web brother is watching you
DESCRIPTION
Several aspects regarding the user privacy in the context of actual Web applications: treats and possible solutions.TRANSCRIPT
Dr. Sabin Buragawww.purl.org/net/busaco
Web brotheris watching you!?
have you heard the news ?
Mark Zuckerberg (Facebook)www.guardian.co.uk/technology/2010/jan/11/facebook-privacy
the age of privacy is over
Eric Schmidt (Google)http://gawker.com/5419271/google-ceo-secrets-are-for-filthy-people
if you have something that you don’t want anyone to know, maybe you shouldn’t be
doing it in the first place
what is privacy?
privacy is about secrecy
privacy is about secrecy
privacy: a person’s right to control accessto his/her personal information
privacy: a person’s right to control accessto his/her personal information
privacy is an inherent human right
privacy is an inherent human right
a requirement for maintainingthe human condition with dignity and respect
Bruce Schneier, 2006
basic kinds of privacy rights
basic kinds of privacy rights
unreasonable intrusion
basic kinds of privacy rights
unreasonable intrusion
e.g., physical/virtual invasion of the private space, searching wallet or USB disks, repeated & persistent
phone calls, obtaining data without person’s consent,…
basic kinds of privacy rights
appropriation of a person’s name or likeness
basic kinds of privacy rights
appropriation of a person’s name or likeness
the use of a person’s name on a product label orin advertising a product or service
injury to personal feelings
basic kinds of privacy rights
publication of private facts
basic kinds of privacy rights
publication of private facts
examples: personal letters, medical treatment,photographs of person in his/her home,ordered goodies, Web browser history…
basic kinds of privacy rights
publication that places a person in a false light
basic kinds of privacy rights
publication that places a person in a false light
defamation acts
liberty
versus
control
if there is the privacy of garbage
if there is the privacy of garbage
…then why not the privacy of virtual life?
“Making Sense of Privacy and Publicity”
danah boyd, SXSW 2010
www.danah.org/papers/talks/2010/SXSW2010.html
main offenders
marketers
marketers
spying on Web users
marketers
companies are collecting information(via cookies, entered text, Flash cookies,…)
on Web pages you visit
http://blogs.wsj.com/wtk/
solution: Ghostery
password crackers
password crackers
using high speed GPU (video card) processorsor SSD drives to crack passwords
https://cyberarms.wordpress.com/
password crackers
http://tinyurl.com/ybhrhbv
“using SSD drives could crack passwords at a rateof 300 billion passwords a second, and could
decode complex password in under 5.3 seconds”
users having access to(public wireless) networks
users having access to(public wireless) networks
capturing HTTP messages: client ↔ server
users having access to(public wireless) networks
capturing HTTP messages: client ↔ server
impersonating the victims on a variety of Web sites
users having access to(public wireless) networks
available tools:WireShark, Firebug (Lite), HTTPwatch, Fiddler,…
users having access to(public wireless) networks
available tools:WireShark, Firebug (Lite), HTTPwatch, Fiddler,…
users having access to(public wireless) networks
available tools:Firesheep – a “benevolent” HTTP session hijacker
(October 2010)
users having access to(public wireless) networks
available tools:Firesheep – a “benevolent” HTTP session hijacker
resolving this issue:“How to Deploy HTTPS Correctly”
Chris Palmer (November 2010)
www.eff.org/pages/how-deploy-https-correctly
HTTPS Everywhere extensionwww.eff.org/https-everywhere
…but real-time encryptionis computationally expansive!
NOT any more!
www.imperialviolet.org/2010/06/25/overclocking-ssl.html
“SSL/TLS accounts for less than 1% of the CPU load,less than 10KB of memory per connection
and less than 2% of network overhead”
a long term solution?
WebID (FOAF+TLS)
a secure authentication protocol for the social Web to enable the building of distributed,
open and secure social networks
Henry Story, 2010
WebID (FOAF+TLS)
using semantic Web standards +security protocols built into current Web browsers
web of trust
Web brotheris still watching you
?