschauma
Quis custodiet ipsos custodes?
https://t.co/SgLGkKUxtF

@jschauma
Private Browsing
https://t.co/vTufUSJUkO

@jschauma
Quis custodiet ipsos custodes?
https://t.co/vTufUSJUkO
How does Phishing and Malware Protection work in Firefox?
Phishing and Malware Protection works by checking the sites
that you visit against lists of reported phishing and malware sites.
These lists are automatically downloaded and updated every 30
minutes or so when the Phishing and Malware Protection features
are enabled.
[...]
Before blocking the site, Firefox will request a double-check to
ensure that the reported site has not been removed from the list
since your last update. In both cases, existing cookies you have
from google.com, our list provider, may also be sent.

@jschauma
https://panopticlick.eff.org/
FTW!

@jschauma So... what are we still leaking?
IP: 166.84.7.99
IP: 207.38.152.228
Location: 40.7143, -74.006
Time: 25/Aug/2013:20:50:41 -0400
23.0
001010101110101010101
111010101101010101101
010110011000101010110
101101100110101010101
010011001001010101010
010010101101010110101
101011011010101101011
110100001000001111010

@jschauma https://t.co/8vUNrlG9zf
If you could just write down all of the phone numbers you’ve
called in the last two years together with time, duration and
location of the calls made, that’d be super.
It’s just metadata.

Website

@jschauma Email.
Provider: www.gmail.com
IP: 166.84.7.99
Client IP: 207.38.152.228

@jschauma Email.
IP: 166.84.7.99
Client IP: 207.38.152.228
Provider: mail.yahoo.com

@jschauma Email.
IP: 166.84.7.99
Client IP: 207.38.152.228
IP: 74.125.226.245
IP: 63.250.192.45
Provider: mail.yahoo.com

@jschauma Email.
IP: 74.125.226.245
Server: www.gmail.com
IP: 166.84.7.99
Client IP: 207.38.152.228
IP: 63.250.192.45
SSL
SSL

@jschauma Email.
IP: 74.125.226.245
IP: 166.84.7.99
Client IP: 207.38.152.228
IP: 63.250.192.45
SSL
SSL
LOL “Upstream”

@jschauma Cryptography to the rescue!

@jschauma https://t.co/fr2KcLQeZB

@jschauma
PGP
@GPGTools: https://gpgtools.org/
@mailvelope: http://www.mailvelope.com/
http://www.gnupg.org/

@jschauma What are we still leaking?
001010101110101010101
111010101101010101101
010110011000101010110
101101100110101010101

001010101110101010101
111010101101010101101
010110011000101010110
101101100110101010101
PGP

001010101110101010101
111010101101010101101
010110011000101010110
101101100110101010101
PGP
From: jschauma@twitter.com
To: doctorow@craphound.com
IP: 207.38.152.228
Location: 40.7143, -74.006
Time: 25/Aug/2013:20:50:41 -0400

@jschauma https://t.co/FkEQYBXWBa

@jschauma https://t.co/FkEQYBXWBa
Can we do better?

@jschauma Chat.
IP: 166.84.7.99
IP: 207.38.152.228

@jschauma Chat.
IP: 166.84.7.99
IP: 207.38.152.228
connection encrypted

@jschauma Chat.
IP: 166.84.7.99
IP: 207.38.152.228
LOL #PRISM

@jschauma Chat.
IP: 166.84.7.99
IP: 207.38.152.228
LOL
Cryptanalysis

@jschauma
Oﬀ The Record Messaging
end-to-end encryption
authentication
deniability
perfect forward secrecy
http://www.cypherpunks.ca/otr/

@jschauma https://t.co/gSg4jcV8bs
chat content encrypted

@jschauma https://t.co/gSg4jcV8bs
LOL
“Border” search

@jschauma https://t.co/jbWM2zCkHn
§ 287 (a) (3) of the Immigration
and Nationality Act, 66 Stat.
233, 8 U.S.C. § 1357(a)(3), which
simply provides for warrantless
searches of automobiles and
other conveyances "within a
reasonable distance from any
external boundary of the United
States"

@jschauma OTR.
Connections established
via SSL to central server.

@jschauma OTR.

@jschauma OTR.
LOL Metadata
IP: 166.84.7.99
IP: 207.38.152.228
Location: 40.7143, -74.006
Time: 25/Aug/2013:20:50:41 -0400

@jschauma No VPN.
IP: 74.125.226.245
IP: 166.84.7.99
Client IP: 207.38.152.228

@jschauma VPN.
VPNAES256
IP: 207.38.152.228
Location: 40.7143, -74.006
IP: 205.251.192.55

@jschauma VPN.
VPN
LOL NSL
AES256
IP: 207.38.152.228
Location: 40.7143, -74.006
IP: 205.251.192.55

@jschauma https://www.torproject.org/

@jschauma https://t.co/mSBO7VmiGX

@jschauma https://t.co/ZYzbWsK4HG

@jschauma
Understand your threat
model!
https://xkcd.com/538/

@jschauma
Understand your threat
model!
https://xkcd.com/538/
LOL NSL
LOL indeed.

@jschauma
Things you can do:
Part I (Web)
Use services with strong
privacy defaults.
https://prism-break.org/

@jschauma
Things you can do:
Part I (Web)
https://ixquick.com/
https://duckduckgo.com/
http://www.yacy.net
http://donttrack.us/

@jschauma
Things you can do:
Part I (Web)
enable HTTPS on services
use HTTPS-Everywhere
Delete Cookies
Enable DNT
Disable Referer
Set User Agent

@jschauma
Things you can do:
Part II (Email)
Disable HTML.
Delete your email.
Use services with strong
privacy defaults.
https://t.co/uorBWl4X5a

@jschauma
Things you can do:
Part II (Email)
https://mykolab.com/
https://mail.riseup.net/
(Run your own mail server.)

@jschauma
Things you can do:
Part II (Email)
Use PGP.
@GPGTools: https://gpgtools.org/
@mailvelope: http://www.mailvelope.com/
http://www.gnupg.org/

@jschauma
Things you can do:
Part III (Chat)
Use OTR.
Don’t store logs.

@jschauma
https://crypto.cat/ https://www.adium.im/
https://whispersystems.org/ https://guardianproject.info/apps/gibber/
...
Things you can do:
Part III (Chat)

@jschauma
Things you can do:
Part IV
Use a VPN.
Use Tor.

@jschauma
Down the rabbit hole.
Tumbling down the rabbit hole...

@jschauma
Tails
https://tails.boum.org/

@jschauma
Tails
Least Authority
https://leastauthority.com/

@jschauma
Tails
Least Authority
Little Snitch
https://t.co/brvDYrOOur

@jschauma
Hidden Services
https://t.co/f0LmP2vylJ
Tails
Least Authority
Little Snitch

@jschauma
Hidden Services
Dark Web
http://www.thehiddenwiki.net/
Tails
Least Authority
Little Snitch

@jschauma
Hidden Services
Dark Web
http://www.thehiddenwiki.net/
Tails
Least Authority
Little Snitch
...

@jschauma
Oh, and one more thing...
http://www.netmeister.org/blog/opt-links.html

@jschauma
Oh, and one more thing...
http://www.netmeister.org/blog/opt-links.html
"Nobody does more lasting good for the Internet with less.
Every penny you donate makes change for the better."
— Cory Doctorow
https://supporters.eff.org/donate

Online Privacy Tools

Recommended

Recommended

More Related Content

More from Jan Schaumann

More from Jan Schaumann (17)

Recently uploaded

Recently uploaded (20)

Online Privacy Tools