online privacy tools

@jschauma

“This is your last chance, kid. Honest people don't have anything to hide.”

Jan Schaumann <[email protected]>

5CCF 31AE 6746 74E9 8972772D 3F73 4F36 DBEC 11C0

Don’t they?

Wednesday, September 4, 13

mailto:[email protected]


@jschauma https://t.co/YKl4CA7Fq0 vs. https://t.co/pvHUvf7zg4


http://t.co/YKl4CA7Fq0

http://t.co/YKl4CA7Fq0

@jschauma

“But what if I decreed that from now on, every time you went to evacuate some solid waste, you'd have to do it in a glass room perched in the middle of Times Square, and you'd be buck naked?”

“[Privacy is] about your life belonging to you.”


@jschauma

The right to whisper.

What #privacy is about.


@jschauma https://t.co/F9EbNnCBLV


http://is.gd/i0gVaj

http://is.gd/i0gVaj

@jschauma https://t.co/G8Xdh7y2oJ


http://is.gd/i0gVaj

http://is.gd/i0gVaj

@jschauma https://t.co/gVe4YjV7WF


http://is.gd/i0gVaj

http://is.gd/i0gVaj

@jschauma

How do we lose privacy?


@jschauma https://duckduckgo.com/?q=nsa+spying


http://is.gd/i0gVaj

http://is.gd/i0gVaj

@jschauma https://en.wikipedia.org/wiki/Fundamental_human_needs


http://is.gd/i0gVaj

http://is.gd/i0gVaj

@jschauma Metadata.

https://t.co/pgbZaI307M


http://is.gd/i0gVaj

http://is.gd/i0gVaj

http://t.co/pgbZaI307M

http://t.co/pgbZaI307M

@jschauma

https://t.co/pgbZaI307M

John McAfee knows about metadata.


@jschauma The Internet.


http://is.gd/i0gVaj

http://is.gd/i0gVaj

@jschauma Clown Computing.


http://is.gd/i0gVaj

http://is.gd/i0gVaj

@jschauma Networking.



IP: 166.84.7.99

IP: 207.38.152.228


@jschauma For example: http://freegeoip.net/

IP: 166.84.7.99

IP: 207.38.152.228Location: 40.7143, -74.006


http://freegeoip.net

http://freegeoip.net

@jschauma Metadata.

IP: 166.84.7.99

IP: 207.38.152.228Location: 40.7143, -74.006

Time: 25/Aug/2013:20:50:41 -0400


@jschauma Metadata.

IP: 166.84.7.99

IP: 207.38.152.228Location: 40.7143, -74.006

Time: 25/Aug/2013:20:50:41 -0400

Request: /blog/images/implied-facepalm.jpg


@jschauma Metadata.

IP: 166.84.7.99

IP: 207.38.152.228Location: 40.7143, -74.006

Time: 25/Aug/2013:20:50:41 -0400

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:23.0) Gecko/20100101 Firefox/23.0



@jschauma Metadata.

IP: 166.84.7.99

IP: 207.38.152.228Location: 40.7143, -74.006

Time: 25/Aug/2013:20:50:41 -0400


Referer: http://emptyclosets.com/forum/entertainment-media/106418-justin-bieber-says-interview-im-ready-dad-wtf.html



http://emptyclosets.com/forum/entertainment-media/106418-justin-bieber-says-interview-im-ready-dad-wtf.html






@jschauma Metadata.

IP: 166.84.7.99

IP: 207.38.152.228Location: 40.7143, -74.006

Time: 25/Aug/2013:20:50:41 -0400




001010101110101010101111010101101010101101010110011000101010110101101100110101010101010011001001010101010010010101101010110101101011011010101101011110100001000001111010








@jschauma Cooooookies.


@jschauma Seems legit.


@jschauma https://t.co/GiNaI568ym


http://t.co/GiNaI568ym


@jschaumahttps://t.co/aauYRJv1L4


http://is.gd/lOS1xz

http://is.gd/lOS1xz

@jschauma

Cryptography may provide:

https://www.schneier.com/book-ce.html




@jschauma


Confidentiality





@jschauma


ConfidentialityIntegrity





@jschauma


ConfidentialityIntegrity

Authenticity





@jschauma

Security is HARD.

What are we protecting?Who are we protecting it from?

Who or what can defeat our solution?

Can we do better?

http://youtu.be/NO0cvqT1tAE

What are we still leaking?




@jschauma Low hanging fruit first.




@jschauma

Default to HTTPS.


@jschauma

Default to HTTPS.Many sites (Twitter, Facebook, Gmail, ...) already

default to HTTPS.


@jschauma


default to HTTPS.

Dig in preferences for ‘Enable SSL by default’ or similar setting.


@jschauma


default to HTTPS.

Dig in preferences for ‘Enable SSL by default’ or similar setting.

Use the EFF’s ‘HTTPS-Everywhere’ browser plugin:https://www.eff.org/https-everywhere

FTW!




https://www.eff.org/https-everywhere

https://www.eff.org/https-everywhere

@jschauma https://youtu.be/iQsKdtjwtYI





Authentication





Confidentiality

Authentication





Integrity

Confidentiality

Authentication




@jschauma


@jschauma

Security is HARD.

What are we protecting?Who are we protecting it from?

Who or what can defeat our solution?

Can we do better?

https://youtu.be/NO0cvqT1tAE

What are we still leaking?




@jschauma HTTPS protects data in transit.

IP: 166.84.7.99

IP: 207.38.152.228Location: 40.7143, -74.006

Time: 25/Aug/2013:20:50:41 -0400




001010101110101010101111010101101010101101010110011000101010110101101100110101010101010011001001010101010010010101101010110101101011011010101101011110100001000001111010








@jschauma https://t.co/iOf6M1xSoO




@jschauma“If you are not paying for it, you’re not the customer

- you’re the product being sold.”Wednesday, September 4, 13

@jschauma

Where I come from...

http://nullreferrer.com/




@jschauma

Where I come from...

http://nullreferrer.com/

...is really none of your business.




@jschauma https://t.co/NhkRgUqSFv




@jschauma https://t.co/PHDdu91aDP

Control your cookie consumption!






@jschauma

Private Browsing


@jschauma

Private Browsing

https://www.eff.org/issues/do-not-track




@jschauma https://t.co/1GrWzbcXDT




@jschauma

Google Analytics Google Analytics

Website


@jschauma

Google Analytics


Website


@jschauma

Google Analytics

DoubleClick


Website


@jschauma

Google Analytics

DoubleClick

Facebook Connect


Website


@jschauma

Google Analytics

DoubleClick

Facebook Connect


JqueryWebsite


@jschauma

Google Analytics

DoubleClick

Facebook Connect


Jquery

https://t.co/RqPmbO0u3e

...

Website


http://t.co/RqPmbO0u3e


@jschauma

Google Analytics

DoubleClick

Facebook Connect


Jquery

https://t.co/RqPmbO0u3e

...

Website

Location: 40.7143, -74.006Time: 25/Aug/2013:20:50:41 -0400

IP: 207.38.152.228...




@jschauma

Block trackers:

https://www.ghostery.com/https://twitter.com/ghostery

https://www.abine.com/dntdetail.php https://twitter.com/abine


https://www.ghostery.com

https://www.ghostery.com

https://twitter.com/ghostery

https://twitter.com/ghostery

https://www.abine.com/dntdetail.php




@jschauma https://t.co/DiMYreMHPX




@jschauma https://t.co/ryJj7m3CKz




@jschauma

Quis custodiet ipsos custodes?

https://t.co/SgLGkKUxtF




@jschauma

Private Browsing

https://t.co/vTufUSJUkO




@jschauma

Quis custodiet ipsos custodes?

https://t.co/vTufUSJUkO

How does Phishing and Malware Protection work in Firefox?Phishing and Malware Protection works by checking the sites that you visit against lists of reported phishing and malware sites. These lists are automatically downloaded and updated every 30 minutes or so when the Phishing and Malware Protection features are enabled.[...]Before blocking the site, Firefox will request a double-check to ensure that the reported site has not been removed from the list since your last update. In both cases, existing cookies you have from google.com, our list provider, may also be sent.




https://www.mozilla.org/en-US/firefox/phishing-protection/#

https://www.mozilla.org/en-US/firefox/phishing-protection/#

@jschauma

https://panopticlick.eff.org/

FTW!


https://panopticlick.eff.org

https://panopticlick.eff.org



@jschauma So... what are we still leaking?

IP: 166.84.7.99

IP: 207.38.152.228Location: 40.7143, -74.006

Time: 25/Aug/2013:20:50:41 -0400




001010101110101010101111010101101010101101010110011000101010110101101100110101010101010011001001010101010010010101101010110101101011011010101101011110100001000001111010















@jschauma https://t.co/8vUNrlG9zf

If you could just write down all of the phone numbers you’ve called in the last two years together with time, duration and location of the calls made, that’d be super.

It’s just metadata.


http://t.co/8vUNrlG9zf

http://t.co/8vUNrlG9zf


Website


@jschauma Email.

Provider: www.gmail.com

IP: 166.84.7.99

Client IP: 207.38.152.228


@jschauma Email.


IP: 166.84.7.99

Client IP: 207.38.152.228

Provider: mail.yahoo.com


http://www.gmail.com


@jschauma Email.


IP: 166.84.7.99

Client IP: 207.38.152.228

IP: 74.125.226.245

IP: 63.250.192.45

Provider: mail.yahoo.com




@jschauma Email.

IP: 74.125.226.245

Server: www.gmail.com

IP: 166.84.7.99

Client IP: 207.38.152.228

IP: 63.250.192.45 SSL

SSL


@jschauma Email.

IP: 74.125.226.245


IP: 166.84.7.99

Client IP: 207.38.152.228

IP: 63.250.192.45 SSL

SSL

LOL “Upstream”


@jschauma Cryptography to the rescue!


@jschauma https://t.co/fr2KcLQeZB


https://t.co/fr2KcLQeZB

https://t.co/fr2KcLQeZB

@jschauma

PGP

@GPGTools: https://gpgtools.org/

@mailvelope: http://www.mailvelope.com/

http://www.gnupg.org/


https://gpgtools.org


http://www.mailvelope.com


@jschauma What are we still leaking?

001010101110101010101111010101101010101101010110011000101010110101101100110101010101



001010101110101010101111010101101010101101010110011000101010110101101100110101010101

PGP



001010101110101010101111010101101010101101010110011000101010110101101100110101010101

PGP

From: [email protected]: [email protected]

IP: 207.38.152.228Location: 40.7143, -74.006

Time: 25/Aug/2013:20:50:41 -0400






@jschauma https://t.co/FkEQYBXWBa




@jschauma https://t.co/FkEQYBXWBa

Can we do better?




@jschauma Chat.

IP: 166.84.7.99

IP: 207.38.152.228


@jschauma Chat.

IP: 166.84.7.99

IP: 207.38.152.228

connection encrypted


@jschauma Chat.

IP: 166.84.7.99

IP: 207.38.152.228


LOL #PRISM


@jschauma Chat.

IP: 166.84.7.99

IP: 207.38.152.228



@jschauma Chat.

IP: 166.84.7.99

IP: 207.38.152.228


LOL Cryptanalysis


@jschauma

Off The Record Messaging

end-to-end encryptionauthentication

deniabilityperfect forward secrecy

http://www.cypherpunks.ca/otr/




@jschauma https://t.co/gSg4jcV8bs

chat content encrypted


http://t.co/gSg4jcV8bs


@jschauma https://t.co/gSg4jcV8bs


LOL“Border” search




@jschauma https://t.co/jbWM2zCkHn

§ 287 (a) (3) of the Immigration and Nationality Act, 66 Stat. 233, 8 U.S.C. § 1357(a)(3), which simply provides for warrantless searches of automobiles and other conveyances "within a reasonable distance from any external boundary of the United States"




https://en.wikipedia.org/wiki/Title_8_of_the_United_States_Code

https://en.wikipedia.org/wiki/Title_8_of_the_United_States_Code

http://www.law.cornell.edu/uscode/8/1357.html#a_3

http://www.law.cornell.edu/uscode/8/1357.html#a_3

@jschauma OTR.

Connections establishedvia SSL to central server.


@jschauma OTR.




@jschauma OTR.



LOL Metadata

IP: 166.84.7.99

IP: 207.38.152.228Location: 40.7143, -74.006

Time: 25/Aug/2013:20:50:41 -0400


@jschauma No VPN.

IP: 74.125.226.245


IP: 166.84.7.99

Client IP: 207.38.152.228


@jschauma VPN.

VPNAES256

IP: 207.38.152.228Location: 40.7143, -74.006

IP: 205.251.192.55


@jschauma VPN.

VPN

LOL NSL

AES256

IP: 207.38.152.228Location: 40.7143, -74.006

IP: 205.251.192.55


@jschauma https://www.torproject.org/




@jschauma https://t.co/mSBO7VmiGX




@jschauma https://t.co/ZYzbWsK4HG




@jschauma

Understand your threat model!

https://xkcd.com/538/




@jschauma

Understand your threat model!


LOL NSL

LOL indeed.




@jschauma

Things you can do:Part I (Web)

Use services with strong privacy defaults.

https://prism-break.org/




@jschauma


https://ixquick.com/

https://duckduckgo.com/

http://www.yacy.net

http://donttrack.us/










@jschauma


enable HTTPS on servicesuse HTTPS-Everywhere

Delete CookiesEnable DNT

Disable RefererSet User Agent


@jschauma

Things you can do:Part II (Email)

Disable HTML.

Delete your email.

Use services with strong privacy defaults.

https://t.co/uorBWl4X5a




@jschauma


https://mykolab.com/

https://mail.riseup.net/

(Run your own mail server.)


https://mykolab.com

https://mykolab.com

https://mail.riseup.net

https://mail.riseup.net

@jschauma


Use PGP.

@GPGTools: https://gpgtools.org/

@mailvelope: http://www.mailvelope.com/

http://www.gnupg.org/






http://www.gnupg.org

http://www.gnupg.org

@jschauma

Things you can do:Part III (Chat)

Use OTR.

Don’t store logs.


@jschauma

https://crypto.cat/ https://www.adium.im/

https://whispersystems.org/ https://guardianproject.info/apps/gibber/

...

Things you can do:Part III (Chat)


https://crypto.cat

https://crypto.cat

https://www.adium.im

https://www.adium.im

https://whispersystems.org

https://whispersystems.org

https://guardianproject.info/apps/gibber/

https://guardianproject.info/apps/gibber/

@jschauma

Things you can do:Part IV

Use a VPN.

Use Tor.


@jschauma

Down the rabbit hole.

Tumbling down the rabbit hole...




@jschauma



Tailshttps://tails.boum.org/




https://tails.boum.org


@jschauma




Least Authorityhttps://leastauthority.com/






https://leastauthority.com


@jschauma




Least Authorityhttps://leastauthority.com/Little Snitch

https://t.co/brvDYrOOur










@jschauma



Hidden Serviceshttps://t.co/f0LmP2vylJ







https://t.co/f0LmP2vylJ








@jschauma



Hidden Serviceshttps://t.co/f0LmP2vylJ Dark Web

http://www.thehiddenwiki.net/









http://www.thehiddenwiki.net








@jschauma



Hidden Serviceshttps://t.co/f0LmP2vylJ Dark Web

http://www.thehiddenwiki.net/




...














@jschauma

Oh, and one more thing...

http://www.netmeister.org/blog/opt-links.html




@jschauma

Oh, and one more thing...


"Nobody does more lasting good for the Internet with less. Every penny you donate makes change for the better."— Cory Doctorow

https://supporters.eff.org/donate






online privacy tools

Technology