DATA CONFIDENTIALITY AND HACKED UBIQUITOUS TECHNOLOGY: HOW MUCH IS ENOUGH? Myriam Leggieri
1. D ATA C O N F I D E N T I A L I T Y A N D
H A C K E D U B I Q U I T O U S T E C H N O L O G Y
2.
3. 1. What you voluntarily share
2. What can be stolen
4. • Facebook’s own Terms of use state: “by posting Member Content to any part of
the Web site, you automatically grant, and you represent and warrant that you
have the right to grant, to facebook an irrevocable, perpetual, non-exclusive,
transferable, fully paid, worldwide license to use, copy, perform, display,
reformat, translate, excerpt and distribute such information and content and to
prepare derivative works of, or incorpoate into other works, such information and
content, and to grant and authorise sublicenses of the foregoing.
• Facebook’s own privacy policy: “Facebook may also collect information about
you from other sources, such as newspapers, blogs, instant messaging services,
and other users of the Facebook service through the operation of the service (eg.
photo tags) in order to provide you with more useful information and a more
personalised experience. By using Facebook, you are consenting to have your
personal data transferred to and processed in the United States.”
5. C R O S S - D E V I C E P R O B A B I L I S T I C
T R A C K I N G
www.campaignlive.com/article/why-cross-device-tracking-latest-obsession-marketers/1361742
1 . W H A T Y O U V O L U N TA R I LY S H A R E
6. I D E N T I T Y T H E F T
2 . W H A T C A N B E S T O L E N
11. 1 . I T ’ S I M P O S S I B L E T O C O M P L E T E LY
S E C U R E D I G I TA L I N F O S O W H Y B O T H E R ?
2 . T H E Y A L R E A D Y K N O W E V E RY T H I N G
A B O U T M E S O W H Y B O T H E R ?
12. • “Encryption works. Properly implemented strong
crypto systems are one of the few things that you can
rely on.” (E. Snowden)
13. E N C RY P T Y O U R C O M M U N I C AT I O N
• Bluetooth off.
• HTTPS everywhere - firefox/chrome browser plugin
• Use TOR
• Browser plugin: Ghostery, AdBlock Plus, NoScript
• Avoid Public WiFi. Otherwise use VPN Tunnel or SSH
SOCKS Proxy
14. S S H S O C K S P R O X Y
—> Set your proxy server to resolve DNS requests instead of your computer
ssh -C -ND 9999 you@example.com
In Firefox’s: about:config area, set network.proxy.socks_remote_dns = true.
15. I F S O M E D ATA I S V E RY
I M P O R TA N T U S E A N A I R G A P
16. U S E E N C RY P T I O N - E N H A N C E D S W
• Email
• GPG (GNU Privacy Guard) - plugins for all major email
clients
• Off-The-Record (OTR) Messaging
• OTR Plugin for Pidgin, ChatSecure
• General
• Silent Circle
17. E N C RY P T I N G E M A I L S
GPG for journalists (12’)
https://vimeo.com/56881481
• alg: RSA, DSA+Elgamal
• use strongest key (more than 2048 bits for RSA, e.g. 3072)
• sign your emails
18. C H O O S E Y O U R PA S S P H R A S E W I S E LY
• Long, memorable, mixing lower and upper cases, include non
alphanumeric characters
• Add intentional personal and memorable typos
• Encrypt your collection of passwords as well (KeyPassX, Keychain
Access, LastPass, etc.)
• Remember phrase related to website you’ll use it in, and use the
initials in the passphrase
I hatses all kind of YELLOW #5
—> 65.53 trillion trillion trillion centuries to attack via brute force
Obama is110% sessy
—> stronger than 110% sexy
“My friends Tom and Jasmine send me a funny email once a day” —>
“MfT&Jsmafe1ad”
19. C H O O S E Y O U R E M A I L P R O V I D E R
W I S E LY
• Never compose sensitive emails within your browser
Any draft/sent/received message saved by your webmail is forever out of your
control
• Unless your email provider uses end-to-end encryption (ProtonMail)
• Rethink your email setup. Assume that all "free" email and webmail services (Gmail
etc) are suspect.
• Always log out!
• Choose 2-steps (or multi-factor) verification
• Change passphrase every 30 to 60 days
20. E N C RY P T Y O U R O W N D ATA
• Encrypt EVERYTHING.
• Disk and USB pen - VeraCrypt, BleachBit
• Be suspicious of commercial encryption software,
especially from large vendors
[ Prefer symmetric over public key, discrete-log over elliptic-curve]
See encryption survey 2016 by Schneider https://www.schneier.com/crypto-
gram/archives/2016/0215.html#11
21. S E C U R E Y O U R O P E R AT I N G S Y S T E M
• Tails
• only storage space used by Tails is in RAM, which is automatically erased
when the computer shuts down
• Qubes
• uses a “Type 1” or “bare metal” hypervisor called Xen. Instead of
running inside an OS, Type 1 hypervisors run directly on the “bare
metal” of the hardware.
• “Type 2” or “hosted” hypervisors (VirtualBox, VMWare)
• Keep OS up to date (FileHippo or Secunia’s Personal SW Inspector can
help)
23. W H E R E Y O U R U N E N C RY P T E D D ATA
G O E S
• Beware of where you click
• Cloud services:
• Or avoid all cloud services based in the US, the UK,
France and other jurisdictions known to be tolerant of
NSA-style snooping
• Or run your own via pogoplug.com and
filetransporter.com
• Cover your webcam when not in use
24. S M A R T P H O N E S
• it's harder to replace the operating system, investigate malware attacks,
remove or replace undesirable bundled software, prevent parties like
the mobile operator from monitoring how you use the device
—> Don’t use your mobile device to store sensitive personal information
or bank account numbers
—> Or encrypt your text and phone conversations using Signal
—> Beware of location tracking provided by your phone FOR FREE
—> beware of capabilities of spying/monitoring sw for phones
—> strip off metadata from photos before upload
25. K N O W L E D G E I S P O W E R
C O N C L U S I O N
26. W I D E S P R E A D E N C RY P T I O N
F O R C E S L I S T E N E R S T O TA R G E T
C O N C L U S I O N
27. D I D Y O U L O C K T H E D O O R
B E H I N D Y O U ? : )