web brother is watching you

Dr. Sabin Buragawww.purl.org/net/busaco

Web brotheris watching you!?

have you heard the news ?

Mark Zuckerberg (Facebook)www.guardian.co.uk/technology/2010/jan/11/facebook-privacy

the age of privacy is over

Eric Schmidt (Google)http://gawker.com/5419271/google-ceo-secrets-are-for-filthy-people

if you have something that you don’t want anyone to know, maybe you shouldn’t be

doing it in the first place

what is privacy?

privacy is about secrecy

privacy: a person’s right to control accessto his/her personal information

privacy is an inherent human right

privacy is an inherent human right

a requirement for maintainingthe human condition with dignity and respect

Bruce Schneier, 2006

basic kinds of privacy rights


unreasonable intrusion


unreasonable intrusion

e.g., physical/virtual invasion of the private space, searching wallet or USB disks, repeated & persistent

phone calls, obtaining data without person’s consent,…


appropriation of a person’s name or likeness


appropriation of a person’s name or likeness

the use of a person’s name on a product label orin advertising a product or service

injury to personal feelings


publication of private facts


publication of private facts

examples: personal letters, medical treatment,photographs of person in his/her home,ordered goodies, Web browser history…


publication that places a person in a false light


publication that places a person in a false light

defamation acts

liberty

versus

control

if there is the privacy of garbage

if there is the privacy of garbage

…then why not the privacy of virtual life?

“Making Sense of Privacy and Publicity”

danah boyd, SXSW 2010

www.danah.org/papers/talks/2010/SXSW2010.html

main offenders

marketers

marketers

spying on Web users

marketers

companies are collecting information(via cookies, entered text, Flash cookies,…)

on Web pages you visit

http://blogs.wsj.com/wtk/

solution: Ghostery

password crackers

password crackers

using high speed GPU (video card) processorsor SSD drives to crack passwords

https://cyberarms.wordpress.com/

password crackers

http://tinyurl.com/ybhrhbv

“using SSD drives could crack passwords at a rateof 300 billion passwords a second, and could

decode complex password in under 5.3 seconds”

users having access to(public wireless) networks


capturing HTTP messages: client ↔ server


capturing HTTP messages: client ↔ server

impersonating the victims on a variety of Web sites


available tools:WireShark, Firebug (Lite), HTTPwatch, Fiddler,…


available tools:Firesheep – a “benevolent” HTTP session hijacker

(October 2010)


available tools:Firesheep – a “benevolent” HTTP session hijacker

resolving this issue:“How to Deploy HTTPS Correctly”

Chris Palmer (November 2010)

www.eff.org/pages/how-deploy-https-correctly

HTTPS Everywhere extensionwww.eff.org/https-everywhere

…but real-time encryptionis computationally expansive!

NOT any more!

www.imperialviolet.org/2010/06/25/overclocking-ssl.html

“SSL/TLS accounts for less than 1% of the CPU load,less than 10KB of memory per connection

and less than 2% of network overhead”

a long term solution?

WebID (FOAF+TLS)

a secure authentication protocol for the social Web to enable the building of distributed,

open and secure social networks

Henry Story, 2010

WebID (FOAF+TLS)

using semantic Web standards +security protocols built into current Web browsers

web of trust

Web brotheris still watching you

?

web brother is watching you

Technology