PyConWeb - 2019 Auditing websites & apps for privacy leaks.

•

0 gefällt mir•481 views

This document discusses privacy leaks on websites and apps. It describes common uses of third parties like analytics and recommendations. However, it notes that many websites leak sensitive personal information to numerous third parties without user consent. It proposes tools like Mitmproxy and a framework called Babel to analyze privacy and security practices, identify leaks, and grade sites on headers. Demoing these tools, it finds sites leaking data and discusses helping organizations audit privacy.

Internet

Konark Modi, Tech Lead – Cliqz GmbH
@konarkmodi
What do travel, food & health
websites have in common?
Auditing websites & apps for privacy leaks

https://giphy.com/gifs/cat-funny-5tSvsYJl4T4fC

Legit use cases for third-parties.
• Web analytics
• Content delivery network
• On- and offsite user journey and conversion tracking
• App performance
• Audience measurement
• Goal conversions
• Content recommendation
• Social sharing

More details: https://medium.freecodecamp.org/how-airlines-dont-care-about-your-privacy-case-study-emirates-com-6271b3b8474b

Tell Tale URLs
“ A URL which contains sensitive data or can
lead you to a page which contains sensitive
information. “

Identifying leaks #1
~7 third-parties with whom this information was shared

Identifying leaks #2
Foodora leaking address details to 18 third-party domains.

Identifying leaks #3
Spotify leaking oAuth token to ~12 third-party domains.

Risks of Tell Tale URLs #1
• Websites are clearly leaking sensitive PII to plethora of third-parties.

Risks of Tell Tale URLs #2
• Websites are clearly leaking sensitive PII to plethora of third-parties.
• More often without users’ consent.

Risks of Tell Tale URLs #3
• Websites are clearly leaking sensitive PII to plethora of third-parties.
• More often with users’ consent.
• More dangerously without the websites realizing it.

What about control ?
• British airways
• Ticketmaster
• NewEgg
• VisionDirect
More details: https://whotracks.me/blog/trackers-
who-steal.html

Are these problems hard to fix?
• Make sure all communication is over HTTPS.
• Private pages should have noindex meta tags.
• Limit the presence of third-party services on private pages.
• Referrer-Policy on pages with sensitive data.
• https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
• Implement CSP and SRI. Even with a huge footprint of third-party
services CSP, SRI are not enabled on majority of the websites.
• CSP: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
• SRI: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

Missing piece in the puzzle.
Ø Open Source & Free
Ø Supports multiple
platforms.
Ø Save & Replay
functionality.
Ø Some API to
configure, transform
data as desired.
Ø Supports Python.

Missing piece in the puzzle.
https://mitmproxy.org/

Mitmproxy - Setup
1. Install mitmproxy
• https://docs.mitmproxy.org/stable/overview-installation/
2. Configure it on client
3. One time configuration of installing the mitmproxy CA certificate
• https://docs.mitmproxy.org/stable/concepts-certificates/
4. Trust the certificate.

Mitmproxy - Setup
https://docs.mitmproxy.org/stable/concepts-howmitmproxyworks/

Mitmproxy – Python API
https://github.com/mitmproxy/mitmproxy/tree/v4.x/examples/

Babel: Network analysis framework
Step 1: Convert mitm flow into JSON. Similar
to HAR format.

Babel: Network analysis framework
Step 2: Classify calls as first party and third-party.

Babel: Network analysis framework
Step 3: Who maxymiser.net belongs too. Done via
locally shipped copy of whotracks.me dataset.

Babel: Network analysis framework
Step 4: Grade on security and privacy headers.
Using library from
https://github.com/mozilla/http-observatory

Babel: Network analysis framework
Step 5: Hook up geo-ip database to list where the
server is hosted. This is important in terms of data
processing agreements that companies have.

Babel: Network analysis framework
Step 6: Introspection tool. To play with this
processed data.

Next Steps & Resources
• Security header analysis
• DLP based detection of sensitive data
• Open-source Babel
• Browser extension is already open-sourced: https://github.com/cliqz-oss/local-sheriff/
• Help organizations set-up Babel in testing phase as an audit tool.

Organizations with digital products that lack even the most basic data
security practices are living in a utopian world where people leave their
safe open and never expect a burglar to walk in.
- https://twitter.com/pi_modi
Konark Modi
Twitter: @konarkmodi
Blog: https://medium.com/@konarkmodi

Weitere ähnliche Inhalte

Ähnlich wie PyConWeb - 2019 Auditing websites & apps for privacy leaks.

Scripting extends ForgeRock products in a powerful way, both for deployers as well as developers. For OpenAM, deployers can embed the ssoadm command line utility in comprehensive shells scripts for ultra fast deployments and configurations. Developers can use scripts for client-side and server-side authentication, policy conditions, and handling OpenID Connect claims. In OpenIDM, scripting allows you to customize various aspects of OpenIDM functionality, by providing custom logic between source and target mappings, defining correlation rules, filters, triggers, and more. Webinar Highlights: Scripting The ForgeRock Platform Q&A Join Anders Askåsen, Senior Technical Product Manager, and Javed Shah, Senior Sales Engineer, as they highlight the concepts and show examples and best practices for scripting with the ForgeRock Identity Platform.

Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting

ForgeRock

TheWriteID is a work in progress, both as a technical solution and as a commercial offer. It aims to be the identity layer on top of the internet with the sole and only goal to regain control over one’s online and digital identity by extracting it from current networks & services. The best part of TheWriteID is that the data is encrypted locally so we can’t read out the identity data itself, unless a user decides to share it. We aim to make true identity manageable and re-usable for other networks and services, by introducing variable personas. In essence, we wonder how we can evolve from an internet of connected devices to a truly internet of connected people? TheWriteID aims to get us from the era of connected contexts to one where users are free to handle their identity and all its slight variations with who they want/like/decide. Digital identity, as it could have been: www.TheWriteID.com.

TheWriteId > components

Tim De Coninck

API, Integration, and SOA Convergence

Kasun Indrasiri

Android Penetration Testing - Day 3

Mohammed Adam

Using Blockchain to Increase Supply Chain Transparency

Horea Porutiu

Pentesting Android Applications

Cláudio André

Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...

Cloud Security Alliance Lviv Chapter

This slide deck goes into detail about the main concepts in Hyperledger Fabric - peers, orderer, certificate authority, and channels. We talk about chaincode, and go into details about modeling a network which involves putting cars on an auction. I end with a demo of the IBM Blockchain Platform, and give you links to get a free 1-month trial of the Starter Plan Blockchain service on the IBM Blockchain Platform.

Hyperleger Fabric Workshop - Denver Blockchain Week

Horea Porutiu

Webinar–Reviewing Modern JavaScript Applications

Synopsys Software Integrity Group

DLT analytics and AI workshop 13 march 2019

Stavros Zervoudakis

ORCID API in Action (A. Wrigley)

ORCID, Inc

Internet of Things and Edge Compute at Chick-fil-A

Brian Chambers

Breaches are at all time high. In this webinar learn the do's and don't of handling breach disclosure. Best practices of how to set up a bounty program . How to respond to responsible disclosures? Do's and Don'ts and learning from the industry. Key Points To Be Discussed: -How to build a vulnerability disclosure program? -What are various types of vulnerability disclosures programs? -When and when NOT to have a bug bounty program? -Do's and Don'ts for handling a breach disclosure

How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...

Priyanka Aash

What is Web Scraping and What is it Used For? | Definition and Examples EXPLAINED For More details Visit - https://hirinfotech.com About Web scraping for Beginners - Introduction, Definition, Application and Best Practice in Deep Explained What is Web Scraping or Crawling? and What it is used for? Complete introduction video. Web Scraping is widely used today from small organizations to Fortune 500 companies. A wide range of applications of web scraping a few of them are listed here. 1. Lead Generation and Marketing Purpose 2. Product and Brand Monitoring 3. Brand or Product Market Reputation Analysis 4. Opening Mining and Sentimental Analysis 5. Gathering data for machine learning 6. Competitor Analysis 7. Finance and Stock Market Data analysis 8. Price Comparison for Product or Service 9. Building a product catalog 10. Fueling Job boards with Job listings 11. MAP compliance monitoring 12. Social media Monitor and Analysis 13. Content and News monitoring 14. Scrape search engine results for SEO monitoring 15. Business-specific application ------------ Basics of web scraping using python Python Scraping Library

What is web scraping?

Brijesh Prajapati

ALT-F1.BE : The Accelerator (Google Cloud Platform)

Abdelkrim Boujraf

When dealing with modern JavaScript applications, many penetration testers approach from an ‘out-side-in’ perspective, this is approach often misses security issues in plain sight. This talk will attempt to demystify common JavaScript issues which should be better understood/identified during security reviews. We will discuss reviewing applications in code-centric manner by using freely available tools to help start identifying security issues through processes such as linting and dependency auditing.

OWASP SF - Reviewing Modern JavaScript Applications

Lewis Ardern

API SECURITY

Tubagus Rizky Dharmawan

Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats

SBWebinars

FBI & Secret Service- Business Email Compromise Workshop

Ernest Staats

Privacy. Winter School on “Topics in Digital Trust”. IIT Bombay

IIIT Hyderabad

Ähnlich wie PyConWeb - 2019 Auditing websites & apps for privacy leaks. (20)

Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting

TheWriteId > components

API, Integration, and SOA Convergence

Android Penetration Testing - Day 3

Using Blockchain to Increase Supply Chain Transparency

Pentesting Android Applications

Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...

Hyperleger Fabric Workshop - Denver Blockchain Week

Webinar–Reviewing Modern JavaScript Applications

DLT analytics and AI workshop 13 march 2019

ORCID API in Action (A. Wrigley)

Internet of Things and Edge Compute at Chick-fil-A

How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...

What is web scraping?

ALT-F1.BE : The Accelerator (Google Cloud Platform)

OWASP SF - Reviewing Modern JavaScript Applications

API SECURITY

Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats

FBI & Secret Service- Business Email Compromise Workshop

Privacy. Winter School on “Topics in Digital Trust”. IIT Bombay

Kürzlich hochgeladen

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service

Delhi Call girls

Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R. Why you Choose Us- +91-8264348440 I Have Extremely Beautiful Broad Minded Cute Sexy & Hot Call Girls Delhi and Escorts, We Are Located in 3* 4* 5* Hotels. Safe & Secure High Class Services Affordable Rate 100% Satisfaction, Unlimited Enjoyment. Any Time for Model/Teens Escort in Delhi High class luxury and premium escorts agency. ★ CALL US High Class Luxury and Premium Escort Service We Provide Well Educated,Royal Class Female,High-Class Escort Service Offering a Top High Class Escort Service In The & Several Nearby All Places of . ★ To Enjoy With Hot and Sexy Girls . ★ We Are Providing :- • 3* 5* 7*Hotels Service • Hygienic Full AC Neat and Clean Rooms Avail. • Daily New Escorts Staff Available • Minimum to Maximum Range Available. Our escort service •BJ (Blowjob) •FK (French kissing) •Kissing with tongue •O-Level (Oral sex) •Long Silky Brown Hair •69 (69 sex) •A-Level (5 start Escort) •Dating

Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.

soniya singh

Slides from a workshop exploring "Moving Beyond Twitter/X and Facebook - Social Media for local news providers" This presentation outlines social media habits in the US (and globally) and offers suggestions for how local newsrooms can tap into them. The presentation features key data, user case studies and recommendations for new things to try out. The presentation was part of the New York Press Association's 2024 spring conference. https://nynewspapers.com/2024-nypa-spring-conference/

Moving Beyond Twitter/X and Facebook - Social Media for local news providers

Damian Radcliffe

Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available 24 Hours In All City Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔$V15 ✔✔To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...

SUHANI PANDEY

Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R. Why you Choose Us- +91-8264348440 I Have Extremely Beautiful Broad Minded Cute Sexy & Hot Call Girls Delhi and Escorts, We Are Located in 3* 4* 5* Hotels. Safe & Secure High Class Services Affordable Rate 100% Satisfaction, Unlimited Enjoyment. Any Time for Model/Teens Escort in Delhi High class luxury and premium escorts agency. ★ CALL US High Class Luxury and Premium Escort Service We Provide Well Educated,Royal Class Female,High-Class Escort Service Offering a Top High Class Escort Service In The & Several Nearby All Places of . ★ To Enjoy With Hot and Sexy Girls . ★ We Are Providing :- • 3* 5* 7*Hotels Service • Hygienic Full AC Neat and Clean Rooms Avail. • Daily New Escorts Staff Available • Minimum to Maximum Range Available. Our escort service •BJ (Blowjob) •FK (French kissing) •Kissing with tongue •O-Level (Oral sex) •Long Silky Brown Hair •69 (69 sex) •A-Level (5 start Escort) •Dating {{{N.M}}} 30-04-2024

Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.

soniya singh

VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking Escorts Service Available Whatsapp SABANA ☎️ : [+91-7001035870] Escorts Service are always ready to make their clients happy. Their exotic looks and sexy personalities are sure to turn heads. You can enjoy with them, including massages and erotic encounters. Our area Escorts are young and sexy, so you can expect to have an exotic time with them. They are trained to satiate your naughty nerves and they can handle anything that you want. They are also intelligent, so they know how to make you feel comfortable and relaxed Independent Escorts Service They know all the sex positions and can satisfy you in any way that you desire. They can even give you erotic massages to help you relax before your session. This is essential, because a man who is stressed won’t be receptive to the pleasures of sex. They also know how to play with your sexy organs, so you’ll have plenty of foreplay and cuddling. P252024SS SERVICE ✅ ❣️ ⭐➡️HOT & SEXY MODELS // COLLEGE GIRLS HOUSE WIFE RUSSIAN , AIR HOSTES ,VIP MODELS . AVAILABLE FOR COMPLETE ENJOYMENT WITH HIGH PROFILE INDIAN MODEL AVAILABLE HOTEL & HOME ★ SAFE AND SECURE HIGH CLASS SERVICE AFFORDABLE RATE ★ SATISFACTION,UNLIMITED ENJOYMENT. ★ All Meetings are confidential and no information is provided to any one at any cost. ★ EXCLUSIVE PROFILes Are Safe and Consensual with Most Limits Respected ★ Service Available In: - HOME & HOTEL Star Hotel Service .In Call & Out call SeRvIcEs : ★ A-Level (star escort) ★ Strip-tease ★ BBBJ (Bareback Blowjob)Receive advanced sexual techniques in different mode make their life more pleasurable. ★ Spending time in hotel rooms ★ BJ (Blowjob Without a Condom) ★ Completion (Oral to completion) ★ Covered (Covered blowjob Without condom ★ANAL SERVICES.

VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking

dharasingh5698

VIP Model Call Girls Hadapsar ( Pune ) Call ON 8005736733 Starting From 5K to 25K High Profile Escorts In Pune Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 (V030524]N) 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...

singhpriety023

Call Girls Dubai Dubai Call Girls Agency Vip Call Girls Dubai Hot Call Girls Dubai Out Call Girls Dubai Best Call Girls Dubai Indian And Pakistani Call Girls Dubai Independent Call Girls Dubai Dubai Indian Call Girls Agency Class Call Girls In Dubai #First Class Call Girls In Dubai #Full Massage Services Call Girls In Dubai Full Night Call Girls Dubai Hourly Call Girls Dubai Call Girls Deira Dubai Dating Call Girls In Deira Dubai Silicon Oasis Call Girls Dubai International City Call Girls Dubai Al Jaddaf Al Satwa Al Quoz Al Barsha South Media City Discovery Garden Call Girls Dubai Al Jaffiliya,Business Bay,Al Karama,Bur Dubai,Deira,Dubai,Palm Jumeirah,Al Wasl,Trade Centre,Dubai Mall,JBR,JVC,JLT,Discovery Garden Al Nahda Call Girls Dubai Al Qusais Call Girls Dubai Dating Call Girls Dubai Dubai Call Girls Services Provide In Ajman_Dubai_RAK_UMQ_Fujairah_Abu_Dhabi#Indian #Tamil #Kerala #Russian #Philippine #Morocco #Thailand #English Models In Dubai #If You Want Serv#Dubai Pakistani Call Girls Agency #Beautiful Call Girls in Dubai #High ices Just Send Me Text On Whatsapp #

Al Barsha Night Partner +0567686026 Call Girls Dubai

Escorts Call Girls

Real Men Wear Diapers T Shirts sweatshirt

rahman018755

(Vivek)Call Us, 8448380779,Call girls in Delhi NCr – We Offer best in class call girls. escort Service At Affordable Price At low Rate with Space Night 8000 We Are One Of The Oldest Escort and Call girls Agencies in Delhi. You Will Find That Our Female Escorts Are Full Of Fun, Sexy And They Would Love Enjoy Your Company. We Have A Fantastic Selection Of Escort Ladies Available For In-Calls As Well As Out-Calls. Our Escorts Are Not Only Beautiful But All Have Great Personalities Making Them The Perfect Companion For Any Occasion. In-Call:- You Can Come At Our Place in Delhi Our place Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call:- You have To Come Pick The Girl From My Place We Are Also Provide Door Step Services (Delhi Ncr, Noida, Gurgaon, Faridabad, Ghaziabad Note:- Pic Collectors Time Passers Bargainers Stay Away As We Respect The Value For Your Money Time And Expect The Same From You Hygienic:- Full Ac room And Clean Rooms Available In Hotel 24 * 7 Hourly In Delhi NCR More Details, With WhatsApp Number, +91-8448380779

WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)

Delhi Call girls

Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Class Independent Escorts service Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔$V15 ✔✔To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...

SUHANI PANDEY

Russian Call Girls in %(+971524965298 )# Call Girls in Dubai

Dubai call girls 971524965298 Call girls in Bur Dubai

APNIC Updates presented by Paul Wilson at ARIN 53

APNIC

Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For Sex At Your Doorstep Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 02-may-2024(v.n)

Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...

tanu pandey

Call girls in delhi ✔️✔️🔝 9953056974 🔝✔️✔️Welcome To Vip Escort Services In Delhi [ ]Noida Gurgaon 24/7 Open Sex Escort Services With Happy Ending ServiCe Done By Most Attractive Charming Soft Spoken Bold Beautiful Full Cooperative Independent Escort Girls ServiCe In All-Star Hotel And Home Service In All Over Delhi, Noida, Gurgaon, Faridabad, Ghaziabad, Greater Noida, • IN CALL AND OUT CALL SERVICE IN DELHI NCR • 3* 5* 7* HOTELS SERVICE IN DELHI NCR • 24 HOURS AVAILABLE IN DELHI NCR • INDIAN, RUSSIAN, PUNJABI, KASHMIRI ESCORTS • REAL MODELS, COLLEGE GIRLS, HOUSE WIFE, ALSO AVAILABLE • SHORT TIME AND FULL TIME SERVICE AVAILABLE • HYGIENIC FULL AC NEAT AND CLEAN ROOMS AVAIL. IN HOTEL 24 HOURS • DAILY NEW ESCORTS STAFF AVAILABLE • MINIMUM TO MAXIMUM RANGE AVAILABLE. Call Girls in Delhi & Independent Escort Service – CALL GIRLS SERVICE DELHI NCR Vip call girls in Delhi Call Girls in Delhi, Call Girl Service 24×7 open Call Girls in Delhi Best Delhi Escorts in Delhi Low Rate Call Girls In Saket Delhi X~CALL GIRLS IN Ramesh Nagar Metro best Delhi call girls and Delhi escort service. CALL GIRLS SERVICE IN ALL DELHI … (Delhi) Call Girls in (Chanakyapuri) Hot And Sexy Independent Model Escort Service In Delhi Unlimited Enjoy Genuine 100% Profiles And Trusted Door Step Call Girls Feel Free To Call Us Female Service Hot Busty & Sexy Party Girls Available For Complete Enjoyment. We Guarantee Full Satisfaction & In Case Of Any Unhappy Experience, We Would Refund Your Fees, Without Any Questions Asked. Feel Free To Call Us Female Service Provider Hours Opens Thanks. Delhi Escorts Services 100% secure Services.Incall_OutCall Available and outcall Services provide. We are available 24*7 for Full Night and short Time Escort Services all over Delhi NCR. Delhi All Hotel Services available 3* 4* 5* Call Call Delhi Escorts Services And Delhi Call Girl Agency 100% secure Services in my agency. Incall and outcall Services provide. We are available 24*7 for Full Night and short Time Escort Services my agency in all over New Delhi Delhi All Hotel Services available my agency SERVICES [✓✓✓] Housewife College Girl VIP Escort Independent Girl Aunty Without a Condom sucking )? Sexy Aunty.DSL (Dick Sucking Lips)? DT (Dining at the Toes English Spanking) Doggie (Sex style from no behind)?? OutCall- All Over Delhi Noida Gurgaon 24/7 FOR APPOINTMENT Call/Whatsop / 9953056974

Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service

9953056974 Low Rate Call Girls In Saket, Delhi NCR

VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff And Reasonable Packages Near You Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔$V15 ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...

SUHANI PANDEY

Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha Thakur Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔$V15 ✔✔To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...

SUHANI PANDEY

Call Girls Ajman Ajman Call Girls Agency Vip Call Girls Ajman Hot Call Girls Ajman Out Call Girls Ajman Best Call Girls Ajman Indian And Pakistani Call Girls Ajman Independent Call Girls Ajman Ajman Indian Call Girls Agency Class Call Girls In Ajman #First Class Call Girls In Ajman #Full Massage Services Call Girls In Ajman Full Night Call Girls Ajman Hourly Call Girls Ajman Call Girls Deira Ajman Dating Call Girls In Deira Ajman Silicon Oasis Call Girls Ajman International City Call Girls Ajman Al Jaddaf Al Satwa Al Quoz Al Barsha South Media City Discovery Garden Call Girls Ajman Al Jaffiliya,Business Bay,Al Karama,Bur Dubai,Deira,Dubai,Palm Jumeirah,Al Wasl,Trade Centre,Ajman Mall,JBR,JVC,JLT,Discovery Garden Al Nahda Call Girls Ajman Al Qusais Call Girls Ajman Dating Call Girls Ajman Ajman Call Girls Services Provide In Ajman_Dubai_RAK_UMQ_Fujairah_Abu_Dhabi#Indian #Tamil #Kerala #Russian #Philippine #Morocco #Thailand #English Models In Ajman #If You Want Serv#Ajman Pakistani Call Girls Agency #Beautiful Call Girls in Ajman #High ices Just Send Me Text On Whatsapp #

(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...

Escorts Call Girls

Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available

Seo

VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking Escorts Service Available Whatsapp SABANA ☎️ : [+91-7001035870] Escorts Service are always ready to make their clients happy. Their exotic looks and sexy personalities are sure to turn heads. You can enjoy with them, including massages and erotic encounters. Our area Escorts are young and sexy, so you can expect to have an exotic time with them. They are trained to satiate your naughty nerves and they can handle anything that you want. They are also intelligent, so they know how to make you feel comfortable and relaxed Independent Escorts Service They know all the sex positions and can satisfy you in any way that you desire. They can even give you erotic massages to help you relax before your session. This is essential, because a man who is stressed won’t be receptive to the pleasures of sex. They also know how to play with your sexy organs, so you’ll have plenty of foreplay and cuddling. P252024SS SERVICE ✅ ❣️ ⭐➡️HOT & SEXY MODELS // COLLEGE GIRLS HOUSE WIFE RUSSIAN , AIR HOSTES ,VIP MODELS . AVAILABLE FOR COMPLETE ENJOYMENT WITH HIGH PROFILE INDIAN MODEL AVAILABLE HOTEL & HOME ★ SAFE AND SECURE HIGH CLASS SERVICE AFFORDABLE RATE ★ SATISFACTION,UNLIMITED ENJOYMENT. ★ All Meetings are confidential and no information is provided to any one at any cost. ★ EXCLUSIVE PROFILes Are Safe and Consensual with Most Limits Respected ★ Service Available In: - HOME & HOTEL Star Hotel Service .In Call & Out call SeRvIcEs : ★ A-Level (star escort) ★ Strip-tease ★ BBBJ (Bareback Blowjob)Receive advanced sexual techniques in different mode make their life more pleasurable. ★ Spending time in hotel rooms ★ BJ (Blowjob Without a Condom) ★ Completion (Oral to completion) ★ Covered (Covered blowjob Without condom ★ANAL SERVICES.

VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking

dharasingh5698

Kürzlich hochgeladen (20)

Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service

Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.

Moving Beyond Twitter/X and Facebook - Social Media for local news providers

Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...

Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.

VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking

VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...

Al Barsha Night Partner +0567686026 Call Girls Dubai

Real Men Wear Diapers T Shirts sweatshirt

WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)

Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...

Russian Call Girls in %(+971524965298 )# Call Girls in Dubai

APNIC Updates presented by Paul Wilson at ARIN 53

Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...

Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service

VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...

Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...

(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...

Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available

VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking

PyConWeb - 2019 Auditing websites & apps for privacy leaks.

1. Konark Modi, Tech Lead – Cliqz GmbH @konarkmodi What do travel, food & health websites have in common? Auditing websites & apps for privacy leaks

4. https://www.scribd.com/

6. https://giphy.com/gifs/cat-funny-5tSvsYJl4T4fC

7. Legit use cases for third-parties. • Web analytics • Content delivery network • On- and offsite user journey and conversion tracking • App performance • Audience measurement • Goal conversions • Content recommendation • Social sharing

8. @konarkmodi

9. Sample implementation of third-party

10. October ‘17

11. Source: https://twitter.com/sofipros

12.

13.

14.

15.

16. API making it easy to consume data

17. More details: https://medium.freecodecamp.org/how-airlines-dont-care-about-your-privacy-case-study-emirates-com-6271b3b8474b

18. Tell Tale URLs “ A URL which contains sensitive data or can lead you to a page which contains sensitive information. “

19. Identifying leaks #1

20. Identifying leaks #1 ~7 third-parties with whom this information was shared

21. Identifying leaks #2 Foodora leaking address details to 18 third-party domains.

22. Identifying leaks #3

23. Identifying leaks #3 Spotify leaking oAuth token to ~12 third-party domains.

24. Identifying leaks #4

25.

26. Risks of Tell Tale URLs #1 • Websites are clearly leaking sensitive PII to plethora of third-parties.

27. Risks of Tell Tale URLs #2 • Websites are clearly leaking sensitive PII to plethora of third-parties. • More often without users’ consent.

28. Risks of Tell Tale URLs #3 • Websites are clearly leaking sensitive PII to plethora of third-parties. • More often with users’ consent. • More dangerously without the websites realizing it.

29. What about control ?

30. What about control ?

31. What about control ? • British airways • Ticketmaster • NewEgg • VisionDirect More details: https://whotracks.me/blog/trackers- who-steal.html

32. Are these problems hard to fix? • Make sure all communication is over HTTPS. • Private pages should have noindex meta tags. • Limit the presence of third-party services on private pages. • Referrer-Policy on pages with sensitive data. • https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy • Implement CSP and SRI. Even with a huge footprint of third-party services CSP, SRI are not enabled on majority of the websites. • CSP: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP • SRI: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

33. Missing piece in the puzzle.

34. Missing piece in the puzzle. Ø Open Source & Free Ø Supports multiple platforms. Ø Save & Replay functionality. Ø Some API to configure, transform data as desired. Ø Supports Python.

35. Missing piece in the puzzle. https://mitmproxy.org/

36. Mitmproxy - Setup 1. Install mitmproxy • https://docs.mitmproxy.org/stable/overview-installation/ 2. Configure it on client 3. One time configuration of installing the mitmproxy CA certificate • https://docs.mitmproxy.org/stable/concepts-certificates/ 4. Trust the certificate.

37. Mitmproxy - Setup https://docs.mitmproxy.org/stable/concepts-howmitmproxyworks/

38. Demo #1

39. mitmproxy - Advanced Usage

40. Mitmproxy – Python API https://github.com/mitmproxy/mitmproxy/tree/v4.x/examples/

41. Babel: Network analysis framework Step 1: Convert mitm flow into JSON. Similar to HAR format.

42. Babel: Network analysis framework Step 2: Classify calls as first party and third-party.

43. Babel: Network analysis framework Step 3: Who maxymiser.net belongs too. Done via locally shipped copy of whotracks.me dataset.

44. Babel: Network analysis framework Step 4: Grade on security and privacy headers. Using library from https://github.com/mozilla/http-observatory

45. Babel: Network analysis framework Step 5: Hook up geo-ip database to list where the server is hosted. This is important in terms of data processing agreements that companies have.

46. Babel: Network analysis framework Step 6: Introspection tool. To play with this processed data.

47. Demo #2

48. Next Steps & Resources • Security header analysis • DLP based detection of sensitive data • Open-source Babel • Browser extension is already open-sourced: https://github.com/cliqz-oss/local-sheriff/ • Help organizations set-up Babel in testing phase as an audit tool.

49. Offline discussion

50. Organizations with digital products that lack even the most basic data security practices are living in a utopian world where people leave their safe open and never expect a burglar to walk in. - https://twitter.com/pi_modi Konark Modi Twitter: @konarkmodi Blog: https://medium.com/@konarkmodi

PyConWeb - 2019 Auditing websites & apps for privacy leaks.

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Ähnlich wie PyConWeb - 2019 Auditing websites & apps for privacy leaks.

Ähnlich wie PyConWeb - 2019 Auditing websites & apps for privacy leaks. (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

PyConWeb - 2019 Auditing websites & apps for privacy leaks.