slides.org (The Web): Draft slides
parent
1c246e8628
commit
00c8900bb3
60
slides.org
60
slides.org
|
@ -868,20 +868,20 @@ It's just what it sounds like:
|
||||||
#+END_COMMENT
|
#+END_COMMENT
|
||||||
|
|
||||||
|
|
||||||
**** DEVOID Alarmingly Effective
|
**** LACKING Alarmingly Effective
|
||||||
:PROPERTIES:
|
:PROPERTIES:
|
||||||
:DURATION: 00:03
|
:DURATION: 00:03
|
||||||
:BEAMER_env: fullframe
|
:BEAMER_env: fullframe
|
||||||
:END:
|
:END:
|
||||||
|
|
||||||
- TODO
|
- Panopticlick (EFF)\cite{panopti:about}
|
||||||
|
- JavaScript opens up a world of possibilities
|
||||||
|
- Clearing cookies et al. won't always help
|
||||||
|
- Can even track separate browsers on the same box
|
||||||
|
|
||||||
#+BEGIN_COMMENT
|
#+BEGIN_COMMENT
|
||||||
It's alarmingly effective.
|
It's alarmingly effective.
|
||||||
|
|
||||||
<<general fingerprinting stuff>>
|
|
||||||
|
|
||||||
<<hardware-fingerprint>>
|
|
||||||
Some methods allow fingerprinting even if the user uses multiple browsers
|
Some methods allow fingerprinting even if the user uses multiple browsers
|
||||||
and takes care to clear all session data.
|
and takes care to clear all session data.
|
||||||
They can do this by effectively breaking out of the browser's sandbox by
|
They can do this by effectively breaking out of the browser's sandbox by
|
||||||
|
@ -889,24 +889,22 @@ They can do this by effectively breaking out of the browser's sandbox by
|
||||||
#+END_COMMENT
|
#+END_COMMENT
|
||||||
|
|
||||||
|
|
||||||
**** DEVOID Browser Addons
|
**** DRAFT User Agent
|
||||||
:PROPERTIES:
|
- <1-> User agents can leak a lot of information
|
||||||
:DURATION: 00:01
|
- <1-> ~18 bits in my browser on GNU/Linux, 1/~250,000
|
||||||
:END:
|
- <2-> Tor Browser\cite{panopti:about}
|
||||||
|
|
||||||
- TODO
|
|
||||||
|
|
||||||
#+BEGIN_COMMENT
|
#+BEGIN_COMMENT
|
||||||
(Merge into other sections?)
|
Your browser's user agent is a string that it sends with every request
|
||||||
|
identifying itself and some of its capabilities.
|
||||||
So how do we avoid this type of tracking?
|
It can be surprisingly unique.
|
||||||
|
When I tested a Firefox browser on GNU/Linux,
|
||||||
<<Talk about browser addons>>.
|
I was unique out of nearly 250,000 users.
|
||||||
#+END_COMMENT
|
#+END_COMMENT
|
||||||
|
|
||||||
|
|
||||||
*** LACKING Anonymity [0/4]
|
*** DRAFT Anonymity [0/4]
|
||||||
**** LACKING Summary :B_fullframe:
|
**** DRAFT Summary :B_fullframe:
|
||||||
:PROPERTIES:
|
:PROPERTIES:
|
||||||
:DURATION: 00:01
|
:DURATION: 00:01
|
||||||
:BEAMER_env: fullframe
|
:BEAMER_env: fullframe
|
||||||
|
@ -922,11 +920,13 @@ In the former case,
|
||||||
current session.
|
current session.
|
||||||
#+END_COMMENT
|
#+END_COMMENT
|
||||||
|
|
||||||
***** TODO Anonymity
|
***** Anonymity
|
||||||
Foo
|
Origin is unknown to server; no unique identifier known by
|
||||||
|
server\incite{whonix:donot}
|
||||||
|
|
||||||
***** TODO Pseudonymity
|
***** Pseudonymity
|
||||||
Bar
|
Origin is unknown to server; unique identifier /is available/ to
|
||||||
|
server\incite{whonix:donot}
|
||||||
|
|
||||||
|
|
||||||
**** DRAFT IANAAE :B_fullframe:
|
**** DRAFT IANAAE :B_fullframe:
|
||||||
|
@ -948,13 +948,14 @@ I provide a number of resources to get you started.
|
||||||
#+END_COMMENT
|
#+END_COMMENT
|
||||||
|
|
||||||
|
|
||||||
**** DEVOID The Tor Network
|
**** DRAFT The Tor Network
|
||||||
:PROPERTIES:
|
:PROPERTIES:
|
||||||
:DURATION: 00:01
|
:DURATION: 00:01
|
||||||
:END:
|
:END:
|
||||||
|
|
||||||
- The Onion Router (Tor)
|
- The Onion Router (Tor)\cite{tor}
|
||||||
- ...
|
- Helps defend against traffic analysis
|
||||||
|
- (Routing image)
|
||||||
|
|
||||||
#+BEGIN_COMMENT
|
#+BEGIN_COMMENT
|
||||||
Most here have probably heard of Tor.
|
Most here have probably heard of Tor.
|
||||||
|
@ -980,18 +981,21 @@ There are lots of other details that I don't have time to get to here,
|
||||||
#+END_COMMENT
|
#+END_COMMENT
|
||||||
|
|
||||||
|
|
||||||
**** DEVOID TorBrowser, Tails, and Whonix
|
**** DRAFT TorBrowser, Tails, and Whonix
|
||||||
:PROPERTIES:
|
:PROPERTIES:
|
||||||
:DURATION: 00:02
|
:DURATION: 00:02
|
||||||
:END:
|
:END:
|
||||||
|
|
||||||
- TODO
|
- <1-> Tor alone isn't enough
|
||||||
|
- <1-> Browser needs to be hardened
|
||||||
|
- <2-> TorBrowser is a hardened Firefox derivative
|
||||||
|
- <1-> Operating System needs to be hardened
|
||||||
|
- <2-> Tails, Whonix
|
||||||
|
|
||||||
#+BEGIN_COMMENT
|
#+BEGIN_COMMENT
|
||||||
Tor alone isn't enough to secure your anonymity.
|
Tor alone isn't enough to secure your anonymity.
|
||||||
|
|
||||||
It's hard to secure a web browser.
|
It's hard to secure a web browser.
|
||||||
<links>
|
|
||||||
|
|
||||||
TorBrowser is a hardened version of Firefox.
|
TorBrowser is a hardened version of Firefox.
|
||||||
The Tor browser recommends that you don't rely on a vanilla Firefox for
|
The Tor browser recommends that you don't rely on a vanilla Firefox for
|
||||||
|
|
Loading…
Reference in New Issue