Adultery is one of the oldest of human preoccupations, but the modern world of social networking and instant messaging is ill-suited to discreet and deniable infidelities. In this talk we will describe what can go wrong with your intra-affair communications, how to avoid such mistakes, and what lessons can be learned.
19. Skype
• “peer to peer” architecture
• robust, replicated, flexible
• excellent security
• ...unless you’re up against the USA
• ...or China
• ...and maybe the UK
@alecmuffett sex, lies and instant messenger
19
20. virtually impossible to expunge
a recent conversation
@alecmuffett sex, lies and instant messenger
20
21. brute-force Skype deletion
makes things worse
messages resurrect from the dead
@alecmuffett sex, lies and instant messenger
21
22. losing control of information is not good
@alecmuffett sex, lies and instant messenger
22
23. do not XMPP/Jabber
• Google chat,
• some Facebook chat
• other systems
@alecmuffett sex, lies and instant messenger
23
24. do not XMPP/Jabber
• Initial message is “multicast”
• to all logged-in instances
• eg: “hello sexy”
• ...arrives on the Home PC
• ...when you are at work
@alecmuffett sex, lies and instant messenger
24
39. do not use Google services /
your normal Google account
• Mail = heavily stored / indexed
• Chat = Mail
• Chrome Bookmarks = Docs
• Toolbar = Docs
• Android = Google Everything
@alecmuffett sex, lies and instant messenger
39
46. don’t combine this with Skype
@alecmuffett sex, lies and instant messenger
46
47. iPhone
• All backed up by iTunes:
• SMS
• call logs
• geolocation (see recent press)
• ...possibly with password
@alecmuffett sex, lies and instant messenger
47
48. Android
• basically ditto
• ...but backed up on Google
@alecmuffett sex, lies and instant messenger
48
49. Smartphone Apps
• backed up on network
• or on iTunes
• same story as elsewhere
@alecmuffett sex, lies and instant messenger
49
50. the problem is with data getting out of
your control
@alecmuffett sex, lies and instant messenger
50
52. avoid sharing geolocation
• Foursquare, Twitter, etc
• “...but your Twitter messages
said that you were in Essex?”
• Do you have an in-car GPS?
• Learn to wipe that, too
• Does your spouse expect GPS?
• Oops.
@alecmuffett sex, lies and instant messenger
52
59. do not send porny pictures to each other
@alecmuffett sex, lies and instant messenger
59
60. do not use the shared family computer
@alecmuffett sex, lies and instant messenger
60
61. do not use work-related hardware
@alecmuffett sex, lies and instant messenger
61
62. work hardware
• not your machine
• not your data?
• automated backups
• network access logged
• may be taken from you
• eg: bankruptcy, fired, updated
• old hardware auctioned
@alecmuffett sex, lies and instant messenger
62
64. do not post an accurate
description of yourself
• including grammatical quirks
• to a swingers/fetish website
• in the public members index
• where Google can cache it
• bookmarking it
• on the family computer
• with photos
@alecmuffett sex, lies and instant messenger
64
66. Things Geeks Do
• Enumerate all possible URLs:
• tinyurl.com
• bit.ly
• is.gd
• t.co
• ...and save the good ones
@alecmuffett sex, lies and instant messenger
66
67. Things Geeks Do
• Trawl...
• Picasa
• Twitpic
• Yfrog
• etc...
• ...to much the same ends
@alecmuffett sex, lies and instant messenger
67
68. Things Geeks Do
• buy hardware from Ebay
• “undelete” files
• desktops
• laptops
• printers
• storage
• hard disks
• thumb drives
@alecmuffett sex, lies and instant messenger
68
69. Things Geeks Do
• buy phones from Ebay
• restore deleted SMS
• retrieve e-mail passwords
@alecmuffett sex, lies and instant messenger
69
72. create a disposable identity
@alecmuffett sex, lies and instant messenger
72
73. use a fake, boring,
common pseudonym
• good
• edward wilson
• carole smith
• bad
• sexxxy4uinwokingham
• anything that’s unique
@alecmuffett sex, lies and instant messenger
73
74. legal?
• You’re probably breaking
contractual “terms of service”
• Is it criminal to lie?
• maybe?
@alecmuffett sex, lies and instant messenger
74
75. avoid linking
real/fake identities
• use a random password
• never used before
• never use anywhere else
@alecmuffett sex, lies and instant messenger
75
76. avoid intermingled filestore
• set up different “users”
• keep sensitive files in one place
• ...hopefully
• ...mostly
• ...except for logs
@alecmuffett sex, lies and instant messenger
76
77. cryptography
• try to get encrypted swap
• avoid sleep/hibernation
• try to get full disk encryption
• at least encrypted home directory
• bundled with OSX
• avoid “master keys”
@alecmuffett sex, lies and instant messenger
77
78. use a secure browser
• do not use your daily browser
@alecmuffett sex, lies and instant messenger
78
84. browser settings
• clear cookies
• clear history
• don't accept 3rd-party cookies
• block popups
@alecmuffett sex, lies and instant messenger
84
85. more browser settings
• don't save form input
• don't save history
• switch off autosuggest
• set to private browser mode
• ...permanently, if possible
• else auto/delete cookies on exit
@alecmuffett sex, lies and instant messenger
85
86. major surgery
• SSL Everywhere
• if available for the browser
• will cause hassle
• Disable Java
• might cause hassle
• nb: not JavaScript (see NoScript)
@alecmuffett sex, lies and instant messenger
86
87. Firefox extensions
• NoScript
• AdBlock Plus
• Ghostery
• “block all web-bugs” mode
• Tor / Torbutton
• or: Tor browser bundle
• advanced, but worth it
@alecmuffett sex, lies and instant messenger
87
89. Flash
• Flash Player
• global security settings panel
• purge flash cookies / sites
• set flash db size to zero
@alecmuffett sex, lies and instant messenger
89
90. HTML5
• set HTML5 db size to zero
• watch for other/new issues
@alecmuffett sex, lies and instant messenger
90
91. this also applies to your phone browser
@alecmuffett sex, lies and instant messenger
91
92. do use webmail
from the secure browser
• use HTTPS/SSL at minimum
• use Tor if/when possible
@alecmuffett sex, lies and instant messenger
92
93. do not bookmark
nor save the password
of your secret webmail
@alecmuffett sex, lies and instant messenger
93
94. where not to save passwords
• not in Keychain.app
• not in “1password”
• not in browser
• not in phone browser
• not in phone mail app
@alecmuffett sex, lies and instant messenger
94
95. keep it in your brain
@alecmuffett sex, lies and instant messenger
95
96. why?
• rubber-hose cryptanalysts
• or divorce lawyers
• prettymuch the same thing
@alecmuffett sex, lies and instant messenger
96
104. do not leave voicemails
@alecmuffett sex, lies and instant messenger
104
105. dumbphone SMS
• lowest common denominator
• phone-to-phone is good
• messages still logged on backend
• but overall exposure is less
@alecmuffett sex, lies and instant messenger
105
106. wipe your SMS messages regularly
@alecmuffett sex, lies and instant messenger
106
107. if you must use smartphone
• dont’ link to your real GoogleID
• check out....
• WhatsApp
• TigerText
@alecmuffett sex, lies and instant messenger
107
108. decommission old hardware
• computers
• DBAN - Darik’s Boot & Nuke
• phones
• Remove SIM
• SMS may be on SIM as well as phone
• check if “factory reset” works
• if not, drive a car over it repeatedly
@alecmuffett sex, lies and instant messenger
108
109. bottom line
the more copies of data exist
the harder it is to remove them
& when data escapes from your control
it's available forever
@alecmuffett sex, lies and instant messenger
109
110. remember
• your lover has the same data
• but may not be taking care of it
• educate them gently
• his/her systems will also
one day be sold on eBay
@alecmuffett sex, lies and instant messenger
110
111. when mistakes happen...
clean up calmly, and
do not amplify the mistake
@alecmuffett sex, lies and instant messenger
111