online privacy tools
TRANSCRIPT
@jschauma
“This is your last chance, kid. Honest people don't have anything to hide.”
Jan Schaumann <[email protected]>
5CCF 31AE 6746 74E9 8972772D 3F73 4F36 DBEC 11C0
Don’t they?
Wednesday, September 4, 13
@jschauma https://t.co/YKl4CA7Fq0 vs. https://t.co/pvHUvf7zg4
Wednesday, September 4, 13
@jschauma
“But what if I decreed that from now on, every time you went to evacuate some solid waste, you'd have to do it in a glass room perched in the middle of Times Square, and you'd be buck naked?”
“[Privacy is] about your life belonging to you.”
Wednesday, September 4, 13
@jschauma https://t.co/F9EbNnCBLV
Wednesday, September 4, 13
@jschauma https://t.co/G8Xdh7y2oJ
Wednesday, September 4, 13
@jschauma https://t.co/gVe4YjV7WF
Wednesday, September 4, 13
@jschauma https://duckduckgo.com/?q=nsa+spying
Wednesday, September 4, 13
@jschauma https://en.wikipedia.org/wiki/Fundamental_human_needs
Wednesday, September 4, 13
@jschauma Metadata.
https://t.co/pgbZaI307M
Wednesday, September 4, 13
@jschauma For example: http://freegeoip.net/
IP: 166.84.7.99
IP: 207.38.152.228Location: 40.7143, -74.006
Wednesday, September 4, 13
@jschauma Metadata.
IP: 166.84.7.99
IP: 207.38.152.228Location: 40.7143, -74.006
Time: 25/Aug/2013:20:50:41 -0400
Wednesday, September 4, 13
@jschauma Metadata.
IP: 166.84.7.99
IP: 207.38.152.228Location: 40.7143, -74.006
Time: 25/Aug/2013:20:50:41 -0400
Request: /blog/images/implied-facepalm.jpg
Wednesday, September 4, 13
@jschauma Metadata.
IP: 166.84.7.99
IP: 207.38.152.228Location: 40.7143, -74.006
Time: 25/Aug/2013:20:50:41 -0400
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:23.0) Gecko/20100101 Firefox/23.0
Request: /blog/images/implied-facepalm.jpg
Wednesday, September 4, 13
@jschauma Metadata.
IP: 166.84.7.99
IP: 207.38.152.228Location: 40.7143, -74.006
Time: 25/Aug/2013:20:50:41 -0400
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:23.0) Gecko/20100101 Firefox/23.0
Referer: http://emptyclosets.com/forum/entertainment-media/106418-justin-bieber-says-interview-im-ready-dad-wtf.html
Request: /blog/images/implied-facepalm.jpg
Wednesday, September 4, 13
@jschauma Metadata.
IP: 166.84.7.99
IP: 207.38.152.228Location: 40.7143, -74.006
Time: 25/Aug/2013:20:50:41 -0400
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:23.0) Gecko/20100101 Firefox/23.0
Referer: http://emptyclosets.com/forum/entertainment-media/106418-justin-bieber-says-interview-im-ready-dad-wtf.html
Request: /blog/images/implied-facepalm.jpg
001010101110101010101111010101101010101101010110011000101010110101101100110101010101010011001001010101010010010101101010110101101011011010101101011110100001000001111010
Wednesday, September 4, 13
@jschauma https://t.co/GiNaI568ym
Wednesday, September 4, 13
@jschauma
Cryptography may provide:
https://www.schneier.com/book-ce.html
Wednesday, September 4, 13
@jschauma
Cryptography may provide:
Confidentiality
https://www.schneier.com/book-ce.html
Wednesday, September 4, 13
@jschauma
Cryptography may provide:
ConfidentialityIntegrity
https://www.schneier.com/book-ce.html
Wednesday, September 4, 13
@jschauma
Cryptography may provide:
ConfidentialityIntegrity
Authenticity
https://www.schneier.com/book-ce.html
Wednesday, September 4, 13
@jschauma
Cryptography may provide:
ConfidentialityIntegrity
Authenticity
https://www.schneier.com/book-ce.html
Wednesday, September 4, 13
@jschauma
Security is HARD.
What are we protecting?Who are we protecting it from?
Who or what can defeat our solution?
Can we do better?
http://youtu.be/NO0cvqT1tAE
What are we still leaking?
Wednesday, September 4, 13
@jschauma Low hanging fruit first.
Wednesday, September 4, 13
@jschauma
Default to HTTPS.Many sites (Twitter, Facebook, Gmail, ...) already
default to HTTPS.
Wednesday, September 4, 13
@jschauma
Default to HTTPS.Many sites (Twitter, Facebook, Gmail, ...) already
default to HTTPS.
Dig in preferences for ‘Enable SSL by default’ or similar setting.
Wednesday, September 4, 13
@jschauma
Default to HTTPS.Many sites (Twitter, Facebook, Gmail, ...) already
default to HTTPS.
Dig in preferences for ‘Enable SSL by default’ or similar setting.
Use the EFF’s ‘HTTPS-Everywhere’ browser plugin:https://www.eff.org/https-everywhere
FTW!
Wednesday, September 4, 13
@jschauma https://youtu.be/iQsKdtjwtYI
Wednesday, September 4, 13
@jschauma https://youtu.be/iQsKdtjwtYI
Authentication
Wednesday, September 4, 13
@jschauma https://youtu.be/iQsKdtjwtYI
Confidentiality
Authentication
Wednesday, September 4, 13
@jschauma https://youtu.be/iQsKdtjwtYI
Integrity
Confidentiality
Authentication
Wednesday, September 4, 13
@jschauma
Security is HARD.
What are we protecting?Who are we protecting it from?
Who or what can defeat our solution?
Can we do better?
https://youtu.be/NO0cvqT1tAE
What are we still leaking?
Wednesday, September 4, 13
@jschauma HTTPS protects data in transit.
IP: 166.84.7.99
IP: 207.38.152.228Location: 40.7143, -74.006
Time: 25/Aug/2013:20:50:41 -0400
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:23.0) Gecko/20100101 Firefox/23.0
Referer: http://emptyclosets.com/forum/entertainment-media/106418-justin-bieber-says-interview-im-ready-dad-wtf.html
Request: /blog/images/implied-facepalm.jpg
001010101110101010101111010101101010101101010110011000101010110101101100110101010101010011001001010101010010010101101010110101101011011010101101011110100001000001111010
Wednesday, September 4, 13
@jschauma HTTPS protects data in transit.
IP: 166.84.7.99
IP: 207.38.152.228Location: 40.7143, -74.006
Time: 25/Aug/2013:20:50:41 -0400
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:23.0) Gecko/20100101 Firefox/23.0
Referer: http://emptyclosets.com/forum/entertainment-media/106418-justin-bieber-says-interview-im-ready-dad-wtf.html
Request: /blog/images/implied-facepalm.jpg
001010101110101010101111010101101010101101010110011000101010110101101100110101010101010011001001010101010010010101101010110101101011011010101101011110100001000001111010
Wednesday, September 4, 13
@jschauma https://t.co/iOf6M1xSoO
Wednesday, September 4, 13
@jschauma“If you are not paying for it, you’re not the customer
- you’re the product being sold.”Wednesday, September 4, 13
@jschauma
Where I come from...
http://nullreferrer.com/
Wednesday, September 4, 13
@jschauma
Where I come from...
http://nullreferrer.com/
...is really none of your business.
Wednesday, September 4, 13
@jschauma https://t.co/NhkRgUqSFv
Wednesday, September 4, 13
@jschauma https://t.co/PHDdu91aDP
Control your cookie consumption!
Wednesday, September 4, 13
@jschauma
Private Browsing
https://www.eff.org/issues/do-not-track
Wednesday, September 4, 13
@jschauma https://t.co/1GrWzbcXDT
Wednesday, September 4, 13
@jschauma
Google Analytics
DoubleClick
Google Analytics Google Analytics
Website
Wednesday, September 4, 13
@jschauma
Google Analytics
DoubleClick
Facebook Connect
Google Analytics Google Analytics
Website
Wednesday, September 4, 13
@jschauma
Google Analytics
DoubleClick
Facebook Connect
Google Analytics Google Analytics
JqueryWebsite
Wednesday, September 4, 13
@jschauma
Google Analytics
DoubleClick
Facebook Connect
Google Analytics Google Analytics
Jquery
https://t.co/RqPmbO0u3e
...
Website
Wednesday, September 4, 13
@jschauma
Google Analytics
DoubleClick
Facebook Connect
Google Analytics Google Analytics
Jquery
https://t.co/RqPmbO0u3e
...
Website
Location: 40.7143, -74.006Time: 25/Aug/2013:20:50:41 -0400
IP: 207.38.152.228...
Wednesday, September 4, 13
@jschauma
Block trackers:
https://www.ghostery.com/https://twitter.com/ghostery
https://www.abine.com/dntdetail.php https://twitter.com/abine
Wednesday, September 4, 13
@jschauma https://t.co/DiMYreMHPX
Wednesday, September 4, 13
@jschauma https://t.co/DiMYreMHPX
Wednesday, September 4, 13
@jschauma https://t.co/ryJj7m3CKz
Wednesday, September 4, 13
@jschauma
Quis custodiet ipsos custodes?
https://t.co/SgLGkKUxtF
Wednesday, September 4, 13
@jschauma
Private Browsing
https://t.co/vTufUSJUkO
Wednesday, September 4, 13
@jschauma
Quis custodiet ipsos custodes?
https://t.co/vTufUSJUkO
How does Phishing and Malware Protection work in Firefox?Phishing and Malware Protection works by checking the sites that you visit against lists of reported phishing and malware sites. These lists are automatically downloaded and updated every 30 minutes or so when the Phishing and Malware Protection features are enabled.[...]Before blocking the site, Firefox will request a double-check to ensure that the reported site has not been removed from the list since your last update. In both cases, existing cookies you have from google.com, our list provider, may also be sent.
Wednesday, September 4, 13
@jschauma
https://panopticlick.eff.org/
FTW!
Wednesday, September 4, 13
@jschauma
https://panopticlick.eff.org/
FTW!
Wednesday, September 4, 13
@jschauma So... what are we still leaking?
IP: 166.84.7.99
IP: 207.38.152.228Location: 40.7143, -74.006
Time: 25/Aug/2013:20:50:41 -0400
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:23.0) Gecko/20100101 Firefox/23.0
Referer: http://emptyclosets.com/forum/entertainment-media/106418-justin-bieber-says-interview-im-ready-dad-wtf.html
Request: /blog/images/implied-facepalm.jpg
001010101110101010101111010101101010101101010110011000101010110101101100110101010101010011001001010101010010010101101010110101101011011010101101011110100001000001111010
Wednesday, September 4, 13
@jschauma https://t.co/8vUNrlG9zf
If you could just write down all of the phone numbers you’ve called in the last two years together with time, duration and location of the calls made, that’d be super.
It’s just metadata.
Wednesday, September 4, 13
@jschauma Email.
Provider: www.gmail.com
IP: 166.84.7.99
Client IP: 207.38.152.228
Wednesday, September 4, 13
@jschauma Email.
Provider: www.gmail.com
IP: 166.84.7.99
Client IP: 207.38.152.228
Provider: mail.yahoo.com
Wednesday, September 4, 13
@jschauma Email.
Provider: www.gmail.com
IP: 166.84.7.99
Client IP: 207.38.152.228
IP: 74.125.226.245
IP: 63.250.192.45
Provider: mail.yahoo.com
Wednesday, September 4, 13
@jschauma Email.
IP: 74.125.226.245
Server: www.gmail.com
IP: 166.84.7.99
Client IP: 207.38.152.228
IP: 63.250.192.45 SSL
SSL
Wednesday, September 4, 13
@jschauma Email.
IP: 74.125.226.245
Server: www.gmail.com
IP: 166.84.7.99
Client IP: 207.38.152.228
IP: 63.250.192.45 SSL
SSL
Wednesday, September 4, 13
@jschauma Email.
IP: 74.125.226.245
Server: www.gmail.com
IP: 166.84.7.99
Client IP: 207.38.152.228
IP: 63.250.192.45 SSL
SSL
LOL “Upstream”
Wednesday, September 4, 13
@jschauma https://t.co/fr2KcLQeZB
Wednesday, September 4, 13
@jschauma
PGP
@GPGTools: https://gpgtools.org/
@mailvelope: http://www.mailvelope.com/
http://www.gnupg.org/
Wednesday, September 4, 13
@jschauma What are we still leaking?
001010101110101010101111010101101010101101010110011000101010110101101100110101010101
Wednesday, September 4, 13
@jschauma What are we still leaking?
001010101110101010101111010101101010101101010110011000101010110101101100110101010101
PGP
Wednesday, September 4, 13
@jschauma What are we still leaking?
001010101110101010101111010101101010101101010110011000101010110101101100110101010101
PGP
From: [email protected]: [email protected]
IP: 207.38.152.228Location: 40.7143, -74.006
Time: 25/Aug/2013:20:50:41 -0400
Wednesday, September 4, 13
@jschauma What are we still leaking?
001010101110101010101111010101101010101101010110011000101010110101101100110101010101
PGP
From: [email protected]: [email protected]
IP: 207.38.152.228Location: 40.7143, -74.006
Time: 25/Aug/2013:20:50:41 -0400
Wednesday, September 4, 13
@jschauma https://t.co/FkEQYBXWBa
Wednesday, September 4, 13
@jschauma https://t.co/FkEQYBXWBa
Can we do better?
Wednesday, September 4, 13
@jschauma Chat.
IP: 166.84.7.99
IP: 207.38.152.228
connection encrypted
LOL #PRISM
Wednesday, September 4, 13
@jschauma Chat.
IP: 166.84.7.99
IP: 207.38.152.228
connection encrypted
LOL Cryptanalysis
Wednesday, September 4, 13
@jschauma
Off The Record Messaging
end-to-end encryptionauthentication
deniabilityperfect forward secrecy
http://www.cypherpunks.ca/otr/
Wednesday, September 4, 13
@jschauma https://t.co/gSg4jcV8bs
chat content encrypted
Wednesday, September 4, 13
@jschauma https://t.co/gSg4jcV8bs
chat content encrypted
Wednesday, September 4, 13
@jschauma https://t.co/gSg4jcV8bs
chat content encrypted
LOL“Border” search
Wednesday, September 4, 13
@jschauma https://t.co/jbWM2zCkHn
§ 287 (a) (3) of the Immigration and Nationality Act, 66 Stat. 233, 8 U.S.C. § 1357(a)(3), which simply provides for warrantless searches of automobiles and other conveyances "within a reasonable distance from any external boundary of the United States"
Wednesday, September 4, 13
@jschauma OTR.
chat content encrypted
Connections establishedvia SSL to central server.
Wednesday, September 4, 13
@jschauma OTR.
chat content encrypted
Connections establishedvia SSL to central server.
LOL Metadata
IP: 166.84.7.99
IP: 207.38.152.228Location: 40.7143, -74.006
Time: 25/Aug/2013:20:50:41 -0400
Wednesday, September 4, 13
@jschauma No VPN.
IP: 74.125.226.245
Server: www.gmail.com
IP: 166.84.7.99
Client IP: 207.38.152.228
Wednesday, September 4, 13
@jschauma VPN.
VPNAES256
IP: 207.38.152.228Location: 40.7143, -74.006
IP: 205.251.192.55
Wednesday, September 4, 13
@jschauma VPN.
VPN
LOL NSL
AES256
IP: 207.38.152.228Location: 40.7143, -74.006
IP: 205.251.192.55
Wednesday, September 4, 13
@jschauma https://www.torproject.org/
Wednesday, September 4, 13
@jschauma https://t.co/mSBO7VmiGX
Wednesday, September 4, 13
@jschauma https://t.co/ZYzbWsK4HG
Wednesday, September 4, 13
@jschauma https://t.co/ZYzbWsK4HG
Wednesday, September 4, 13
@jschauma https://t.co/ZYzbWsK4HG
Wednesday, September 4, 13
@jschauma
Understand your threat model!
https://xkcd.com/538/
Wednesday, September 4, 13
@jschauma
Understand your threat model!
https://xkcd.com/538/
LOL NSL
LOL indeed.
Wednesday, September 4, 13
@jschauma
Things you can do:Part I (Web)
Use services with strong privacy defaults.
https://prism-break.org/
Wednesday, September 4, 13
@jschauma
Things you can do:Part I (Web)
https://ixquick.com/
https://duckduckgo.com/
http://www.yacy.net
http://donttrack.us/
Wednesday, September 4, 13
@jschauma
Things you can do:Part I (Web)
enable HTTPS on servicesuse HTTPS-Everywhere
Delete CookiesEnable DNT
Disable RefererSet User Agent
Wednesday, September 4, 13
@jschauma
Things you can do:Part II (Email)
Disable HTML.
Delete your email.
Use services with strong privacy defaults.
https://t.co/uorBWl4X5a
Wednesday, September 4, 13
@jschauma
Things you can do:Part II (Email)
https://mykolab.com/
https://mail.riseup.net/
(Run your own mail server.)
Wednesday, September 4, 13
@jschauma
Things you can do:Part II (Email)
Use PGP.
@GPGTools: https://gpgtools.org/
@mailvelope: http://www.mailvelope.com/
http://www.gnupg.org/
Wednesday, September 4, 13
@jschauma
https://crypto.cat/ https://www.adium.im/
https://whispersystems.org/ https://guardianproject.info/apps/gibber/
...
Things you can do:Part III (Chat)
Wednesday, September 4, 13
@jschauma
Down the rabbit hole.
Tumbling down the rabbit hole...
Wednesday, September 4, 13
@jschauma
Down the rabbit hole.
Tumbling down the rabbit hole...
Tailshttps://tails.boum.org/
Wednesday, September 4, 13
@jschauma
Down the rabbit hole.
Tumbling down the rabbit hole...
Tailshttps://tails.boum.org/
Least Authorityhttps://leastauthority.com/
Wednesday, September 4, 13
@jschauma
Down the rabbit hole.
Tumbling down the rabbit hole...
Tailshttps://tails.boum.org/
Least Authorityhttps://leastauthority.com/Little Snitch
https://t.co/brvDYrOOur
Wednesday, September 4, 13
@jschauma
Down the rabbit hole.
Tumbling down the rabbit hole...
Hidden Serviceshttps://t.co/f0LmP2vylJ
Tailshttps://tails.boum.org/
Least Authorityhttps://leastauthority.com/Little Snitch
https://t.co/brvDYrOOur
Wednesday, September 4, 13
@jschauma
Down the rabbit hole.
Tumbling down the rabbit hole...
Hidden Serviceshttps://t.co/f0LmP2vylJ Dark Web
http://www.thehiddenwiki.net/
Tailshttps://tails.boum.org/
Least Authorityhttps://leastauthority.com/Little Snitch
https://t.co/brvDYrOOur
Wednesday, September 4, 13
@jschauma
Down the rabbit hole.
Tumbling down the rabbit hole...
Hidden Serviceshttps://t.co/f0LmP2vylJ Dark Web
http://www.thehiddenwiki.net/
Tailshttps://tails.boum.org/
Least Authorityhttps://leastauthority.com/Little Snitch
https://t.co/brvDYrOOur
...
Wednesday, September 4, 13
@jschauma
Oh, and one more thing...
http://www.netmeister.org/blog/opt-links.html
Wednesday, September 4, 13
@jschauma
Oh, and one more thing...
http://www.netmeister.org/blog/opt-links.html
"Nobody does more lasting good for the Internet with less. Every penny you donate makes change for the better."— Cory Doctorow
https://supporters.eff.org/donate
Wednesday, September 4, 13