YABB: Yet Another Big Brother (Identity.next, The Hague, 8 dec 2010)

12,076 views

Published on

Presentation at the Identity.next conference in The Hague http://identitynext.nl/

The presentation explains the role of location providers such as Google and Skyhook Wireless, the Google Wifi debacle and the privacy issues when MAC addresses are being exposed (both of wifi hotspots and of client devices).

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
12,076
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • YABB is not a Web 2.0 name 
  • Who are you?GovernementIdentitypeople?Privacy people?
  • Story that has been making headlines this year – spectacular in privacy world
  • It’s old already!Used to be services by Operators!
  • Now: 3d parties not linked to the operatorExample: Navigation information, maps…
  • But also: extra parameter for context
  • USG
  • Pics (implicit)
  • GPS-signal : no privacy impactHow do you translate antennas and wifi to a location?
  • Have a great website withexplanation
  • Capture MAC addressesAlso from your hotspot at homeBydrivingaround
  • Telcos their first customers
  • That’s how they improvetheir database
  • Client: also laptops with “normal browser”(Google Location service is default location provider in Firefox and Chrome)
  • A worldwide sensor network (eg in cities, inside, at higher floors...)
  • Important: this happens for every application, as soon as you get out…No wonder Skyhook can build impressive visulisations and derivative products (crowd management)On the other hand: massive surveillance tool on top of dataretention, and in the hands of US government – beware if you’re a blond australian.
  • Bigger than Skyhook, so more under scrutiny
  • StreetviewAuditby German DPA had stored content of communication as well
  • StrozFriedbergto their advantage: channel switching every 0,2 seconds email addresses, passwords... also: MAC-adresses clients!: industrial-scale tracking system 
  • PR and possiblylegal disaster for GoogleStoppeddrivingcarsNotsurewhethertheywill stop to self-update
  • QuestionsDPA’swill have toanswer…
  • And if it is personal data, how then?Think of divorced womanThink of Malware: wifi – routerConsent by owner?Compare to Google Streetview pics (visible versus invisible wavelength, German opt-out)
  • Detailed information on your lifestyleCombination of your IP address + Mac Address + locationRegulation, just like with search enginesGranularity of consent ( I cannot differentiate between location providers)
  • Beacon ~ identityThink of social engineering…Mac addresses were never supposed to be exposed…Malware
  • For this corporate identity management audience
  • Mindsetsecuritypeople <> privacy people
  • (think of phonecalls in public)
  • Similar to IP addressesTokens, pseudonymsThingsthatcanbecomepersonal dataGrey zone…(that’swhy privacy people are lawyers and nottechnical)
  • At the moment: reputation. Will become financial penaltiesGoogle guy: the more data, the better
  • YABB: Yet Another Big Brother (Identity.next, The Hague, 8 dec 2010)

    1. 1. Yet another Big Brother<br />(the infrastructure behind location-based services)<br />1<br />
    2. 2. Whoami<br />2<br />
    3. 3. Location-based services?<br />3<br />
    4. 4. 4<br />
    5. 5. 5<br />
    6. 6. 6<br />
    7. 7. 7<br />
    8. 8. 8<br />
    9. 9. 9<br />How does it work?<br />GPS<br />Antennas<br />Wifi<br />
    10. 10. 10<br />Skyhook<br />
    11. 11. 11<br />Source: http://www.skyhookwireless.com/howitworks/<br />
    12. 12. 12<br />Source: http://www.skyhookwireless.com/howitworks/<br />
    13. 13. 13<br />Source: http://www.skyhookwireless.com/howitworks/<br />
    14. 14. 14<br />Source: http://www.skyhookwireless.com/howitworks/<br />
    15. 15. 15<br />Source: http://www.skyhookwireless.com/howitworks/<br />
    16. 16. 16<br />Source: http://www.skyhookwireless.com/howitworks/<br />
    17. 17. Google<br />17<br />
    18. 18. 18<br />
    19. 19. 19<br />
    20. 20. 20<br />
    21. 21. 21<br />
    22. 22. Privacy issues<br />22<br />
    23. 23. Is your wifi hotspot personal data?<br />23<br />
    24. 24. Who monitors the location provider?<br />24<br />
    25. 25. Is the client MAC address personal data<br />25<br />
    26. 26. Lessons Learned<br />26<br />
    27. 27. Privacy <> security<br />27<br />
    28. 28. Not encrypted <> Public<br />28<br />
    29. 29. Personal Data <>Personally Identifiable Data<br />29<br />
    30. 30. Data can be (and will become increasingly) a liability<br />30<br />
    31. 31. Resources <br />http://epic.org/privacy/streetview/<br />http://googlepolicyeurope.blogspot.com/2010/04/data-collected-by-google-cars.html<br />http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html<br />http://edri.org<br />http://www.skyhookwireless.com/<br />31<br />
    32. 32. About <br />http://vanhecke.info<br />Twitter:<br />@pascalvanhecke<br />@vanheckeinfo<br />32<br />

    ×