Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Securing Your Privacy
1. Credera is a full-service management and
technology consulting firm. Our clients range
from Fortune 1,000 companies to emerging
industry leaders. We provide expert, objective
advice to help solve complex business and
technology challenges.
Dallas Office
15303 Dallas Parkway
Suite 300
Addison, TX 75001
Houston Office
800 Town & Country Blvd
Suite 300
Houston, TX 77024
Austin Office
9020 N Capital of Texas Hwy
Suite 345
Austin, TX 78759
Denver Office
5445 DTC Parkway
Suite 1040
Greenwood Village, CO 80111
972.692.0010 Phone
972.692.0019 Fax
713.496.0711 Phone
713.401.9650 Fax
512.327.1112 Phone
512.233.0844 Fax
303.623.1344 Phone
303.484.4577 Fax
2. Securing Your Privacy
Dallas, TX
July 9, 2013
Dallas Web Security Group
Josh Hamit
Discussion document – Strictly Confidential & Proprietary
3. Agenda …
How can I preserve my privacy?
Introductions
Why Privacy Matters
Strategies to Protect Privacy
Ways to Execute Privacy Strategies
Internet Browsing
Mobile Usage
Emails
Data Storage
Q&A
Dallas Web Security Group
7/9/13
3
5. Introductions…
Dustin Talk and Josh Hamit (both not Anonymous)
Josh Hamit
Joshua Hamit is a Consultant in the Custom Java Development Practice at Credera. He earned
his B.B.A in Management Information Systems from Baylor University. Joshua has several years
experience designing and implementing technology solutions utilizing a broad range of
technologies while adhering to industry best practices. While at Credera, he has lead the design
and implementation of multiple single sign-on authentication systems, enterprise integrations,
complex UI solutions, analytic tracking pixels, and mobile web applications.
Past Presentations:
Addressing Top Security Threats in Web Applications
Addressing Cross-Cutting Concerns with AOP
Functional Testing with Geb
Stripe’s Capture The Flag #2
Dallas Web Security Group
7/9/13
5
7. Why Privacy Matters…
Privacy does NOT equal secrecy.
Nothing-to-hide argument - https://chronicle.com/article/Why-Privacy-Matters-Even-if/127461/
Bill of Rights
1 Freedom of Speech, Press, Religion and Petition
2 Right to keep and bear arms
4 Protections against search and seizure
5 Provisions concernng prosecution
Businesses, wrongful imprisonment, hackers, foreign governments
No fly list, no buy list (OFAC)- http://www.treasury.gov/ofac/downloads/sdnlist.txt
Invoke 5th amendment - http://www.cato.org/blog/salinas-vtexas?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Cato-atliberty+%28Cato+at+Liberty%29
Examples - -http://www.zeit.de/datenschutz/malte-spitz-data-retention
https://docs.google.com/spreadsheet/ccc?key=0An0YnoiCbFHGdGp3WnJkbE4xWTdDTVV0ZDlQeWZ
mSXc&authkey=COCjw-kG&hl=en_GB&authkey=COCjw-kG#gid=0
Texas teen jailed over joke in FB comment http://www.theregister.co.uk/2013/07/08/texas_teen_jailed_for_facebook_comment/
Dallas Web Security Group
7/9/13
7
9. Strategies to Protect Privacy…
There's more than one way to protect your privacy. Don't get pigeon-holed into a
solution.
Encryption
Misinformation
Stenography
Port-knocking
Crowd-sourcing
Other Alternatives
Dallas Web Security Group
7/9/13
9
11. Ways to Execute Privacy Strategies … Internet Browsing ...
It's important to understand the different layers involved in browsing and useful
tools to help manage them.
Browser Tools
AdBlock, Ghostery, Etc...
Misinformation - http://adage.com/article/privacy-and-regulation/student-projectkill-digital-ad-targeting/242955/
Network Stack
Proxies
SSH Tunnels
VPN
Resources
https://www.eff.org/pages/tor-and-https
https://github.com/rossjones/alternative-internet
Dallas Web Security Group
7/9/13
11
13. Ways to Execute Privacy Strategies … Emails ...
Different techniques to secure your emails should be used depending on your
requirements.
Asymmetric Cryptography http://arstechnica.com/security/2013/06/encrypted-e-mail-how-muchannoyance-will-you-tolerate-to-keep-the-nsa-away
Disposable Inboxes
Remailers
Type 1
- Pseudonymous - can be replied to
- Cypherpunk - no address from
Type 2 (mixmaster)
- Fixed size packets and reorders them
Type 3 (mixminion)
- mix network
- support SURBs (single use reply block)
Dallas Web Security Group
7/9/13
13
15. Ways to Execute Privacy Strategies … Mobile Usage ...
It's important to understand the different layers involved in browsing and useful
tools to help manage them.
Who's Listening?
Businesses http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html?source=h
n#Analysis1
Government http://online.wsj.com/article_email/SB1000142412788732387390457857189375
8853344-lMyQjAxMTAzMDAwODEwNDgyWj.html
Ways to prevent tracking
Obtaining phone
Obtaining service
Operating Systems http://en.wikipedia.org/wiki/Comparison_of_mobile_operating_systems
Calls, texts, data, applications - https://www.whispersystems.org/
Use technology to your advantage!
https://play.google.com/store/search?q=call+recorder
Dallas Web Security Group
7/9/13
15
17. Ways to Execute Privacy Strategies … Mobile Usage ...
It's important to understand the different layers involved in browsing and useful
tools to help manage them.
“Secure” Clouds
Personal Swiss Data Bank http://www.washingtonpost.com/business/technology/after-prism-reports-swissdata-bank-sees-boost/2013/07/08/cc8dfe14-e569-11e2-aef3339619eab080_story.html
Personal Clouds
Cozycloud - https://demo.cozycloud.cc/#home
Own Cloud - https://owncloud.org/
Test the services you use (even if you're not a “hacker”)
https://cloudsweeper.cs.uic.edu/
Dallas Web Security Group
7/9/13
17
19. Conclusion …
Develop your own privacy strategy and execute it.
“You can't buy security”
- Frank Herbert
https://www.eff.org
https://prism-break.org
Dallas Web Security Group
7/9/13
19