securing your privacy
DESCRIPTION
Josh Hamit presented this talk at Dallas Web Security Group's October MeetingTRANSCRIPT
Credera is a full-service management and
technology consulting firm. Our clients range
from Fortune 1,000 companies to emerging
industry leaders. We provide expert, objective
advice to help solve complex business and
technology challenges.
Dallas Office15303 Dallas ParkwaySuite 300Addison, TX 75001
972.692.0010 Phone972.692.0019 Fax
Denver Office5445 DTC ParkwaySuite 1040Greenwood Village, CO 80111
303.623.1344 Phone303.484.4577 Fax
Houston Office800 Town & Country BlvdSuite 300Houston, TX 77024
713.496.0711 Phone713.401.9650 Fax
Austin Office9020 N Capital of Texas HwySuite 345Austin, TX 78759
512.327.1112 Phone512.233.0844 Fax
Discussion document – Strictly Confidential & Proprietary
Securing Your PrivacyDallas, TXJuly 9, 2013
Dallas Web Security Group
Josh Hamit
Agenda …
How can I preserve my privacy?
Introductions
Why Privacy Matters
Strategies to Protect Privacy
Ways to Execute Privacy StrategiesInternet BrowsingMobile UsageEmailsData Storage
Q&A
7/9/13
Dallas Web Security Group
3
Introductions
7/9/13
Dallas Web Security Group
4
Dustin Talk and Josh Hamit (both not Anonymous)
Josh HamitJoshua Hamit is a Consultant in the Custom Java Development Practice at Credera. He earned his B.B.A in Management Information Systems from Baylor University. Joshua has several years experience designing and implementing technology solutions utilizing a broad range of technologies while adhering to industry best practices. While at Credera, he has lead the design and implementation of multiple single sign-on authentication systems, enterprise integrations, complex UI solutions, analytic tracking pixels, and mobile web applications.
Past Presentations:Addressing Top Security Threats in Web ApplicationsAddressing Cross-Cutting Concerns with AOPFunctional Testing with GebStripe’s Capture The Flag #2
Introductions…
7/9/13
Dallas Web Security Group
5
Why Privacy Matters
7/9/13
Dallas Web Security Group
6
Privacy does NOT equal secrecy.
Nothing-to-hide argument - https://chronicle.com/article/Why-Privacy-Matters-Even-if/127461/ Bill of Rights 1 Freedom of Speech, Press, Religion and Petition 2 Right to keep and bear arms 4 Protections against search and seizure 5 Provisions concernng prosecution Businesses, wrongful imprisonment, hackers, foreign governments No fly list, no buy list (OFAC)- http://www.treasury.gov/ofac/downloads/sdnlist.txt Invoke 5th amendment -
http://www.cato.org/blog/salinas-v-texas?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Cato-at-liberty+%28Cato+at+Liberty%29
Examples - -http://www.zeit.de/datenschutz/malte-spitz-data-retention https://docs.google.com/spreadsheet/ccc?key=0An0YnoiCbFHGdGp3WnJkbE4xWTdDTVV0ZDlQeWZmSXc&authkey=COCjw-kG&hl=en_GB&authkey=COCjw-kG#gid=0
Texas teen jailed over joke in FB comment - http://www.theregister.co.uk/2013/07/08/texas_teen_jailed_for_facebook_comment/
Why Privacy Matters…
7/9/13
Dallas Web Security Group
7
Strategies to Protect Privacy
7/9/13
Dallas Web Security Group
8
There's more than one way to protect your privacy. Don't get pigeon-holed into a solution.
Strategies to Protect Privacy…
7/9/13
Dallas Web Security Group
9
Encryption
Misinformation Stenography Port-knocking Crowd-sourcing
Other Alternatives
Internet Browsing
7/9/13
Dallas Web Security Group
10
It's important to understand the different layers involved in browsing and useful tools to help manage them.
Ways to Execute Privacy Strategies … Internet Browsing ...
7/9/13
Dallas Web Security Group
11
Browser ToolsAdBlock, Ghostery, Etc...Misinformation - http://adage.com/article/privacy-and-regulation/student-project-kill-digital-ad-targeting/242955/
Network StackProxiesSSH TunnelsVPN
Resourceshttps://www.eff.org/pages/tor-and-httpshttps://github.com/rossjones/alternative-internet
Emails
7/9/13
Dallas Web Security Group
12
Different techniques to secure your emails should be used depending on your requirements.
Ways to Execute Privacy Strategies … Emails ...
7/9/13
Dallas Web Security Group
13
Asymmetric Cryptography - http://arstechnica.com/security/2013/06/encrypted-e-mail-how-much-annoyance-will-you-tolerate-to-keep-the-nsa-away
Disposable Inboxes
RemailersType 1 - Pseudonymous - can be replied to - Cypherpunk - no address fromType 2 (mixmaster) - Fixed size packets and reorders themType 3 (mixminion) - mix network - support SURBs (single use reply block)
Mobile Usage
7/9/13
Dallas Web Security Group
14
It's important to understand the different layers involved in browsing and useful tools to help manage them.
Ways to Execute Privacy Strategies … Mobile Usage ...
7/9/13
Dallas Web Security Group
15
Who's Listening? Businesses -
http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html?source=hn#Analysis1
Government - http://online.wsj.com/article_email/SB10001424127887323873904578571893758853344-lMyQjAxMTAzMDAwODEwNDgyWj.html
Ways to prevent tracking Obtaining phone Obtaining service Operating Systems -
http://en.wikipedia.org/wiki/Comparison_of_mobile_operating_systems Calls, texts, data, applications - https://www.whispersystems.org/
Use technology to your advantage! https://play.google.com/store/search?q=call+recorder
Cloud Storage
7/9/13
Dallas Web Security Group
16
It's important to understand the different layers involved in browsing and useful tools to help manage them.
Ways to Execute Privacy Strategies … Mobile Usage ...
7/9/13
Dallas Web Security Group
17
“Secure” CloudsPersonal Swiss Data Bank - http://www.washingtonpost.com/business/technology/after-prism-reports-swiss-data-bank-sees-boost/2013/07/08/cc8dfe14-e569-11e2-aef3-339619eab080_story.html
Personal CloudsCozycloud - https://demo.cozycloud.cc/#homeOwn Cloud - https://owncloud.org/
Test the services you use (even if you're not a “hacker”)https://cloudsweeper.cs.uic.edu/
Conclusion
7/9/13
Dallas Web Security Group
18
Develop your own privacy strategy and execute it.
“You can't buy security”- Frank Herbert
https://www.eff.orghttps://prism-break.org
Conclusion …
7/9/13
Dallas Web Security Group
19
Q&A
7/9/13
Dallas Web Security Group
20