web brother is watching you

Post on 09-May-2015

2.195 Views

Category:

Technology

1 Downloads

Preview:

Click to see full reader

DESCRIPTION

Several aspects regarding the user privacy in the context of actual Web applications: treats and possible solutions.

TRANSCRIPT

Dr. Sabin Buragawww.purl.org/net/busaco

Web brotheris watching you!?

have you heard the news ?

Mark Zuckerberg (Facebook)www.guardian.co.uk/technology/2010/jan/11/facebook-privacy

the age of privacy is over

Eric Schmidt (Google)http://gawker.com/5419271/google-ceo-secrets-are-for-filthy-people

if you have something that you don’t want anyone to know, maybe you shouldn’t be

doing it in the first place

what is privacy?

privacy is about secrecy

privacy is about secrecy

privacy: a person’s right to control accessto his/her personal information

privacy: a person’s right to control accessto his/her personal information

privacy is an inherent human right

privacy is an inherent human right

a requirement for maintainingthe human condition with dignity and respect

Bruce Schneier, 2006

basic kinds of privacy rights

basic kinds of privacy rights

unreasonable intrusion

basic kinds of privacy rights

unreasonable intrusion

e.g., physical/virtual invasion of the private space, searching wallet or USB disks, repeated & persistent

phone calls, obtaining data without person’s consent,…

basic kinds of privacy rights

appropriation of a person’s name or likeness

basic kinds of privacy rights

appropriation of a person’s name or likeness

the use of a person’s name on a product label orin advertising a product or service

injury to personal feelings

basic kinds of privacy rights

publication of private facts

basic kinds of privacy rights

publication of private facts

examples: personal letters, medical treatment,photographs of person in his/her home,ordered goodies, Web browser history…

basic kinds of privacy rights

publication that places a person in a false light

basic kinds of privacy rights

publication that places a person in a false light

defamation acts

liberty

versus

control

if there is the privacy of garbage

if there is the privacy of garbage

…then why not the privacy of virtual life?

“Making Sense of Privacy and Publicity”

danah boyd, SXSW 2010

www.danah.org/papers/talks/2010/SXSW2010.html

main offenders

marketers

marketers

spying on Web users

marketers

companies are collecting information(via cookies, entered text, Flash cookies,…)

on Web pages you visit

http://blogs.wsj.com/wtk/

solution: Ghostery

password crackers

password crackers

using high speed GPU (video card) processorsor SSD drives to crack passwords

https://cyberarms.wordpress.com/

password crackers

http://tinyurl.com/ybhrhbv

“using SSD drives could crack passwords at a rateof 300 billion passwords a second, and could

decode complex password in under 5.3 seconds”

users having access to(public wireless) networks

users having access to(public wireless) networks

capturing HTTP messages: client ↔ server

users having access to(public wireless) networks

capturing HTTP messages: client ↔ server

impersonating the victims on a variety of Web sites

users having access to(public wireless) networks

available tools:WireShark, Firebug (Lite), HTTPwatch, Fiddler,…

users having access to(public wireless) networks

available tools:WireShark, Firebug (Lite), HTTPwatch, Fiddler,…

users having access to(public wireless) networks

available tools:Firesheep – a “benevolent” HTTP session hijacker

(October 2010)

users having access to(public wireless) networks

available tools:Firesheep – a “benevolent” HTTP session hijacker

resolving this issue:“How to Deploy HTTPS Correctly”

Chris Palmer (November 2010)

www.eff.org/pages/how-deploy-https-correctly

HTTPS Everywhere extensionwww.eff.org/https-everywhere

…but real-time encryptionis computationally expansive!

NOT any more!

www.imperialviolet.org/2010/06/25/overclocking-ssl.html

“SSL/TLS accounts for less than 1% of the CPU load,less than 10KB of memory per connection

and less than 2% of network overhead”

a long term solution?

WebID (FOAF+TLS)

a secure authentication protocol for the social Web to enable the building of distributed,

open and secure social networks

Henry Story, 2010

WebID (FOAF+TLS)

using semantic Web standards +security protocols built into current Web browsers

web of trust

Web brotheris still watching you

?

top related