Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

I´m not a number, I´m a free man

3,763 views

Published on

My privacy talk in Virus Bulletin conference 2012, Dallas

Published in: Technology
  • Be the first to comment

  • Be the first to like this

I´m not a number, I´m a free man

  1. 1. I´m not a number, I´m a free man Vicente Diaz, Senior Security Analyst, Kasperksy Lab Virus Bulletin 2012PAGE 1 |
  2. 2. The story of the 9 friendsPAGE 2 |
  3. 3. The story of the 9 friendsPAGE 3 |
  4. 4. Who profiles me?PAGE 4 |
  5. 5. Who profiles me?PAGE 5 |
  6. 6. Who profiles me?PAGE 6 |
  7. 7. Who profiles me?PAGE 7 |
  8. 8. Remember Gator Corporation? [1998-2008]!   “The leader in online behavioral marketing”!   2003: installed on 35 million PCs!   Spyware? I will send you my lawyers!   Report behavior, replace Ads!   Top management: most inthe online Ads industry nowPAGE 8 |
  9. 9. Regulation? Better protections. Consumers Union, the advocacy arm of Consumer Reports, wants a national privacy law that holds all companies to the same privacy standards and lets consumers tell companies not to track them onlinePAGE 9 | 1 2 3 4 5 6
  10. 10. Business is businessPAGE 10 | 1 2 3 4 5 6
  11. 11. Business is business In November, regulators in Germany found that such information was being collected on Facebook users for up to two years even after they deactivated their accounts. Facebook said that was needed to enhance security, a claim German regulators rejected. Both sides say they are willing to talk, but Facebook’s website says it doesn’t share such data without your permission and deletes it or makes the information anonymous within 90 days.PAGE 11 | 1 2 3 4 5 6
  12. 12. !   Google Privacy Policy •  Information you give to us •  Information we get form your use of our services •  Device information (HW model, OS, UDI, Phone number) •  Log information –  search queries –  phone number, forwarding numbers, time and date of calls, duration of calls –  IP –  Device info (system activity, browser language, date and time of your request and referral URL) –  Cookies •  Location (GPS, WIFI Aps, cell towers) •  Applications Source: www.google.com/policies/privacyPAGE 12 | 1 2 3 4 5 6
  13. 13. Tracking1 2 3 4 5 6
  14. 14. Simple tracking GET index.html Host: news.comGET xxx GET xxx GET xxxHost: domain1.com Host: domain2.com Host: domain3.comReferer: news.com Referer: news.com Referer: news.comPAGE 14 | 1 2 3 4 5 6
  15. 15. Simple tracking GET index.html Host: news.com http://www.google.es/url? sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CCUQFjAGET xxx GET xxx GET xxx A&url=http%3A%2F%2Fwww.productosflower.comHost: domain1.com Host: domain2.com Host: domain3.com %2F&ei=MZ1cUNPJGYjIhAfo6IGYCw&usg=AFQjCNFmmOdGYUOZReferer: news.com Referer: news.com Referer: news.com 8XNFiDK9XpX_7iYktQPAGE 15 | 1 2 3 4 5 6
  16. 16. Advanced tracking!   Identify the user: !   Passive data: headers, plugins, browser, OS !   JS: screen resolution, custom resource detection via Plugins API (i.e. printers via PDF, fonts via Flash, etc.)!   Track ID !   Cookies, Flash cookies (allow cross-domain references), HTML5 storage, silverlight Java: own download cache, applets can read embedded resource streams!   Future? Apps and games in social networks. PAGE 16 | 1 2 3 4 5 6
  17. 17. Advanced tracking!   Identify the user: !   Passive data: headers, plugins, browser, OS !   JS: screen resolution, custom resource detection via Plugins API (i.e. printers via PDF, fonts via Flash, etc.)!   Track ID !   Cookies, Flash cookies (allow cross-domain references), HTML5 storage, silverlight Java: own download cache, applets can read embedded resource streams!   Future? Apps and games in social networks. PAGE 17 | 1 2 3 4 5 6
  18. 18. Advanced tracking!   Identify the user: !   Passive data: headers, plugins, browser, OS !   JS: screen resolution, custom resource detection via Plugins API (i.e. printers via PDF, fonts via Flash, etc.)!   Track ID !   Cookies, Flash cookies (allow cross-domain references), HTML5 storage, silverlight Java: own download cache, applets can read embedded resource streams!   Future? Apps and games in social networks. PAGE 18 | 1 2 3 4 5 6
  19. 19. How much tracking?1 2 3 4 5 6
  20. 20. www.elmundo.esPAGE2020 | PAGE | 1 2 3 4 5 6 | September 28, 2012
  21. 21. www.elmundo.esPAGE2121 | PAGE | 1 2 3 4 5 6 | September 28, 2012
  22. 22. Analyzing World´s top traffic (I)!   The experiment •  Browsed top 100 sites country by country according to Alexa •  Sniffed all the traffic •  Set up a database of tracking sites (around 1500 domains)PAGE 22 | 1 2 3 4 5 6
  23. 23. Analyzing World´s top traffic (II)!   Countries with most requests to tracking domains36 World avg. 24,58%3534333231302928 GB QA YE NP US AU PK SD AL CAPAGE 23 | 1 2 3 4 5 6
  24. 24. Top world trackers! fbcdn.net ! googlesyndication.com!   doubleclick.net ! yimg.com! google-analytics.com ! scorecardresearch.com! facebook.com ! ytimg.com! twitter.com ! googleapis.com! google.com !   yieldmanager.com! twimg.comPAGE 24 | 1 2 3 4 5 6
  25. 25. Top world trackers! fbcdn.net ! googlesyndication.com!   doubleclick.net ! yimg.com! google-analytics.com ! scorecardresearch.com! facebook.com ! ytimg.com! twitter.com ! googleapis.com! google.com !   yieldmanager.com! twimg.comPAGE 25 | 1 2 3 4 5 6
  26. 26. Analyzing World´s top traffic (III)!   Top 100 domains WITHOUT references to tracking sites (country by country avg): 49,96%!   Why so low?!   Let´s take top 10 sites instead of top 100!   References to tracking sites: 92,32%!   Top 100 world sites: 89% tracking (source: digitaltrends.com)PAGE 26 | 1 2 3 4 5 6
  27. 27. Analyzing World´s top traffic (III)!   Top 100 domains WITHOUT references to tracking sites (country by country avg): 49,96%!   Why so low?!   Let´s take top 10 sites instead of top 100!   References to tracking sites: 92,32%!   Top 100 world sites: 89% tracking (source: digitaltrends.com)PAGE 27 | 1 2 3 4 5 6
  28. 28. 1 year ago …1 2 3 4 5 6
  29. 29. I looked at the eyes of Diablo – VB 2011PAGE 29 | 1 2 3 4 5 6
  30. 30. I looked at the eyes of Diablo – VB 2011PAGE 30 | 1 2 3 4 5 6
  31. 31. I looked at the eyes of Diablo – VB 2011PAGE 31 | 1 2 3 4 5 6
  32. 32. I looked at the eyes of Diablo – VB 2011PAGE 32 | 1 2 3 4 5 6
  33. 33. I looked at the eyes of Diablo – VB 2011PAGE 33 | 1 2 3 4 5 6
  34. 34. Conclusions1 2 3 4 5 6
  35. 35. Conclusions•  Recipe for the disaster: tons of money, low regulation,relaxed self regulation•  Privacy vs business objectives•  User´s awareness raising: who is offering them solutions?We did help with Gator in the past.The difference? They installed unwanted software.However it was the same goal using different means.In 2012 is not about protecting the device, but protecting the user.PAGE 35 | 1 2 3 4 5 6
  36. 36. Thank you!I´m not a number, I´m a free manVicente Diaz, Senior Security Analyst@trompiVirus Bulletin 2012PAGE 36 |

×