cs44 – nick ragouzis – 2007 privacy – a study in assiduity –

CS44 – Nick Ragouzis – 2007

Privacy– a study in assiduity –

CS44 – Nick Ragouzis – 2007

Assiduous adj. 1: marked by careful unremitting attention …

… or persistent application

Assiduity n. 1: the quality or state of being assiduous : DILIGENCE2: persistent personal attention

CS44 – Nick Ragouzis – 2007

Asymmetry in Value and Options

CS44 – Nick Ragouzis – 2007

What does this suggest to you?

CS44 – Nick Ragouzis – 2007

Privacy for Chocolate?

CS44 – Nick Ragouzis – 2007

Source: IdentityEconomics.com

CS44 – Nick Ragouzis – 2007

Source: zillow.com

Expectation of privacy?

CS44 – Nick Ragouzis – 2007

Key to Vigilance:

“Why?”

CS44 – Nick Ragouzis – 2007

Passwords

• If you’ve got to go … online:

• The best privacy protection you’ve got

• Until you get something better

CS44 – Nick Ragouzis – 2007

Password Savvy• Card pins are different: Remember and destroy*

• Don’t worry: write it down, keep it with you• Long password: 12 glyphs• Something you will remember: not tough for you• Follow rule or its variations, e.g.:

• First and last third: Caps• Middle third: Numbers and punctuation

• Avoid complete dictionary words; personal details• Vary passwords across systems, please

• Don’t be complacent: Naked userid and password are just not smart privacy and security policy

CS44 – Nick Ragouzis – 2007

Challenge Questions Working For You

CS44 – Nick Ragouzis – 2007

Distributed Identity Systems are Savvy

CS44 – Nick Ragouzis – 2007

Wireless Networks

Do you really need to hook up right now?

CS44 – Nick Ragouzis – 2007

Hygienic Wireless

• Replace your home WiFi with WPA2 units• Set it up properly!

• Follow hygienic wired practices:• Separate from your internal wired net• Move to wired for important data• Use savvy password practices• Secure *before* identifier exchange• Encrypted data exchange• Secure identifiers

CS44 – Nick Ragouzis – 2007

Free Wireless & KiosksSecurity before Convenience

• Follow savvy practices

• Clear history

• Delete cookies: before and after

• Do not insert unencrypted media

• In any case: Avoid financial transactions• Keystroke loggers, etc.

• Consider: Anonymous secure proxy browsing

CS44 – Nick Ragouzis – 2007

Privacy is not Free

• Exercising choice

• Controlling made decisions

• Rewarding those who honor privacy

• Punish those who don’t

CS44 – Nick Ragouzis – 2007

Choosing Privacy

• Read the policy, know what’s right, or not

• Specific, articulated purpose

• Specific data

• Specific, limited, availability of data

• Understand their ‘data sharing’ partnerships

• No pass-through of web-bugs/beacons

• Aggregate data only

• Limited time; EU: 12 months

CS44 – Nick Ragouzis – 2007

Recognize TroubleWe may collect information that can identify you when using our website or in some other manner (think partnership with free wireless, e.g.,) or from our business partners (any one who pays us, e.g.,) or from third parties (or just from anywhere else). We may combine the personal information that we receive from different sources.

Your choices: suck it up, or go away.Editorialized slightly from: evite.com/pages/custservice/privacy.jsp, October, 2007

CS44 – Nick Ragouzis – 2007

Use only Session Cookies

CS44 – Nick Ragouzis – 2007

evite.com/webbug.img?u=wetrackyou

Install and learn to use AdBlock

• Single-pixel transparent non-linking gifs

• Personalized beacons attached to banners

CS44 – Nick Ragouzis – 2007

evite.com/webbug.img?u=wetrackyou

Install and learn to use AdBlock

CS44 – Nick Ragouzis – 2007

Know your Counterparty

This requires special attention!

CS44 – Nick Ragouzis – 2007

Can you see the problem?

CS44 – Nick Ragouzis – 2007

Attend to Details

CS44 – Nick Ragouzis – 2007

Avoiding the Hook

• Sender: … a m e r c a …• Look closely at the sender

• If necessary (for emails purporting to be from high-value services), look inside the email header

• Click-here links:• Always look closely at the URL

• Preferred: only use book-marked URLs to financial institutions or private data collections

CS44 – Nick Ragouzis – 2007

Google Safe Browsing for Firefox

CS44 – Nick Ragouzis – 2007

New IE Address Bar Indicators

CS44 – Nick Ragouzis – 2007

Using Encrypted Services

CS44 – Nick Ragouzis – 2007

Read the Source …

CS44 – Nick Ragouzis – 2007

CS44 – Nick Ragouzis – 2007

Discussion

CS44 – Nick Ragouzis – 2007

Privacy Resources

• eff.org

• idcommons.net

• cdt.org