SlideShare a Scribd company logo
1 of 36
Download to read offline
privacy is an illusion
and you’re all losers
or how 1984 was a manual for our panopticon society

!
By Cain Ransbottyn - @ransbottyn
End of privacy
•

9/11 attacks invigorated the
concept of terrorist threats

•

Post 9/11 there was a strong
and understandable argument
to prioritise security
End of civil liberties
•

New word: “asymmetrical
threats”

•

Actually means: “please give
up your civil liberties”, in 2001
55% US citizens were pro; in
2011 only 40% (and
declining).

•

Patriot Act changed the world
for good
So, terrorism huh ?
•

systematic use of violent
terror as a means of
coercion

•

violent acts which are
intended to create fear
(terror)

•

perpetrated for a religious,
political, or ideological goal

•

deliberately target or
disregard the safety of noncombatants (civilians)
Global terrorist threat map
Data of 2010. Seems legit.
Year on year doubling in surveillance
budget since the Patriot Act
Except for 2013, then there was a dark budget of US$ 52,6B
Fear. Uncertainty. Doubt.
•

Instilling fear is a premise for
coercion. But to whom ?

•

Mass media works as a
catalyst to bring fear in the
homes of citizens.

•

We all are very shitty at threat
and risk assessments. Pigs or
sharks ?

•

23,589

40

Or terrorist attacks ?
13,200

* 2010 facts and figures worldwide
Are we really capable of
understanding the real
threat level ?
Please demonstrate you can spot a rhetorical question when you see one
The convenience of circular
logic
•

Gov’t: We’re using
surveillance so we can
prevent terrorist attacks

You: I don’t see any terrorist
threat or attack

Gov’t: Awesome stuff, hey ?


•

Him: I’m using this repellent to
scare away elephants.

You: But I don’t see any
elephants.

Him: Awesome stuff, hey ?
quis custodiet ipsos
custodes ?
Total Information
Awareness
The 2002 - 2003 program that began a data mining project, following warantless surveillance decision in 2002
PRISM, XKeyScore, Tempora
!
Thank you Microsoft, Facebook, Yahoo!, Google, Paltalk, YouTube, AOL,
Apple, Skype

Snowden leaks the post 2007 surveillance industry is much worse than anyone could have imagined
The rise of private
intelligence agencies
•

The welcome gift of “social
networks”

•

The thankful adoption rate of
smart phones

•

The cloud as the ultimate data
gathering extension to
governments

•

The phone operators remain a
loyal friend

•

The overt investment strategy of
In-Q-Tel
The In-Q-Tel investment firm
•

Founded 1999 as not-for-profit
venture capital firm

•

So… if you are not looking to make a
profit, what are you looking for then ?

•

Investments in data mining, call
recording, surveillance, crypto,
biotech, …

•

E.g. 2007 AT&T - Narus STA 6400
backdoor = product of In-Q-Tel
funded company

•

Many (many) participations
worldwide (also Belgium)
Social networks as a private
intelligence agency
•

Perfect front offices

•

Facebook as the first global
private intelligence agency

•

Otherwise hard to obtain intel
is being shared voluntarily by
everyone (e.g. hobbies, etc.)

•

US$ 12,7M investment by
James Breyer (Accel), former
colleague of Gilman Louie
(CEO In-Q-Tel)
Smart-phones as the
ultimate tracking device
•

Device you carry 24/7 with you.
With a GPS on board.

•

Android has remote install/deinstall
hooks in its OS (so has IOS)

•

OTA vulnerabilities allow remote
installs of byte patches (e.g.
Blackberry incident in UAE)

•

Apple incident (“the bug that
stored your whereabouts”)

•

Any idea how many address
books are stored on iCloud ? :p
Smart-phones as the
ultimate tracking device

Wi-Fi based positioning has become very accurate and quickly deployed mainstream
Cloud providers as the
perfect honeypot
•

There is no company that is so
invasive as Google

•

Records voice calls (Voice),
analyses e-mail (GMail), knows who
you talk to and where you are
(Android), has all your documents
(Drive) and soon will see through
your eyes (Glass)

•

Robert David Steele (CIA) disclosed
Google takes money from US Intel.
community.

•

In-Q-Tel and Google invest in
mutual companies (mutual interest)
Cloud providers as the
perfect honeypot
•

Not only Google. The latest
OSX Mavericks actually asked
me to… store my Keychain in
the cloud *sigh*

•

While Apple claims iMessage
cannot be intercepted, we
know it is possible because
Apple is the MITM and no
end-to-end crypto is used nor
certificate pinning.
The loyal friend, the phone
operator
•

Needs to be CALEA and ETSI
compliant. Yeah right :-)

•

Operators are both targets of
surveillance stakeholders (e.g.
Belgacom/BICS hack by GCHQ)
and providers of surveillance tactics
(taps, OTA installs, silent SMS, etc.)

•

Does KPN really trust NICE (Israel)
and does Belgacom really trust
Huawei (China) ?

•

Truth of the matter is: you cannot
trust your operator…
Privacy is for losers

If you think you have privacy,
you really are a loser
#dta

If a government needs to understand
its enemy, and we’re being surveilled.
Then, who exactly is the enemy ?
Conspiracy theory ?
!

Whistleblowers showed that reality
is far worse
So now what ?
Change your attitude.
Wake the f*ck up…
Reclaim ownership of your data.
Demand transparency of every
service you use.
Encryption is your
friend
Encryption today is built for security
professionals and engineers.
Not for your mom or dad.
Security and crypto engineers don’t
understand UI and UX
Android and IOS planned. Microsoft Mobile perhaps.
Requirements
•

Must provide strong crypto

•

Must be open source (GitHub)

•

Must be beautiful and easy to use, we
actually don’t want the user to be
confronted with complex crypto issues

•

Provide deniability

•

Provide alerting mechanisms that alert
the user when something is wrong

•

Even when your device is confiscated,
it should be able to withstand forensic
investigation
How it’s built
•

Using tor as transport layer for P2P
routing and provide anonymity (no
exit nodes used).

•

Obfuscated as HTTPS traffic to
prevent gov’t filtering.

•

Using OTR v3.1 to ensure perfect
forward secrecy and end-to-end
crypto.

•

Capable of detecting A5/GSM
tactical surveillance attacks.

•

Extremely effective anti forensic
mechanisms and triggers
How it’s used
Who’s using it
•

Journalists

•

Freedom Fighters

•

Whistleblowers

•

Lawyers and security
professionals

•

…
Why use it ?
•

To protect your human right
on privacy

•

To protect your human right
on freedom of speech

•

Because your communication
needs to remain confidential

•

Because excessive
surveillance is a threat to
modern democracy
Privacy might be for losers, but
that doesn’t mean you are OK
to give up your human rights…

More Related Content

What's hot

Minimum Desirable Product
Minimum Desirable ProductMinimum Desirable Product
Minimum Desirable Product
Andrew Chen
 
Introduction for ChatGPT - Primer to Dummies
Introduction for ChatGPT - Primer to DummiesIntroduction for ChatGPT - Primer to Dummies
Introduction for ChatGPT - Primer to Dummies
SwethaKJ2
 

What's hot (20)

Intro to LLMs
Intro to LLMsIntro to LLMs
Intro to LLMs
 
Advanced Tactics for Using AI Tools & Big Data Analysis to Improve E-E-A-T
Advanced Tactics for Using AI Tools & Big Data Analysis to Improve E-E-A-TAdvanced Tactics for Using AI Tools & Big Data Analysis to Improve E-E-A-T
Advanced Tactics for Using AI Tools & Big Data Analysis to Improve E-E-A-T
 
Minimum Desirable Product
Minimum Desirable ProductMinimum Desirable Product
Minimum Desirable Product
 
Decentralized bank-Aave: presented by Outliers
Decentralized bank-Aave: presented by OutliersDecentralized bank-Aave: presented by Outliers
Decentralized bank-Aave: presented by Outliers
 
Bitcoin and Blockchain Technology Explained: Not just Cryptocurrencies, Econo...
Bitcoin and Blockchain Technology Explained: Not just Cryptocurrencies, Econo...Bitcoin and Blockchain Technology Explained: Not just Cryptocurrencies, Econo...
Bitcoin and Blockchain Technology Explained: Not just Cryptocurrencies, Econo...
 
Insane Honesty in Content Marketing
Insane Honesty in Content MarketingInsane Honesty in Content Marketing
Insane Honesty in Content Marketing
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
ChatGPT vs. GPT-3.pdf
ChatGPT vs. GPT-3.pdfChatGPT vs. GPT-3.pdf
ChatGPT vs. GPT-3.pdf
 
ChatGPT Use- Cases
ChatGPT Use- Cases ChatGPT Use- Cases
ChatGPT Use- Cases
 
ChatGPT Deck.pptx
ChatGPT Deck.pptxChatGPT Deck.pptx
ChatGPT Deck.pptx
 
whatischatgpt-221208190752-7a70dcc8.pdf
whatischatgpt-221208190752-7a70dcc8.pdfwhatischatgpt-221208190752-7a70dcc8.pdf
whatischatgpt-221208190752-7a70dcc8.pdf
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
Introduction for ChatGPT - Primer to Dummies
Introduction for ChatGPT - Primer to DummiesIntroduction for ChatGPT - Primer to Dummies
Introduction for ChatGPT - Primer to Dummies
 
OSINT
OSINTOSINT
OSINT
 
Guide to dark web
Guide to dark webGuide to dark web
Guide to dark web
 
Exploring ChatGPT For Effective Teaching
Exploring ChatGPT For Effective TeachingExploring ChatGPT For Effective Teaching
Exploring ChatGPT For Effective Teaching
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark Web
 
ChatGPT Cheatsheet 2023
ChatGPT Cheatsheet 2023ChatGPT Cheatsheet 2023
ChatGPT Cheatsheet 2023
 
World NFT
World NFTWorld NFT
World NFT
 
Blockchain, Ethereum and ConsenSys
Blockchain, Ethereum and ConsenSysBlockchain, Ethereum and ConsenSys
Blockchain, Ethereum and ConsenSys
 

Viewers also liked

Taming the ever-evolving Compliance Beast : Lessons learnt at LinkedIn [Strat...
Taming the ever-evolving Compliance Beast : Lessons learnt at LinkedIn [Strat...Taming the ever-evolving Compliance Beast : Lessons learnt at LinkedIn [Strat...
Taming the ever-evolving Compliance Beast : Lessons learnt at LinkedIn [Strat...
Shirshanka Das
 
Electronic Communication
Electronic CommunicationElectronic Communication
Electronic Communication
wmassie
 

Viewers also liked (20)

What is Artificial Intelligence | Artificial Intelligence Tutorial For Beginn...
What is Artificial Intelligence | Artificial Intelligence Tutorial For Beginn...What is Artificial Intelligence | Artificial Intelligence Tutorial For Beginn...
What is Artificial Intelligence | Artificial Intelligence Tutorial For Beginn...
 
Inside Google's Numbers in 2017
Inside Google's Numbers in 2017Inside Google's Numbers in 2017
Inside Google's Numbers in 2017
 
Top 5 Deep Learning and AI Stories - October 6, 2017
Top 5 Deep Learning and AI Stories - October 6, 2017Top 5 Deep Learning and AI Stories - October 6, 2017
Top 5 Deep Learning and AI Stories - October 6, 2017
 
The AI Rush
The AI RushThe AI Rush
The AI Rush
 
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
 
2017 holiday survey: An annual analysis of the peak shopping season
2017 holiday survey: An annual analysis of the peak shopping season2017 holiday survey: An annual analysis of the peak shopping season
2017 holiday survey: An annual analysis of the peak shopping season
 
10 facts about jobs in the future
10 facts about jobs in the future10 facts about jobs in the future
10 facts about jobs in the future
 
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
 
Online Harassment 2017
Online Harassment 2017Online Harassment 2017
Online Harassment 2017
 
3 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 20173 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 2017
 
Taming the ever-evolving Compliance Beast : Lessons learnt at LinkedIn [Strat...
Taming the ever-evolving Compliance Beast : Lessons learnt at LinkedIn [Strat...Taming the ever-evolving Compliance Beast : Lessons learnt at LinkedIn [Strat...
Taming the ever-evolving Compliance Beast : Lessons learnt at LinkedIn [Strat...
 
Natural Frequencies and Mode shape vectors for 10 Mass-Spring system
Natural Frequencies and Mode shape vectors for 10 Mass-Spring systemNatural Frequencies and Mode shape vectors for 10 Mass-Spring system
Natural Frequencies and Mode shape vectors for 10 Mass-Spring system
 
An Introduction to LGBTQ Oppression
An Introduction to LGBTQ OppressionAn Introduction to LGBTQ Oppression
An Introduction to LGBTQ Oppression
 
How to Configure Selenium WebDriver (java)
How to Configure Selenium WebDriver (java)How to Configure Selenium WebDriver (java)
How to Configure Selenium WebDriver (java)
 
Presentacion actividad 7
Presentacion actividad 7Presentacion actividad 7
Presentacion actividad 7
 
Lgbt community center
Lgbt community centerLgbt community center
Lgbt community center
 
Apresentação do curso de auxiliares de bibliotecas da UFRJ
Apresentação do curso de auxiliares de bibliotecas da UFRJApresentação do curso de auxiliares de bibliotecas da UFRJ
Apresentação do curso de auxiliares de bibliotecas da UFRJ
 
Python as a Replacement for Commercial Stats Packages
Python as a Replacement for Commercial Stats PackagesPython as a Replacement for Commercial Stats Packages
Python as a Replacement for Commercial Stats Packages
 
Electronic Communication Etiquette
Electronic Communication EtiquetteElectronic Communication Etiquette
Electronic Communication Etiquette
 
Electronic Communication
Electronic CommunicationElectronic Communication
Electronic Communication
 

Similar to Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013

HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
Hackito Ergo Sum
 

Similar to Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013 (20)

Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01
 
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
 
Reining in the Data ITAG tech360 Penn State Great Valley 2015
Reining in the Data   ITAG tech360 Penn State Great Valley 2015 Reining in the Data   ITAG tech360 Penn State Great Valley 2015
Reining in the Data ITAG tech360 Penn State Great Valley 2015
 
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economyRaoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
 
Cybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationCybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generation
 
Refugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityRefugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on Security
 
nullcon 2010 - Underground Economy
nullcon 2010 - Underground Economynullcon 2010 - Underground Economy
nullcon 2010 - Underground Economy
 
Simon Harrison RWE - Chain of Things 010616 final
Simon Harrison RWE - Chain of Things 010616 finalSimon Harrison RWE - Chain of Things 010616 final
Simon Harrison RWE - Chain of Things 010616 final
 
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
 
This Time, It’s Personal: Why Security and the IoT Is Different
This Time, It’s Personal: Why Security and the IoT Is DifferentThis Time, It’s Personal: Why Security and the IoT Is Different
This Time, It’s Personal: Why Security and the IoT Is Different
 
Towngas Infomation Security Week 2013 presentation
Towngas Infomation Security Week 2013 presentationTowngas Infomation Security Week 2013 presentation
Towngas Infomation Security Week 2013 presentation
 
Service Design Days 2017 - Keynote Jon Rogers (University of Dundee)
Service Design Days 2017 - Keynote Jon Rogers (University of Dundee)Service Design Days 2017 - Keynote Jon Rogers (University of Dundee)
Service Design Days 2017 - Keynote Jon Rogers (University of Dundee)
 
Risk Factory: Let's Get Physical
Risk Factory: Let's Get PhysicalRisk Factory: Let's Get Physical
Risk Factory: Let's Get Physical
 
Iot ppt
Iot pptIot ppt
Iot ppt
 
Dark Net
Dark NetDark Net
Dark Net
 
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictions
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and Privacy
 
article cybersecurity must B2B metaverse
article cybersecurity must B2B metaversearticle cybersecurity must B2B metaverse
article cybersecurity must B2B metaverse
 
nullcon 2010 - Corporate Security and Intelligence – the dark links
nullcon 2010 - Corporate Security and Intelligence – the dark linksnullcon 2010 - Corporate Security and Intelligence – the dark links
nullcon 2010 - Corporate Security and Intelligence – the dark links
 

More from Cain Ransbottyn

More from Cain Ransbottyn (9)

Privacy is for losers 2016
Privacy is for losers 2016Privacy is for losers 2016
Privacy is for losers 2016
 
logo - ident creation by @visualphill (@_visualstar)
logo - ident creation by @visualphill (@_visualstar)logo - ident creation by @visualphill (@_visualstar)
logo - ident creation by @visualphill (@_visualstar)
 
logo - ident creation by @visualphill (@_visualstar)
logo - ident creation by @visualphill (@_visualstar)logo - ident creation by @visualphill (@_visualstar)
logo - ident creation by @visualphill (@_visualstar)
 
The "Virtual Coaching Institute"-Pitch during Hack for Health weekend! (May 0...
The "Virtual Coaching Institute"-Pitch during Hack for Health weekend! (May 0...The "Virtual Coaching Institute"-Pitch during Hack for Health weekend! (May 0...
The "Virtual Coaching Institute"-Pitch during Hack for Health weekend! (May 0...
 
Stop Wasting Money on Facebook Ads! - Digital Marketing First 2013
Stop Wasting Money on Facebook Ads! - Digital Marketing First 2013Stop Wasting Money on Facebook Ads! - Digital Marketing First 2013
Stop Wasting Money on Facebook Ads! - Digital Marketing First 2013
 
Let's Google My Audience - Privacy is for Losers!
Let's Google My Audience - Privacy is for Losers!Let's Google My Audience - Privacy is for Losers!
Let's Google My Audience - Privacy is for Losers!
 
#Smc040 @ransbottyn's Experiment: Social Media Product Placement
#Smc040 @ransbottyn's Experiment: Social Media Product Placement#Smc040 @ransbottyn's Experiment: Social Media Product Placement
#Smc040 @ransbottyn's Experiment: Social Media Product Placement
 
Privacy is for losers
Privacy is for losersPrivacy is for losers
Privacy is for losers
 
Emailvision: I'm a spammer!
Emailvision: I'm a spammer!Emailvision: I'm a spammer!
Emailvision: I'm a spammer!
 

Recently uploaded

“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
Muhammad Subhan
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 

Recently uploaded (20)

Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideCollecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 

Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013

  • 1. privacy is an illusion and you’re all losers or how 1984 was a manual for our panopticon society ! By Cain Ransbottyn - @ransbottyn
  • 2. End of privacy • 9/11 attacks invigorated the concept of terrorist threats • Post 9/11 there was a strong and understandable argument to prioritise security
  • 3. End of civil liberties • New word: “asymmetrical threats” • Actually means: “please give up your civil liberties”, in 2001 55% US citizens were pro; in 2011 only 40% (and declining). • Patriot Act changed the world for good
  • 4. So, terrorism huh ? • systematic use of violent terror as a means of coercion • violent acts which are intended to create fear (terror) • perpetrated for a religious, political, or ideological goal • deliberately target or disregard the safety of noncombatants (civilians)
  • 5. Global terrorist threat map Data of 2010. Seems legit.
  • 6. Year on year doubling in surveillance budget since the Patriot Act Except for 2013, then there was a dark budget of US$ 52,6B
  • 7. Fear. Uncertainty. Doubt. • Instilling fear is a premise for coercion. But to whom ? • Mass media works as a catalyst to bring fear in the homes of citizens. • We all are very shitty at threat and risk assessments. Pigs or sharks ? • 23,589 40 Or terrorist attacks ? 13,200 * 2010 facts and figures worldwide
  • 8. Are we really capable of understanding the real threat level ? Please demonstrate you can spot a rhetorical question when you see one
  • 9. The convenience of circular logic • Gov’t: We’re using surveillance so we can prevent terrorist attacks
 You: I don’t see any terrorist threat or attack
 Gov’t: Awesome stuff, hey ?
 • Him: I’m using this repellent to scare away elephants.
 You: But I don’t see any elephants.
 Him: Awesome stuff, hey ?
  • 11. Total Information Awareness The 2002 - 2003 program that began a data mining project, following warantless surveillance decision in 2002
  • 12. PRISM, XKeyScore, Tempora ! Thank you Microsoft, Facebook, Yahoo!, Google, Paltalk, YouTube, AOL, Apple, Skype Snowden leaks the post 2007 surveillance industry is much worse than anyone could have imagined
  • 13. The rise of private intelligence agencies • The welcome gift of “social networks” • The thankful adoption rate of smart phones • The cloud as the ultimate data gathering extension to governments • The phone operators remain a loyal friend • The overt investment strategy of In-Q-Tel
  • 14. The In-Q-Tel investment firm • Founded 1999 as not-for-profit venture capital firm • So… if you are not looking to make a profit, what are you looking for then ? • Investments in data mining, call recording, surveillance, crypto, biotech, … • E.g. 2007 AT&T - Narus STA 6400 backdoor = product of In-Q-Tel funded company • Many (many) participations worldwide (also Belgium)
  • 15. Social networks as a private intelligence agency • Perfect front offices • Facebook as the first global private intelligence agency • Otherwise hard to obtain intel is being shared voluntarily by everyone (e.g. hobbies, etc.) • US$ 12,7M investment by James Breyer (Accel), former colleague of Gilman Louie (CEO In-Q-Tel)
  • 16. Smart-phones as the ultimate tracking device • Device you carry 24/7 with you. With a GPS on board. • Android has remote install/deinstall hooks in its OS (so has IOS) • OTA vulnerabilities allow remote installs of byte patches (e.g. Blackberry incident in UAE) • Apple incident (“the bug that stored your whereabouts”) • Any idea how many address books are stored on iCloud ? :p
  • 17. Smart-phones as the ultimate tracking device Wi-Fi based positioning has become very accurate and quickly deployed mainstream
  • 18. Cloud providers as the perfect honeypot • There is no company that is so invasive as Google • Records voice calls (Voice), analyses e-mail (GMail), knows who you talk to and where you are (Android), has all your documents (Drive) and soon will see through your eyes (Glass) • Robert David Steele (CIA) disclosed Google takes money from US Intel. community. • In-Q-Tel and Google invest in mutual companies (mutual interest)
  • 19. Cloud providers as the perfect honeypot • Not only Google. The latest OSX Mavericks actually asked me to… store my Keychain in the cloud *sigh* • While Apple claims iMessage cannot be intercepted, we know it is possible because Apple is the MITM and no end-to-end crypto is used nor certificate pinning.
  • 20. The loyal friend, the phone operator • Needs to be CALEA and ETSI compliant. Yeah right :-) • Operators are both targets of surveillance stakeholders (e.g. Belgacom/BICS hack by GCHQ) and providers of surveillance tactics (taps, OTA installs, silent SMS, etc.) • Does KPN really trust NICE (Israel) and does Belgacom really trust Huawei (China) ? • Truth of the matter is: you cannot trust your operator…
  • 21. Privacy is for losers If you think you have privacy, you really are a loser
  • 22. #dta If a government needs to understand its enemy, and we’re being surveilled. Then, who exactly is the enemy ?
  • 23. Conspiracy theory ? ! Whistleblowers showed that reality is far worse
  • 25. Change your attitude. Wake the f*ck up…
  • 26. Reclaim ownership of your data. Demand transparency of every service you use.
  • 28. Encryption today is built for security professionals and engineers. Not for your mom or dad.
  • 29. Security and crypto engineers don’t understand UI and UX
  • 30. Android and IOS planned. Microsoft Mobile perhaps.
  • 31. Requirements • Must provide strong crypto • Must be open source (GitHub) • Must be beautiful and easy to use, we actually don’t want the user to be confronted with complex crypto issues • Provide deniability • Provide alerting mechanisms that alert the user when something is wrong • Even when your device is confiscated, it should be able to withstand forensic investigation
  • 32. How it’s built • Using tor as transport layer for P2P routing and provide anonymity (no exit nodes used). • Obfuscated as HTTPS traffic to prevent gov’t filtering. • Using OTR v3.1 to ensure perfect forward secrecy and end-to-end crypto. • Capable of detecting A5/GSM tactical surveillance attacks. • Extremely effective anti forensic mechanisms and triggers
  • 34. Who’s using it • Journalists • Freedom Fighters • Whistleblowers • Lawyers and security professionals • …
  • 35. Why use it ? • To protect your human right on privacy • To protect your human right on freedom of speech • Because your communication needs to remain confidential • Because excessive surveillance is a threat to modern democracy
  • 36. Privacy might be for losers, but that doesn’t mean you are OK to give up your human rights…