2014 FOSSCON Presentation on the state of Privacy in the post-Snowden Era, Ephemeral Messaging and Social Challenges

1. Reigning InThe Data
The Need for “Ephemeral” Content
And the Social Impacts of the Privacy
Crisis In the Post-Snowden Era
FOSSCON 2014 Andrew Schwabe

2. A Copy of this Presentation
• Will be linked via twitter:
• Follow me at @aschwabe
• Posted on my blog: PainInTheApps.com

3. Background
• Tech Entrepreneur
• 20 yrs in Encryption + Data Security
• Mobile, Social, Privacy focus now
• Assisted FBI for online predator hunts
• Founder of Point.io
• Hackr #001 at new startup: STASH
• Privacy + OSS Advocate

4. • LaunchedAugust 2014
• First announced at FOSSCON!
• The worlds first peer-validation
ephemeral messaging platform
• http://Stash.My

5. Ahhhhh the Internet!

6. Ignorance *was* bliss
• A smartphone was just a phone with
email and junk and stuff
• We didn’t care if our kids uploaded pictures and shared
where they were during the day (every day?)
• We didn’t think twice about emailing sensitive or
private stuff to ourselves or friends, even in gmail…

7. Then…

8. 1.2 Billion Usernames and passwords compromised

11. Welcome to a new Era!

12. Used to be…
…the government would protect your privacy

14. and stealing your secrets…
…took effort and some paper moon trickery…
<Cthon98> hey, if you type in your pw, it will
show as stars
<Cthon98> ********* see!
<AzureDiamond> hunter2
<AzureDiamond> doesnt look like stars to me
<Cthon98> <AzureDiamond> *******
<Cthon98> thats what I see
<AzureDiamond> oh, really?
<Cthon98> Absolutely
…
<AzureDiamond> oh, ok.

15. SoWhat Happened???
• Mobile devices got powerful and complex
• Social media exploded onto the scene
• Consumerization of IT
• … and we didn’t know what was going on…

17. The Privacy Crisis
• We can at least be concerned that the NSA
have cracked and monitor:
– SSL (HTTPS) website activity
– RSA encryption certificates (public/private keys)
– 4G mobile networks (voice and data)
– VoIP voice services
– And any websites/etc. that use the above

18. NSA security coverage
• Means that they *can* (not will)
hack/monitor most of the services we rely on
daily
• These all use the same core security tech

19. Google, Microsoft, other
email scans
What is next ?

20. Data creation explosion
We are creating huge
amounts of digital
content, much of
which lives longer in
the cloud than we
intended or have use
for.

21. Data creation
• A large portion of what we create will live on disk
somewhere beyond our use for it
• The last decade was spent schooling people on having
backups

22. People know enough to be
concerned

24. Google’s Right to be Forgotten

25. We SHOULD…
• Be concerned about
– what gets shared
– with whom
– And how long it lasts

26. Apps that are helping
• Snapchat
• Wickr
• Spideroak
• All focused on being a “place” where your
stuff is secure

27. Ephemeral
• What does it mean?
• Origin: greek word “ephĕmeros”
• “lasting for a very short time”
• The new “bucket” for technology that
manages the life of digital content

28. How does it help
• Personal privacy
• Corporate Risk
• Facebook vs snapchat models
• The opposite of Big Data ?

29. Is it enough?
• The concept is still new
• People are building “apps” more than broad
sweeping “solutions”
• It doesn’t address the issue of being
monitored/collected by NSA/Others
(strong encryption)

30. True anonymity ?
• Maybe the answer is anonymous
communication??
• Only available for *some* activity online
• Whistleblowers – do we want to enable
WikiLeaks and Snowdens ?
• But isn’t true anonymity the….

31. Dark Side of the Internet

32. Tools exist for anonymity
• “Leak” website lets you send untrackable anonymous emails.
– Inappropriate emails anybody ?
– Harrassment, abuse ?
• Tor lets you encrypt your web traffic and make you difficult to track
– Porn and pirated content
• Bitcoin exists to keep the banks out of your financial dealings
– Silk Road. BUSTED.

33. But Still Enable Naughty Activity
• Gov’ts around the world cracking down on
porn and sex trafficking
• FBI InfectingTor users with Malware
• Google and Microsoft scan emails, etc. and
report questionable content to authorities
• Evil begets evil

34. Accountability
• There is no way to make everybody behave
• As a global society we need new ways to
encourage law abiding netizens

35. OMG I’m Scared
• What should I do?
– Know the risks
– Use technologies to protect yourself
– Don’t associate with those who don’t behave

36. What we [might] need
(the Future?)
• Anonymous peer validation for data integrity
• Anonymous submissions to known entities
only for whistleblowing
• Social content stays social and never collected
for “Big Data”

37. In Summary
• We are in a new era
• Keep Calm
• Stay Educated
• Don’t Share unless you know the risks
• Use the right tech for your security/privacy needs

38. For Some Fun Reading
• “Cryptonomicon” by Neal Stephenson
– A futuristic take on:
– Underground Data Haven
– Anonymous Internet Banking
– Digital Gold Currency

39. Q&A

40. Thank you for coming!
• Presentation will be shared via twitter:
• Follow me at @aschwabe
• AND Posted on my blog: PainInTheApps.com