From 00c8900bb3298a5527b31876d3d1616636e44578 Mon Sep 17 00:00:00 2001 From: Mike Gerwitz Date: Thu, 9 Mar 2017 05:20:33 -0500 Subject: [PATCH] slides.org (The Web): Draft slides --- slides.org | 60 +++++++++++++++++++++++++++++------------------------- 1 file changed, 32 insertions(+), 28 deletions(-) diff --git a/slides.org b/slides.org index ef59d31..36a9770 100644 --- a/slides.org +++ b/slides.org @@ -868,20 +868,20 @@ It's just what it sounds like: #+END_COMMENT -**** DEVOID Alarmingly Effective +**** LACKING Alarmingly Effective :PROPERTIES: :DURATION: 00:03 :BEAMER_env: fullframe :END: -- TODO +- Panopticlick (EFF)\cite{panopti:about} +- JavaScript opens up a world of possibilities +- Clearing cookies et al. won't always help +- Can even track separate browsers on the same box #+BEGIN_COMMENT It's alarmingly effective. -<> - -<> Some methods allow fingerprinting even if the user uses multiple browsers and takes care to clear all session data. They can do this by effectively breaking out of the browser's sandbox by @@ -889,24 +889,22 @@ They can do this by effectively breaking out of the browser's sandbox by #+END_COMMENT -**** DEVOID Browser Addons -:PROPERTIES: -:DURATION: 00:01 -:END: - -- TODO +**** DRAFT User Agent +- <1-> User agents can leak a lot of information + - <1-> ~18 bits in my browser on GNU/Linux, 1/~250,000 +- <2-> Tor Browser\cite{panopti:about} #+BEGIN_COMMENT -(Merge into other sections?) - -So how do we avoid this type of tracking? - -<>. +Your browser's user agent is a string that it sends with every request + identifying itself and some of its capabilities. +It can be surprisingly unique. +When I tested a Firefox browser on GNU/Linux, + I was unique out of nearly 250,000 users. #+END_COMMENT -*** LACKING Anonymity [0/4] -**** LACKING Summary :B_fullframe: +*** DRAFT Anonymity [0/4] +**** DRAFT Summary :B_fullframe: :PROPERTIES: :DURATION: 00:01 :BEAMER_env: fullframe @@ -922,11 +920,13 @@ In the former case, current session. #+END_COMMENT -***** TODO Anonymity -Foo +***** Anonymity +Origin is unknown to server; no unique identifier known by +server\incite{whonix:donot} -***** TODO Pseudonymity -Bar +***** Pseudonymity +Origin is unknown to server; unique identifier /is available/ to +server\incite{whonix:donot} **** DRAFT IANAAE :B_fullframe: @@ -948,13 +948,14 @@ I provide a number of resources to get you started. #+END_COMMENT -**** DEVOID The Tor Network +**** DRAFT The Tor Network :PROPERTIES: :DURATION: 00:01 :END: -- The Onion Router (Tor) -- ... +- The Onion Router (Tor)\cite{tor} +- Helps defend against traffic analysis +- (Routing image) #+BEGIN_COMMENT Most here have probably heard of Tor. @@ -980,18 +981,21 @@ There are lots of other details that I don't have time to get to here, #+END_COMMENT -**** DEVOID TorBrowser, Tails, and Whonix +**** DRAFT TorBrowser, Tails, and Whonix :PROPERTIES: :DURATION: 00:02 :END: -- TODO +- <1-> Tor alone isn't enough +- <1-> Browser needs to be hardened + - <2-> TorBrowser is a hardened Firefox derivative +- <1-> Operating System needs to be hardened + - <2-> Tails, Whonix #+BEGIN_COMMENT Tor alone isn't enough to secure your anonymity. It's hard to secure a web browser. - TorBrowser is a hardened version of Firefox. The Tor browser recommends that you don't rely on a vanilla Firefox for