BeeHive Varna http://beehive.bg Тема: Компютърна сигурност, анонимност, защита на лични данни в Интернет Заглавие на лекцията: "Privacy Is Dead, Get Over It REDUX", BeeHive Varna Лектор: Мурад Касим, Project Manager & Software Developer at 158 Ltd. Дата: 10.12.2014 19:10, BeeHive Varna Място: BeeHive Co-Working Space, Varna, Bulgaria Описание: Това е продължението на оригиналната лекция "Privacy Is Dead" (https://www.youtube.com/watch?v=k_C_2...), която се проведе през октомври 2014 във BeeHive Varna (http://beehive.bg/). Целта на лекцията е да запознае всички хора с това до каква дълбока степен се събират лични данни по всеки един възможен начин за нас и че вече е невъзможно да бъдем аномни в интернет, благодарение на това че ние сами споделяме със всеки един нашите най-съкровени тайни. За всеки човек се изгражда много подробно досие, с което се търгува и ескпериментира по всякакъв възможен начин благодарение на нашето постоянно безразборно споделяне на лична информация. Първо ще започнем с кратък преглед на причините, заради които компаниите имат интерес да изграждат поведенчески модели за нас, след това ще дадем няколко забавни примери за това как понякога хората споделят твърде лични неща с напълно непознати хора. След това следва една "по-техническа" част, където ще разгледаме накратко как големи компании като Facebook и Google събират данни за потребителите си, какво твърдят, че правят с тях и какво реално правят. Ще си поговорим и малко за нашумялата в последни години мрежа за анонимност Tor. Накрая ще завърша с някои наистина крайно авангардни технологии за следене и наблюдение, които са разработени и патентовани през последните няколко години и вече започват да се прилагат в САЩ. Събитието във Facebook: https://www.facebook.com/events/84997... Благодарим на следните компании, за подкрепата им към събитието: Beehive Varna - http://beehive.bg/ 158 Ltd - http://158ltd.com телевизия bTV - http://www.btv.bg/ телевизия "Черно Море" - http://www.cherno-more.tv/ списание "VIP" - http://spisanievip.com/ beehive varna, beehive coworking space, beehive.bg, beehive варна, споделено работно място варна, 158, 158ltd, 158ltd.com, компютърна сигурност, лични данни, анонимност, Tor, privacy, computer security, anonymity, network security, security, privacy, personal data, data protection, cybersecurity, privacy protection, protect your data, data collection, google, facebook, personal data collection, privacy policy

1. Beehive Co-Working Space, “General Koleff” 54, Varna, Bulgaria
Planet Earth, Solar System, Milky Way, Universe
PRIVACY IS DEAD, GET OVER IT!
10-DECEMBER-2014-17:00-(+2 GMT)

2. www.158ltd.com

3. www.beehive.bg

4. www.btv.bg

5. www.cherno-more.tv

6. www.spisanievip.com

7. Hackers On Planet Earth
www.hope.net

8. Special thanks to legendary
STEVEN RAMBAM
Steven Rambam is an US based Private Investigator who is a regular
speaker at every H.O.P.E. conference and original author of the
original “Privacy Is Dead” talk!
www.stevenrambam.com

9. “PRIVACY IS DEAD, GET OVER IT!” REDUX
SPEAKER: MURAD KASIM
Project Manager, Software Engineer, 158 LTD

10. Table of Contents
● “Hard Facts” - 1h 30 min
Discussing publicly gathered data
● “Last Hopes” - 30 min
Defense tools and best practices to protect your remaining privacy
● “Q&A Panel” - 15 min
Will answer any questions you might have

11. What to expect...
● Sincerity
● A lof of English terms and technical language
● Real data gathered from public sources and investigations
● Some slight adult and controversial content (so if there is
anyone under 18 you need to be with a guardian… I
guess)
● Open. Source. Gathered. Data. Only. PERIOD.
● Walls of text and rooms of raw information
● Name dropping (“Hello, John!”)
● Some memes
● Now, you have been warned!

12. What NOT to expect...
● Hacking social accounts
● Distributing hacking tools
● Anything which might be considered illegal by
international laws
● Using malware
● Sugarcoating of facts
● Fitting in time...

13. The “Starting point”...
● Because of the storage size of databases
● Because of the computational power
available
● Because of the insane amount of devices
and technology available for everyone
● Because of the opening of NEW markets
and WAYS to make money…
● Because anyone barely cares anymore!...

14. ...In 2014,
PRIVACY IS DEAD

18. And it’s not because they want to invade
your privacy.
It’s because they want to sell you stuff.
You must buy products!

19. Your privacy is worth money.
And it’s not BIG BROTHER who needs it but
BIG MARKETER (not small marketers!)

20. ...and the best source
for data is always self-
contributed information...

21. Every bit, event, friend, photo, text,
emotion and interest, it is you who goes up
there and posts it! Everything is posted on
Twitter and Facebook.
I don’t know about you, me, as a fellow
citizen…
It creeps me out.
It is you who is willfully giving the
information for free

22. ● Based on models, which are developed by aggregating data from
your past behaviors, merged with data from other people and
following statistic models advertising companies are able to
predict your future behavior
● Teenagers (14-20): Games, Music, Movies, Books
● Young adults (20-30): Nightclubs, Drinks, Intimate Partners,
University, Job offers
● Grown adults and families (30+): Insurance, Family care,
Children, Health Care, Mortgages, Travelling, etc.
Predictive Profiling

23. ● It’s not NSA being the “Big Brother” and
collecting data on you. In fact, their scale is
much smaller than what private companies
collect.
● NSA admitted the traffic is so much they cannot
store the real data (not the metadata) for more
than 3 days!
The NSA Hype

24. When I was a kid there was an expression:
“Damn, I wish I haven’t told that!”

25. NOTHING EVER GETS DELETED ANYMORE
Every action, post, feed, tweet is logged,
stored and cross-referenced with other
data which might match you and
probability of relevance is being
calculated.

26. THERE IS NO SENSE OF HUMOR
ANYMORE.
ESPECIALLY IN TECHNOLOGY.

27. ● People now talk freely about their
interests, sexual advances, bad habits,
crimes and everyone is able to see it
everywhere.
● You would be surprised how many
people post pictures of their rape
victims, corpses, weapons, drugs or
even stolen bank loot!
● It is all about the attention!

32. People just don’t care
anymore
A special collection of Steve Rambam’s
investigative searches

33. This guy is a lawyer.

37. Now, of course, on Facebook too!
“Hmm… Probably this week is not a good
time to message her!”

38. The “Bulgarian” way
Some things arrive very fast in our country
(from software perspective of view).
But other things, like cutting-edge
hardware technology do not
(for good or bad).

46. ...

47. “Why should I care?...”

48. The Cellphone - “A snitch in your pocket!”
● The cellphone is one of the most accurate trackers for
a human. You carry it everywhere. You take and even
sleep with it.
● The GPS on most Android phones and ALL iPhones
simply never turns off.
● Peer To Peer GPS reporting

51. The Archive of the Internet

54. Occupy
Wall
Street

55. Op: Occupy Wall Street
“Occupy Wall Street (OWS) is the name given to a protest movement that
began on September 17, 2011, in Zuccotti Park, located in New York City's
Wall Street financial district, receiving global attention and spawning the
Occupy movement against social and economic inequality worldwide.
The main issues raised by Occupy Wall Street were social and economic
inequality, greed, corruption and the perceived undue influence of
corporations on government—particularly from the financial services
sector. The OWS slogan, "We are the 99%", refers to income inequality and
wealth distribution in the U.S. between the wealthiest 1% and the rest of
the population. To achieve their goals, protesters acted on consensus-
based decisions made in general assemblies which emphasized direct
action over petitioning authorities for redress.”
- Wikipedia

56. Op: Occupy Wall Street
“Occupy Wall Street (OWS) is the name given to a protest movement that
began on September 17, 2011, in Zuccotti Park, located in New York City's
Wall Street financial district, receiving global attention and spawning the
Occupy movement against social and economic inequality worldwide.
The main issues raised by Occupy Wall Street were social and economic
inequality, greed, corruption and the perceived undue influence of
corporations on government—particularly from the financial services
sector. The OWS slogan, "We are the 99%", refers to income inequality and
wealth distribution in the U.S. between the wealthiest 1% and the rest of
the population. To achieve their goals, protesters acted on consensus-
based decisions made in general assemblies which emphasized direct
action over petitioning authorities for redress.”
- Wikipedia

57. PROGRAMMING 101
Let’s write some code!
Really, how hard could it
be to track some data
about our website’s
users and some of their
“more advanced”
behaviors?

58. Example for a very simple algorithm which
is able to track users which are trying to
avoid server restrictions

61. This very basic example was created in less
than 5 minutes with almost no efforts or
thinking.
Imagine what can be achieved on corporate
levels when you are being paid to do it...

65. What Has Changed

66. Facebook
Facebook analyzes its
users and categorizes
them and their interests
beyond your wildest
dreams
Even beyond Big
Brother’s wildest
stories!

69. Why do they do all of this?
No one cares what are you doing, are you
happy or depressed, or you enjoy shooting
crocodiles with a shotgun
But by knowing these things they can know what exactly to sell to you!

71. Project MK-ULTRA (195*-1973)

72. “Project MKUltra — sometimes referred to as the CIA's mind control program — is
the code name of a U.S. government human research operation experimenting in
the behavioral engineering of humans. Organized through the Scientific Intelligence
Division of the Central Intelligence Agency (CIA), the project coordinated with the
Special Operations Division of the U.S. Army's Chemical Corps.
The program began in the early 1950s, was officially sanctioned in 1953, was
reduced in scope in 1964, further curtailed in 1967 and officially halted in 1973. The
program engaged in many illegal activities, in particular it used unwitting U.S. and
Canadian citizens as its test subjects, which led to controversy regarding its
legitimacy.
MKUltra used numerous methodologies to manipulate people's mental states and
alter brain functions, including the surreptitious administration of drugs (especially
LSD) and other chemicals, hypnosis, sensory deprivation, isolation, verbal and
sexual abuse, as well as various forms of torture.
The scope of Project MKUltra was broad, with research undertaken at 80
institutions, including 44 colleges and universities, as well as hospitals, prisons and
pharmaceutical companies. The CIA operated through these institutions using front
organizations, although sometimes top officials at these institutions were aware of
the CIA's involvement.”
- Wikipedia

76. Facebook has the FINEST target marketing
data during the moment
If I want a chinese grandmother with blue
eyes and skills in fire and lapdancing they
can give me 50 of them just today.

77. Facebook and Twitter ENFORCE you to use
your real name, phone number and
location. You cannot use entire features or
contact people if you do not go by a real
name (most of the time).
And it is to be never deleted, of course.

82. Colonize The Web

87. Both Facebook and Google DO save
your messages and posts even if
you delete and never send them
Steve Rambam informs us about this by
subpoenas executed for “Facebook draft
messages”

90. They want to
own your
EYEBALLS!

92. By doing so, they will have even greater
chance to monitor your data (as a carrier),
because now PC users are declining and
Mobile are increasing.
Facebook know this better than all of us.

96. Do you know
how powerful is Google?

99. Here is what they want to know:
● Everything you hear
● Everything you see
● Everywhere you go
● Everything you do
● Everything you know and want to know
● Everyone who is connected to you
● ...because your eyeballs ARE WORTH $$$

104. Software is now able to do the
following from any video
● Face recognition of multiple targets
● Walking or posture recognition, identification and
analysis (how old are you, is this you, do you have any
decease, are you in hurry)
● Crown recognition (forming protests)

105. Google for governments

106. Google hides all contractor traces

107. Google is a U.S. DEFENSE contractor

108. ...But of course, Google denies
any involvement with the US
government in any data trading

110. Google’s Business Model

111. It was first Google for Search,
then Google for Business,
then Google for Government,
now Google for… Schools

112. “...wE cArE fOr tEh kIdZ! ^_^”
loljk for mor $$ ^_~
● Google now wants to establish itself in schools too:
http://www.google.com/enterprise/apps/education/
● Chromebooks for everyone!

121. ...Let’s talk about Tor!

122. “Tor is free software and an open
network that helps you defend
against traffic analysis, a form of
network surveillance that threatens
personal freedom and privacy,
confidential business activities and
relationships, and state security.”
Source: https://www.torproject.org/index.html.en

123. How Tor works

124. In a “slightly” realer world...
Tor (previously an acronym for The Onion Router) is an open source project
initially started and developed by the US government.
“The core principle behind Tor, "onion routing," was developed in the mid-
1990s by U.S. Naval Research Laboratory employees mathematician Paul
Syverson and computer scientists Michael Reed and David Goldschlag, with the
purpose of protecting U.S. intelligence communications online. Onion routing
was further developed by DARPA in 1997.
The alpha version of Tor, developed by Syverson and computer scientists Roger
Dingledine and Nick Mathewson and then called The Onion Routing project or
TOR project, launched on 20 September 2002.”
-Wikipedia (http://en.wikipedia.org/wiki/Tor_(anonymity_network))

127. “We are already in the Future!”

130. The Digital Clash
Google’s Executive Chairman Eric Schmidt has
an increased amount of public clashes with
Wikileaks’ founder Julian Assange after their
infamous meeting in the Ecuadorian Embassy

132. The A.I. Debate

133. The A.I. Debate

134. WikiLeaks

136. Chelsea Manning
(formerly known as
Bradley Manning)
Chelsea Manning is an United States Army
soldier who was convicted in July 2013 of
violations of the Espionage Act and other
offenses, after releasing the largest set of
classified documents ever leaked to the public.
Manning was sentenced in August 2013 to 35
years' imprisonment, with the possibility of
parole in the eighth year, and to be
dishonorably discharged from the Army.
Bradley Manning has gave the documents to
Julian Assange, who had released them to the
wide press.

137. Apache Collateral Murder Video
https://www.youtube.com/watch?v=ogFZlRiTHuw

138. On 5th April 2010 WikiLeaks has released a
classified US military video depicting the
indiscriminate slaying of over a dozen people
in the Iraqi suburb of New Baghdad, including
two Reuters news staff.
The video, shot from an Apache helicopter
gun-sight, clearly shows the unprovoked
slaying of a wounded Reuters employee and
his rescuers. Two young children involved in
the rescue were also seriously wounded.
Reuters has been trying to obtain the video
through the Freedom of Information Act,
without success since the time of the attack.

142. Assange believes he faces an extradition to
USA if he leaves the Ecuadorian embassy

144. The Last Hopes...
A short of tools which might - or might not - help you enhance
or preserve your privacy online.
Remember:
Anonymity can be achieved
only temporarily with some amount of risk.

145. Tor Browser
https://www.torproject.org/projects/torbrowser.html.en

146. For Smartphones: Orbot!
https://guardianproject.info/apps/orbot/

147. Secure messages and emails:
PGP (Pretty Good Privacy)
Pretty Good Privacy (PGP) is a data encryption and decryption
computer program that provides cryptographic privacy and
authentication for data communication. PGP is often used for
signing, encrypting, and decrypting texts, e-mails, files, directories,
and whole disk partitions and to increase the security of e-mail
communications.

148. How PGP works...

149. VPN (Virtual Private Network)
A virtual private network (VPN) extends a
private network across a public network,
such as the Internet. It enables a computer
or Wi-Fi-enabled device to send and receive
data across shared or public networks as if
it were directly connected to the private
network, while benefiting from the
functionality, security and management
policies of the private network.

150. VPN (Virtual Private Network)
Most VPN services are paid.
Here are some good free VPNs which I
have used and tested myself:
● CyberGhost VPN:
http://www.cyberghostvpn.com/en_us
● VPN Reactor
https://www.vpnreactor.com

151. KeePassX
KeePassX is a password manager which
lets you access all your passwords by
entering a master password. All your
passwords are kept in encrypted form. It’s
better to have them in one place and
compromised than forgetting them all the
time or writing them down to napkins...
http://www.keepassx.org/

152. HTTPS Everywhere!
HTTPS Everywhere! is a browser addon (for
Chrome, Firefox and Opera) which tries to
run the websites always through the
secure HTTPS protocal (instead of the
insecure HTTP)
https://www.eff.org/https-everywhere

153. NoScript
NoScript is a browser addon which
prevents any website to run freely scripts
on your computer unless you explicitly
allow it to do so.
Highly recommended!
https://noscript.net/

154. Tails
https://tails.boum.org/

155. Strong Password Generator
https://strongpasswordgenerator.com/

156. But
the the biggest security
upgrade for you is...

157. ...LINUX!

158. Choose your own for many… for free!

159. For starters I personally
recommend Ubuntu
http://www.ubuntu.com/

160. Good reading sources...
● WikiLeaks:
www.wikileaks.org
● H.O.P.E. (“Hackers On Planet Earth”): www.hope.net
● “Wired” magazine: www.wired.com
● “2600” magazine: www.2600.com
● БиволЪ:
www.bivol.bg
● Cryptome:
www.cryptome.org
● Tor Hidden Wiki:
www.thehiddenwiki.org
● Adrian Lamo’s Facebook page:
www.facebook.com/felon
● Dogpile:
www.dogpile.com
● PandoDaily:
www.pando.com
● ZeroHedge:

161. Thank you!

162. Q&A time!