1.
Reigning InThe Data
The Need for “Ephemeral” Content
And the Social Impacts of the Privacy
Crisis In the Post-Snowden Era
FOSSCON 2014 Andrew Schwabe

2.
A Copy of this Presentation
• Will be linked via twitter:
• Follow me at @aschwabe
• Posted on my blog: PainInTheApps.com

3.
Background
• Tech Entrepreneur
• 20 yrs in Encryption + Data Security
• Mobile, Social, Privacy focus now
• Assisted FBI for online predator hunts
• Founder of Point.io
• Hackr #001 at new startup: STASH
• Privacy + OSS Advocate

4.
• LaunchedAugust 2014
• First announced at FOSSCON!
• The worlds first peer-validation
ephemeral messaging platform
• http://Stash.My

5.
Ahhhhh the Internet!

6.
Ignorance *was* bliss
• A smartphone was just a phone with
email and junk and stuff
• We didn’t care if our kids uploaded pictures and shared
where they were during the day (every day?)
• We didn’t think twice about emailing sensitive or
private stuff to ourselves or friends, even in gmail…

7.
Then…

8.
1.2 Billion Usernames and passwords compromised

9.
Welcome to a new Era!

10.
Used to be…
…the government would protect your privacy

11.
and stealing your secrets…
…took effort and some paper moon trickery…
<Cthon98> hey, if you type in your pw, it will
show as stars
<Cthon98> ********* see!
<AzureDiamond> hunter2
<AzureDiamond> doesnt look like stars to me
<Cthon98> <AzureDiamond> *******
<Cthon98> thats what I see
<AzureDiamond> oh, really?
<Cthon98> Absolutely
…
<AzureDiamond> oh, ok.

12.
SoWhat Happened???
• Mobile devices got powerful and complex
• Social media exploded onto the scene
• Consumerization of IT
• … and we didn’t know what was going on…

13.
The Privacy Crisis
• We can at least be concerned that the NSA
have cracked and monitor:
– SSL (HTTPS) website activity
– RSA encryption certificates (public/private keys)
– 4G mobile networks (voice and data)
– VoIP voice services
– And any websites/etc. that use the above

14.
NSA security coverage
• Means that they *can* (not will)
hack/monitor most of the services we rely on
daily
• These all use the same core security tech

15.
Google, Microsoft, other
email scans
What is next ?

16.
Data creation explosion
We are creating huge
amounts of digital
content, much of
which lives longer in
the cloud than we
intended or have use
for.

17.
Data creation
• A large portion of what we create will live on disk
somewhere beyond our use for it
• The last decade was spent schooling people on having
backups

18.
People know enough to be
concerned

19.
Google’s Right to be Forgotten

20.
We SHOULD…
• Be concerned about
– what gets shared
– with whom
– And how long it lasts

21.
Apps that are helping
• Snapchat
• Wickr
• Spideroak
• All focused on being a “place” where your
stuff is secure

22.
Ephemeral
• What does it mean?
• Origin: greek word “ephĕmeros”
• “lasting for a very short time”
• The new “bucket” for technology that
manages the life of digital content

23.
How does it help
• Personal privacy
• Corporate Risk
• Facebook vs snapchat models
• The opposite of Big Data ?

24.
Is it enough?
• The concept is still new
• People are building “apps” more than broad
sweeping “solutions”
• It doesn’t address the issue of being
monitored/collected by NSA/Others
(strong encryption)

25.
True anonymity ?
• Maybe the answer is anonymous
communication??
• Only available for *some* activity online
• Whistleblowers – do we want to enable
WikiLeaks and Snowdens ?
• But isn’t true anonymity the….

26.
Dark Side of the Internet

27.
Tools exist for anonymity
• “Leak” website lets you send untrackable anonymous emails.
– Inappropriate emails anybody ?
– Harrassment, abuse ?
• Tor lets you encrypt your web traffic and make you difficult to track
– Porn and pirated content
• Bitcoin exists to keep the banks out of your financial dealings
– Silk Road. BUSTED.

28.
But Still Enable Naughty Activity
• Gov’ts around the world cracking down on
porn and sex trafficking
• FBI InfectingTor users with Malware
• Google and Microsoft scan emails, etc. and
report questionable content to authorities
• Evil begets evil

29.
Accountability
• There is no way to make everybody behave
• As a global society we need new ways to
encourage law abiding netizens

30.
OMG I’m Scared
• What should I do?
– Know the risks
– Use technologies to protect yourself
– Don’t associate with those who don’t behave

31.
What we [might] need
(the Future?)
• Anonymous peer validation for data integrity
• Anonymous submissions to known entities
only for whistleblowing
• Social content stays social and never collected
for “Big Data”

32.
In Summary
• We are in a new era
• Keep Calm
• Stay Educated
• Don’t Share unless you know the risks
• Use the right tech for your security/privacy needs

33.
For Some Fun Reading
• “Cryptonomicon” by Neal Stephenson
– A futuristic take on:
– Underground Data Haven
– Anonymous Internet Banking
– Digital Gold Currency

34.
Q&A

35.
Thank you for coming!
• Presentation will be shared via twitter:
• Follow me at @aschwabe
• AND Posted on my blog: PainInTheApps.com