mikegerwitz
/
sapsf
1
0
Fork 0
Code Releases Activity

Initial completion of The Web 

Well that was quite an effort.  And it is not done yet;
see the checklist in notes.org.

slides.org (The Web): Note deconstruction.
notes.org: Update checklist.
images/tp: Add third-party scripts for image download
master
Mike Gerwitz 2017-03-18 13:40:31 -04:00
parent e9cb238e6e
commit 14c7076d3c
18 changed files with 1109 additions and 168 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
images/Makefile
View File

@ -1,25 +0,0 @@
# Third-party image retrieval
#
# Licensed under the CC0 1.0 Universal license (public domain).
##
images := sf-cameras.jpg alpr-mounted.png alpr-capture.png \
alpr-pips.png
define imgfetch
torify wget -O
endef
all: $(images)
sf-cameras.jpg:
$(imgfetch) "$@" 'https://cbssanfran.files.wordpress.com/2015/09/san_francisco_surveillance_cameras_092315.jpg'
alpr-mounted.png:
$(imgfetch) "$@" 'https://www.eff.org/files/2015/10/20/paxton_and_spencer_.png'
alpr-capture.png:
$(imgfetch) "$@" 'https://www.eff.org/files/2015/10/20/paxton_captures.png'
alpr-pips.png:
$(imgfetch) "$@" 'https://www.eff.org/files/2015/10/15/pipscam9_redacted.png'

BIN
images/analytics-usage.png 100644
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

BIN
images/ftc-silver.png 100644
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 71 KiB

BIN
images/insecam-01.png 100644
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 159 KiB

BIN
images/insecam-02.png 100644
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 100 KiB

BIN
images/insecam-03.png 100644
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 110 KiB

BIN
images/insecam-04.png 100644
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 122 KiB

BIN
images/insecam-05.png 100644
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 103 KiB

BIN
images/insecam-06.png 100644
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 137 KiB

BIN
images/lightbeam-ex-good.png 100644
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

BIN
images/lightbeam-ex-noscript.png 100644
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

BIN
images/lightbeam-ex.png 100644
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 118 KiB

6
images/tp/.gitignore vendored 100644
View File

@ -0,0 +1,6 @@
*
!gen-makefile
!remote-list
!SHA256SUM
!.gitignore

17
images/tp/SHA256SUM 100644
View File

@ -0,0 +1,17 @@
8df6f6442bfb895e2d4d5d599d2d9a477405f590587f2a473c3e59a46d06b325 alpr-mounted.png
4b0050a377af1fcd72f14863408eef44d40e7ba6fe31e2121ec7c3a51781a752 alpr-capture.png
31597ba3731e6eccf2e68ae8b91ad25b2e6e4685814e723333d9ea1d2579b635 alpr-pips.png
e7029f70524f420ef32044aeae8280434d5b03ddbab4e90188409a93597c0726 sf-cameras.jpg
9edddcac31bbb09e4ba9f6fea5d36e5298ec65ce88d4c015121fc27edd466947 silverpush-logo.png
cfda12117815c35bfc51266d9e8227b1645dcd5ffe054c4ae9922e75595f09b9 ga-dashboard.png
d905d3b378daea4c002c873a4ad8192246959cb6df6fb470e29ade9f2b2354c9 piwik-dashboard.png
95709a88b709740dfbc4a2c6d68941ec8ac8bfb2f289ddfcfeadd0677c47bf58 fb-like.png
72b450aaaa6975645bb79b2345e4ec7178931a8c898ab0b183c2ef2f106a67a0 noscript.png
2e4d5628d4f3f1baa20a8534631547c26f85492270d16eb836218e2f29c0535b privacy-badger.png
9f38237f96b1cd9c945c55b084cd22aa51e9d210d2533f563be202433beaf3f6 ublock0.png
1c4aafb7be008a99683d93acb92174cddb6d6e3fa5d882defed8a7173a114d5d sdcookies.png
43c3548d0659cc769bd82c0ce681d21aa9120f7b15c49b77af0d19764621fb18 tor.png
ee2c1e8325221cc5ae01b078930d7e74d447cec25cebeb18c0aaa1989994b918 tor-diagram.png
f9600308d10debbc56e116087aa83a1ada126f3979f8b528228e1e89a87efd12 torbrowser.png
4f231d937e622d9012706d57d5b0faa233f83d1e864db3b1b50d40d714aa8244 tails.png
dce3dbf6572077dd495a9413ff11d7017d785142af85286a5ab51b7c7e4da728 whonix.png

51
images/tp/gen-makefile 100755
View File

@ -0,0 +1,51 @@
#!/bin/bash
# Generate Makefile for third-party image download
#
# Copyright (C) 2017 Mike Gerwitz
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
##
declare -r remote_file=remote-list
cat <<EOF
### GENERATED BY gen-makefile ###
images := $( cut -d' ' -f1 "$remote_file" | tr '\n' ' ' )
.PHONY: all check clean
all: \$(images)
SHA256SUM: \$(images)
sha256sum \$(images) > \$@
check:
sha256sum -c SHA256SUM
clean:
\$(RM) \$(images)
EOF
while read out url convert; do
dest="$out"
echo "$dest":
printf "\ttorify wget -O %q %q\n" "$dest" "$url"
test -n "$convert" || continue
printf "\tmogrify %s %q\n" "$convert" "$dest"
done < "$remote_file"

17
images/tp/remote-list 100644
View File

@ -0,0 +1,17 @@
alpr-mounted.png https://web.archive.org/web/20170318173251/https://www.eff.org/files/2015/10/20/paxton_and_spencer_.png
alpr-capture.png https://web.archive.org/web/20170318173346/https://www.eff.org/files/2015/10/20/paxton_captures.png
alpr-pips.png https://web.archive.org/web/20170318173427/https://www.eff.org/files/2015/10/15/pipscam9_redacted.png
sf-cameras.jpg https://web.archive.org/web/20170318173846/https://cbssanfran.files.wordpress.com/2015/09/san_francisco_surveillance_cameras_092315.jpg
silverpush-logo.png https://web.archive.org/web/20160623032522/http://1.bp.blogspot.com/-r9WGkxWE3RI/Vk9wK_RisSI/AAAAAAAAAy0/ZydFsogCrnc/s640/silverpush.png
ga-dashboard.png https://web.archive.org/web/20170315055350/https://www.google.com/analytics/images/analytics/features/hero_1x.png -crop 580x370+115+35
piwik-dashboard.png https://web.archive.org/web/20170310025254/https://piwik.org/wp-content/themes/piwik/assets/img/piwiklaptop.png -crop 730x520+225+85
fb-like.png https://web.archive.org/web/20170318173942/https://upload.wikimedia.org/wikipedia/commons/thumb/5/54/Bot%C3%B3n_Me_gusta.svg/280px-Bot%C3%B3n_Me_gusta.svg.png-rotate 180
noscript.png https://web.archive.org/web/20170317063210/https://noscript.net/noscript/logo.png
privacy-badger.png https://web.archive.org/web/20170318014732/https://www.eff.org/sites/all/themes/badger/badger-stroke.png
ublock0.png https://web.archive.org/web/20170318015725/https://raw.githubusercontent.com/gorhill/uBlock/master/doc/img/icon38@2x.png
sdcookies.png https://web.archive.org/web/20170318020257/https://addons.cdn.mozilla.net/user-media/addon_icons/415/415846-64.png?modified=1477354818
tor.png https://web.archive.org/web/20170318054354/https://www.torproject.org/images/tor-logo.jpg
tor-diagram.png https://web.archive.org/web/20170318055957/https://www.torproject.org/images/htw2.png
torbrowser.png https://web.archive.org/web/20170318161549/https://www.torproject.org/images/tb-lg.png -crop 185x135+0+0
tails.png https://web.archive.org/web/20170318162345/https://tails.boum.org/lib/banner.png -crop 495x114+30+0
whonix.png https://web.archive.org/web/20170318164321/https://upload.wikimedia.org/wikipedia/en/7/75/Whonix_Logo.png

358
sapsf.bib
View File

@ -5,6 +5,20 @@
urldate = {2017-03-08},
}
@online{tor:tails,
title = {Tails - Privacy for anyone anywhere},
organization = {Tor Project},
url = {https://tails.boum.org/},
urldate = {2017-03-18},
}
@online{whonix,
title = {Whonix},
organization = {Whonix},
url = {https://www.whonix.org/},
urldate = {2017-03-18},
}
@online{whonix:donot,
author = {Whonix},
title = {DoNot},
@ -486,7 +500,7 @@
url = {https://ssrn.com/abstract=998565},
urldate = {2017-03-13},
annotation = {GWU Law School Public Law Research Paper No. 289},
},
}
@online{metro:goebbels,
author = {Nagesh, Ashitha},
@ -584,3 +598,345 @@
urldate = {2017-03-14},
annotation = {Telnet right into certain ALPRs.}
}
@online{ftc:silver,
author = {Mithal, Maneesha},
title = {Sample Silverpush Letter},
organization = {United States Federal Trade Commission,
Bureau of Consumer Protection,
Divison of Privacy and Identity Protection},
url = {https://www.ftc.gov/system/files/attachments/press-releases/ftc-issues-warning-letters-app-developers-using-silverpush-code/160317samplesilverpushltr.pdf},
urldate = {2017-03-14},
annotate = {Sample letter template for Android developers using software
created by the company Silvepush.}
}
@online{wired:ultrasonic,
author = {Newman, Lily Hay},
title = {How to Block the Ultrasonic Signals You Didnt Know Were Tracking
You},
organization = {Wired},
date = {2016-11-03},
url = {https://www.wired.com/2016/11/block-ultrasonic-signals-didnt-know-tracking/},
urldate = {2017-03-14},
}
@online{ubeacsec:paper,
author = {Mavroudis, V.
and Hao, S.
and Fratantonio, Y.
and Maggi, F.
and Kruegel, C.
and Vigna, G.},
title = {The Ultrasound Tracking Ecosystem},
indextitle = {Ultrasound Tracking Ecosystem, The},
url = {http://ubeacsec.org/downloads/report.pdf},
urldate = {2017-03-14},
annotation = {Claims to be ``the first comprehensive security analysis''
of this type of tracking.},
}
@online{bleep:ultrasound-tor,
author = {Cimpanu, Catalin},
title = {Ultrasound Tracking Could Be Used To Deanonymize Tor Users},
organization = {Bleeping Computer},
date = {2017-01-03},
url = {https://www.bleepingcomputer.com/news/security/ultrasound-tracking-could-be-used-to-deanonymize-tor-users/},
urldate = {2017-03-14},
}
@online{33c3:talk-behind,
author = {Mavroudis, Vasillios
and Maggi, Federico},
title = {Talking Behind Your Back},
subtitle = {On the Privacy \& Security of the Ultrasound Tracking
Ecosystem},
location = {33^{rd} Chaos Communication Congress},
date = {2016-12-29},
url = {https://media.ccc.de/v/33c3-8336-talking_behind_your_back},
urldate = {2017-03-14},
}
@online{ftc:xdt,
title = {Cross-Device Tracking},
organization = {Federal Trade Commission},
location = {Constitution Center, 400 7^{th}~St~SW, Washington~DC 20024},
date = {2015-11-16},
url = {https://www.ftc.gov/news-events/events-calendar/2015/11/cross-device-tracking},
urldate = {2017-03-15},
}
@online{google:ga:features,
title = {Marketing Data Analysis \& Reporting Features},
organization = {Google},
url = {https://www.google.com/analytics/analytics/features/},
urldate = {2017-03-15},
}
@online{w3techs:analytics,
title = {Usage Stastics and Market Share of Traffic Analysis Tools for
Websites},
organization = {W3Techs},
url = {https://w3techs.com/technologies/overview/traffic_analysis/all},
urldate = {2017-03-15},
}
@online{w3techs:google,
author = {Gelbmann, Matthias},
title = {Google can't track every click of your web surfing. Only most of
them.},
organization = {W3Techs},
date = {2012-02-27},
url = {https://w3techs.com/blog/entry/google_cant_track_every_single_click_of_your_web_surfing_only_most_of_them},
urldate = {2017-03-15},
}
@online{piwik,
title = {Free Web Analytics Software},
organization = {Piwik},
url = {https://piwik.org/},
urldate = {2017-03-15},
}
@online{piwik:privacy,
title = {Web Analytics Privacy in Piwik},
organization = {Piwik},
url = {https://piwik.org/privacy/},
urldate = {2017-03-15},
}
@online{mtg:gitlab-piwik,
author = {Gerwitz, Mike},
title = {Google Analytics Removed From GitLab.com Instance},
date = {2016-01-24},
url = {https://mikegerwitz.com/2016/01/Google-Analytics-Removed-from-GitLab.com-Instance},
urldate = {2017-03-16},
}
@online{w:fb-like-img,
author = {Vt, Enoc},
title = {File:Botón Me gusta.svg},
date = {2011-10-09},
url = {https://en.wikipedia.org/wiki/File:Bot\%C3\%B3n_Me_gusta.svg},
urldate = {2017-03-16},
}
@article{pnas:predict,
author = {Kosinski, Michal
and Stillwell, David
and Graepel, Thore},
title = {Private traits and attributes are predictable from digital
records of human behavior},
journal = {PNAS},
volume = {110},
pages = {5802-5805},
doi = {10.1073/pnas.1218772110},
date = {2013-02-12},
url = {http://www.pnas.org/content/110/15/5802.full.pdf},
urldate = {2017-03-16},
}
@online{bloomberg:belgum-fb,
author = {Bodoni, Stephanie
and Martens, John},
title = {Belgium Tells Facebook to Stop Storing Personal Data From
Non-Users},
organization = {Bloomberg},
date = {2015-11-09},
url = {https://www.bloomberg.com/news/articles/2015-11-09/facebook-told-to-stop-storing-personal-data-from-belgian-surfers},
urldate = {2017-03-16},
annotation = {Surely Facebook isn't doing such a thing. Wait: ``Facebook
says it will appeal Belgian ruling to higher court''. Imagine that.}
}
@online{w:behavioral-targeting,
title = {Behavorial Tracking},
organization = {Wikipedia},
url = {https://en.wikipedia.org/wiki/Behavioral_targeting},
urldate = {2017-03-16},
}
@article{roosendaal:fb-like,
author = {Roosendaal, Arnold},
title = {Facebook Tracks and Traces Everyone: Like This!},
journaltitle = {Tilburg Law School Legal Studies Research Paper Series},
date = {2010},
doi = {10.2139/ssrn.1717563},
url = {https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1717563},
urldate = {2017-03-17},
}
@online{uld:fb,
title = {ULD to website owners: ``Deactivate Facebook web analytics''},
organization = {Unabh{\:a}ngiges Landeszentrum f{\:u}r Datenschutz
Schleswig-Holstein},
date = {2011-08-19},
url = {https://www.datenschutzzentrum.de/presse/20110819-facebook-en.htm},
urldate = {2017-03-17},
}
@online{eff:browser-uniqueness-blog,
authors = {Eckersley, Peter},
title = {Is Every Browser Unique? Results Fom The Panopticlick Experiment},
organization = {Electronic Frontier Foundation},
date = {2010-05-17},
url = {https://www.eff.org/deeplinks/2010/05/every-browser-unique-results-fom-panopticlick},
urldate = {2017-03-17},
}
@online{eff:browser-uniqueness,
authors = {Eckersley, Peter},
title = {How Unique Is Your Web Browser?},
organization = {Electronic Frontier Foundation},
date = {2010-05-17},
url = {https://panopticlick.eff.org/static/browser-uniqueness.pdf},
urldate = {2017-03-17},
}
@online{eff:panopti2,
author = {Budington, Bill},
title = {Panopticlick 2.0 Launches, Featuring New Tracker Protection and
Fingerprinting Tests},
organization = {Electronic Frontier Foundation},
date = {2015-12-17},
url = {https://www.eff.org/deeplinks/2015/12/panopticlick-20-launches-featuring-new-tracker-protection-and-fingerprinting-tests},
urldate = {2017-03-17},
}
@online{mozilla:fingerprinting,
title = {Fingerprinting - {MozillaWiki}},
organization = {Mozilla},
url = {https://wiki.mozilla.org/Fingerprinting},
urldate = {2017-03-17},
}
@online{chromium:identification,
author = {Janc, Artur
and Zalewski, Michal},
title = {Technical analysis of client identification mechanisms},
organization = {Google},
url = {https://sites.google.com/a/chromium.org/dev/Home/chromium-security/client-identification-mechanisms},
urldate = {2017-03-17},
}
@online{tor:browser-design,
author = {Perry, Mike
and Clark, Erin
and Murdoch, Steven
and Koppen, Georg},
title = {The Design and Implementation of the {Tor Browser}},
organization = {Tor Project},
date = {2017-03-10},
url = {https://www.torproject.org/projects/torbrowser/design/},
urldate = {2017-03-17},
}
@online{stanford:private-browsing,
author = {Aggarwal, Gaurav,
and Bursztein, Elie
and Jackson, Collin
and Boneh, Dan},
title = {An Analysis of Private Browsing Modes in Modern Browsers},
organization = {Stanford University},
url = {https://crypto.stanford.edu/~dabo/pubs/papers/privatebrowsing.pdf},
urldate = {2017-03-17},
}
@online{norte:tor-fingerprint,
author = {Norte, Jose Carlos},
title = {Advanced Tor Browser Fingerprinting},
date = {2016-03-06},
url = {http://jcarlosnorte.com/security/2016/03/06/advanced-tor-browser-fingerprinting.html},
urldate = {2017-03-17},
}
@online{browserleaks,
title = {{BrowserLeaks.com} - Web Browser Security Checklist for Identity
Theft Protection},
url = {https://browserleaks.com/},
urldate = {2017-03-17},
}
@article{hardware-fingerprint,
author = {Cao, Yinshi
and Li, Song
and Wijmans, Erik},
title = {(Cross-)Browser Fingerprinting via OS and Hardware Level Features},
date = {2017},
doi = {10.14722/ndss.2017.23152},
url = {http://yinzhicao.org/TrackingFree/crossbrowsertracking_NDSS17.pdf},
urldate = {2017-03-17},
}
@article{ars:fingerprint,
author = {Goodwin, Dan},
title = {Now sites can fingerprint you online even when you use multiple
browsers},
subtitle = {Online tracking gets more accurate and harder to evade},
organization = {Ars Technica},
url = {https://arstechnica.co.uk/security/2017/02/now-sites-can-fingerprint-you-online-even-when-you-use-multiple-browsers/},
urldate = {2017-03-17},
}
@online{mtg:rof,
author = {Gerwitz, Mike},
title = {Restore Online Freedom!},
date = {2016-03-20},
url = {https://media.libreplanet.org/u/libreplanet/collection/restore-online-freedom/},
urldate = {2017-03-17},
annotate = {My LibrePlanet 2017 talk about issues with an increasing
non-free Web, as well as privacy and security implications
of running untrusted, unsigned, ephemeral JavaScript
code.}
}
@online{noscript,
title = {NoScript - {JavaScript}/{Java}/{Flash} blocker for a safer
Firefox experience!},
url = {https://noscript.net/},
urldate = {2017-03-17},
}
@online{eff:privacy-badger,
title = {Privacy Badger},
organization = {Electronic Frontier Foundation},
url = {https://www.eff.org/privacybadger},
urldate = {2017-03-17},
}
@online{gh:ublock-origin,
title = {uBlock Origin},
subtitle = {An efficient blocker for {Chromium} and {Firefox}. Fast and
lean.},
url = {https://github.com/gorhill/uBlock},
urldate = {2017-03-17},
}
@online{moz:sd-cookies,
title = {Self-Destructing Cookies},
url = {https://addons.mozilla.org/en-US/android/addon/self-destructing-cookies/},
urldate = {2017-03-17},
}
@online{lp:2016:privacy-badger,
author = {Quintin, Cooper},
title = {Ending Online Tracking! Privacy Badger and Beyond!},
organization = {Electronic Frontier Foundation},
url = {https://media.libreplanet.org/u/libreplanet/m/ending-online-tracking-privacy-badger-and-beyond/},
urldate = {2017-03-17},
}
@online{moz:lightbeam,
title = {Lightbeam for Firefox},
subtitle = {Shine a Light on Who's Watching You},
organization = {Mozilla},
url = {https://www.mozilla.org/en-US/lightbeam/},
urldate = {2017-03-17},
}
@cite{tor:browser,
title = {Tor Browser},
organization = {Tor Project},
url = {https://www.torproject.org/projects/torbrowser.html.en},
urldate = {2017-03-17},
}

803
slides.org
View File

@ -518,7 +518,7 @@ Cameras on streets to deter crime.
#+BEGIN_CENTER
#+ATTR_LATEX: :height 1.25in
[[./images/sf-cameras.jpg]]
[[./images/tp/sf-cameras.jpg]]
\incite{cbs:sf-smile}
#+END_CENTER
@ -678,11 +678,11 @@ In fact,
#+BEGIN_CENTER
#+BEAMER: \only<1>{
#+ATTR_LATEX: :height 1.5in
[[./images/alpr-mounted.png]]\incite{eff:alpr}
[[./images/tp/alpr-mounted.png]]\incite{eff:alpr}
#+BEAMER: }
#+BEAMER: \only<2>{
#+ATTR_LATEX: :height 1.5in
[[./images/alpr-capture.png]]\incite{eff:alpr}
[[./images/tp/alpr-capture.png]]\incite{eff:alpr}
#+BEAMER: }
#+END_CENTER
@ -958,7 +958,7 @@ Even if you can't find a camera on this site,
#+BEGIN_CENTER
#+ATTR_LATEX: :height 1.5in
[[./images/alpr-pips.png]]\incite{eff:alpr}
[[./images/tp/alpr-pips.png]]\incite{eff:alpr}
#+END_CENTER
- John Matherly (Shodon author) noticed many web-accessible PIPS
@ -1059,39 +1059,44 @@ If I'm off in the background when you take a picture of your friends in the
#+END_COMMENT
** LACKING The Web [0/6]
*** DRAFT Introduction [0/1] :B_ignoreheading:
** REVIEWED The Web [0/7]
*** REVIEWED Introduction [0/1] :B_ignoreheading:
:PROPERTIES:
:BEAMER_env: ignoreheading
:END:
**** DRAFT Introduction :B_fullframe:
**** REVIEWED Introduction :B_fullframe:
:PROPERTIES:
:BEAMER_env: fullframe
:DURATION: 00:00:10
:END:
- Much of our lives are no longer in the flesh
- Or have some non-fleshy (virtual) analog
#+BEGIN_CENTER
\Huge Fleshy You $\Longleftrightarrow$ Virtual You
#+END_CENTER
#+BEGIN_COMMENT
But you're not just tracked in the flesh.
Much of what we do today is virtual.
What better way to segue than to bridge the two?
So, naturally, there are those that want to bridge them.
#+END_COMMENT
*** LACKING Bridging the Gap [0/1]
**** LACKING Ultrasound Tracking
*** REVIEWED Bridging the Gap [0/3]
**** REVIEWED FTC: They're Watching You :B_fullframe:
:PROPERTIES:
:DURATION: 00:01
:BEAMER_env: fullframe
:DURATION: 00:00:30
:END:
- <1-> How do you bridge that analog?
- <2-> Particularly insidious example: ultrasound tracking
- <2-> Correlates users across devices
#+BEGIN_CENTER
[[./images/ftc-silver.png]]\incite{ftc:silver}
#+END_CENTER
#+BEGIN_COMMENT
This is a sample letter template from the FTC.
It states: <read paragraph>.
A challenge for advertisers is correlating users across multiple devices,
and in the real world.
and in the real world.
Let's say you saw a commercial for some product Foo on TV.
And then you went online to research Foo.
@ -1100,16 +1105,361 @@ And then you bought Foo.
Sometimes commercials have you enter promo codes online to know that you
arrived at the site from a TV commercial.
Or give you a unique URL.
Others play inaudible sounds that are picked up by your mobile device or
computer.
<...>
#+END_COMMENT
*** DRAFT Incentive to Betray [0/1]
**** DRAFT Summary :B_fullframe:
**** REVIEWED Ultrasound Tracking
:PROPERTIES:
:DURATION: 00:00:15
:END:
#+BEAMER: \only<1>{
#+BEGIN_CENTER
\cdots $\Longleftrightarrow$ TV $\Longleftrightarrow$
Retail Store $\Longleftrightarrow$
Mobile $\Longleftrightarrow$ Web $\Longleftrightarrow$ \cdots
#+END_CENTER
- Correlates users across devices; airgap
bridge\cite{ubeacsec:paper,wired:ultrasonic}
- Inaudible to humans
- Could deanonymize (e.g. Tor users)\cite{33c3:talk-behind,bleep:ultrasound-tor}
#+BEAMER: }
#+BEAMER: \only<2>{
#+BEGIN_CENTER
[[./images/tp/silverpush-logo.png]]
#+END_CENTER
#+BEGIN_QUOTE
``Silverpush could generate a detailed log of the television
content viewed while a users mobile phone was
turned\nbsp{}on.''\cite{ftc:silver}
#+END_QUOTE
#+BEAMER: }
#+BEGIN_COMMENT
Others play inaudible sounds that are picked up by your mobile device or
computer.
This has other serious implications.
There are concerns, for example, about this method being able to be used to
deanonymize Tor users.
In that letter, FTC mentions Silverpush by name.
There are other companies too;
see the references.
#+END_COMMENT
**** REVIEWED Ultrasound Cross-Device Tracking (uXDT)
:PROPERTIES:
:DURATION: 00:00:45
:END:
- <1-> Termed ``Ultrasound Cross-Device Tracking''
(uXDT)\cite{bleep:ultrasound-tor,ftc:xdt}
- <1-> Mitigations?
- <2-> SilverDog is a Chromium addon to filter HTML5 audio\cite{ubeacsec:paper}
- <3-> Researchers propose Android permission system change
- <4-> Don't install software that keep secrets (proprietary)
- <5-> Don't run untrusted code on websites (use e.g. NoScript)
- <6-> Turn off your device when not in use
- <6-> Keep device away from other media
#+BEGIN_COMMENT
This is termed ``Ultrasound Cross-Device Tracking'',
or simply ``Cross-Device Tracking''.
How do you go about mitigating this type of threat?
Well, researchers studying this issue wrote SilverDog,
a Chromium addon to filter HTML5 audio to remove ultrasonic frequencies.
That doesn't help with TorBrowser, though, which is FF-based.
The reserachers also propose a change to the Android permission system for
audio.
This type of thing only works when you're keeping some serious secrets.
That's easy to do with proprietary software.
Much riskier to do (but not impossible) with free software.
For websites, don't run untrusted JavaScript code;
block it with an addon like NoScript.
We'll get into that in a little bit.
You can also turn off the device when not in use,
and maybe keep it away from other media.
This is far from the only mobile threat;
you may want to take precautions for other things anyway.
#+END_COMMENT
*** REVIEWED Analytics [0/4]
**** REVIEWED Introduction :B_fullframe:
:PROPERTIES:
:BEAMER_env: fullframe
:DURATION: 00:00:15
:END:
#+BEGIN_CENTER
#+BEAMER: \only<1-3>{\Huge Data Analytics}
#+BEAMER: \only<2-3>{\LARGE (Building User Profiles)}
#+BEAMER: \only<3>{\large (Tracking)}
#+BEAMER: \only<4->{\Huge Spyware}
#+BEAMER: \only<5>{\LARGE (With Science)}
#+END_CENTER
#+BEGIN_COMMENT
This all leads into a larger subject called ``data analytics''.
Which is really just building, analyzing, and aggregating user profiles.
Which is generally called tracking.
...which we usually just call spyware.
But this has science!
#+END_COMMENT
**** REVIEWED Trackers
:PROPERTIES:
:DURATION: 00:00:15
:END:
- <1-> Website owners want to know what their visitors are doing
- <1-> That in itself isn't an unreasonable concept
- <2-> Methods and data define the issue
#+BEGIN_COMMENT
Website owners want to know what their visitors are doing.
That in itself isn't an unreasonable thing, broadly speaking,
but how you go about it and what types of data you collect
defines the issue.
#+END_COMMENT
**** REVIEWED Google Analytics
:PROPERTIES:
:DURATION: 00:00:30
:END:
***** GA Dashboard
:PROPERTIES:
:BEAMER_col: 0.45
:END:
#+BEGIN_CENTER
#+BEAMER: \only<1>{
#+ATTR_LATEX: :height 1.5in
[[./images/tp/ga-dashboard.png]]
\incite{google:ga:features}
#+BEAMER: }
#+BEAMER: \only<2>{
[[./images/analytics-usage.png]]
\incite{w3techs:analytics}
#+BEAMER: }
#+END_CENTER
***** Description
:PROPERTIES:
:BEAMER_col: 0.45
:END:
- <1-> User location, screen resolution, time on page, heatmap,
etc\cite{w:behavioral-targeting}
- <1-> Unique identifier assigned
- <1-> Fine-grained reporting for site owner
- <2-> Knows many sites user visited across Web\cite{w3techs:google}
#+BEGIN_COMMENT
Take Google Analytics for example.
It is one of the most widely distributed spyware programs in the world.
It collects a variety of user data.
A lot of it really is what website owners want to know:
geography, screen resolution, time on the page, heatmaps, etc.
Except...
And all of this is known to Google.
And because services like GA, AdWords, etc are so widely used,
all of this can be used to identify users across the entire web.
#+END_COMMENT
**** REVIEWED Piwik
:PROPERTIES:
:DURATION: 00:00:30
:END:
#+BEGIN_COMMENT
If you must track your users, consider using Piwik, which you can host
yourself.
This means that your visitor data aren't stored and accessible by Google or
other companies.
Pwik has some user privacy settings to anonymize, remove logs, respect DNT,
provide opt-out, etc.
It also gives website owners some privacy by not leaking paths and other
information about the website:
#+END_COMMENT
***** Dashboard
:PROPERTIES:
:BEAMER_col: 0.65
:END:
#+BEGIN_CENTER
[[./images/tp/piwik-dashboard.png]]
\incite{piwik}
#+END_CENTER
***** Description
:PROPERTIES:
:BEAMER_col: 0.35
:END:
- <2-> Data on **your own servers**\cite{mtg:gitlab-piwik}
- <2-> Visitor privacy settings\cite{piwik:privacy}
- <2-> Privacy as a site owner
*** REVIEWED Social Networking
**** REVIEWED Like Buttons
:PROPERTIES:
:DURATION: 00:00:30
:END:
#+BEGIN_CENTER
#+ATTR_LATEX: :height 1.5in
[[./images/tp/fb-like.png]]\incite{w:fb-like-img}
#+END_CENTER
- <2-> Infecting the Web with trackers under guise of
community\cite{pnas:predict,w:behavioral-targeting,uld:fb}
- <2-> Tracks regardless of whether you are logged in to Facebook
\cite{bloomberg:belgum-fb,roosendaal:fb-like}
#+BEGIN_COMMENT
Another popular example are "like buttons" and similar little widgets that
websites like Facebook offer.
It might help get the word out about your stuff,
but please don't fall into the trap of betraying your visitors.
Please don't fall into the trap of clicking it, either---
it's easy to infer a great deal of information about you from what you
"like".
If a user is logged into Facebook,
then Facebook now knows that they visited that website,
_even if they don't click on the button_.
But even if you don't have a Facebook account,
you are still being tracked.
#+END_COMMENT
*** REVIEWED Fingerprinting [0/3]
**** REVIEWED Summary :B_fullframe:
:PROPERTIES:
:DURATION: 00:00:15
:END:
#+BEGIN_CENTER
\Huge Fingerprinting
#+END_CENTER
#+BEGIN_COMMENT
These methods are part of a broader topic called ``fingerprinting''.
It's just what it sounds like:
uniquely identify users online.
#+END_COMMENT
**** REVIEWED EFF Research :B_fullframe:
:PROPERTIES:
:BEAMER_env: fullframe
:DURATION: 00:00:20
:END:
#+BEGIN_CENTER
#+BEAMER: \only<1>{
EFF Research, 2010:\cite{eff:browser-uniqueness-blog,eff:browser-uniqueness}
#+BEGIN_QUOTE
``In our analysis of anonymized data from around half a million distinct
browsers, 84% had unique configurations. Among browsers that had Flash or
Java installed, 94% were unique, and only 1% had fingerprints that were seen
more than twice.''
#+END_QUOTE
#+BEAMER: }
#+BEAMER: \only<2>{
That was seven years ago.
You're really screwed today.*
#+BEGIN_LATEX
\incite{eff:panopti2,eff:browser-uniqueness,mozilla:fingerprinting,%
chromium:identification,tor:browser-design,stanford:private-browsing,%
norte:tor-fingerprint,browserleaks,ars:fingerprint,hardware-fingerprint}
#+END_LATEX
#+BEAMER: }
#+END_CENTER
#+BEGIN_COMMENT
Back in 2010,
the EFF released a paper with results from their fingerprinting research
project Panopticlick.
Back then,
they had an 84% success rate;
even higher with Flash and Java.
But we ain't in 2010 anymore.
We have options.
Very creative ones.
#+END_COMMENT
**** REVIEWED Alarmingly Effective
:PROPERTIES:
:DURATION: 00:00:40
:END:
- Panopticlick (EFF)\cite{panopti:about}
- User Agent, cookies, screen resolution, fonts, language, session storage,
canvas, WebGL, ad blocker, audio, keystrokes, mouse movement, \ldots
- Can even track separate browsers on the same
hardware\cite{hardware-fingerprint,ars:fingerprint}
#+BEGIN_COMMENT
Fingerprinting is alarmingly effective.
We don't have time to get into much detail on how it works;
I provided plenty of resources for that.
But there are some interesting ones.
We don't just have to rely on basic browser-provied information like user
agent, fonts, and cookies anymore.
How about tracking how the user moves her mouse and scrolls?
What about keystroke analysis?
Random noise from audio?
Time of CPU-intensive tasks like rendering 3D elements?
Some of these methods are hardware-based.
They can fingerprint even if the user opens a different browser,
or maybe even a different operating system,
on the same box.
Some are behavioral.
Keystroke patterns will persist wherever the user goes.
We'll get into some defenses in a bit.
#+END_COMMENT
*** REVIEWED Incentive to Betray [0/2]
**** REVIEWED Summary :B_fullframe:
:PROPERTIES:
:DURATION: 00:00:30
:BEAMER_env: fullframe
@ -1128,121 +1478,230 @@ Incentives to betray users.
Many websites make money through advertising.
It can be lucrative.
And it's _easy_ to do.
Others get addicted to attention and praise.
Others simply want to know what their visitors are doing on their website.
Most website owners don't think or know about these issues.
They're unknowing pawns in the Web of surveillance.
#+END_COMMENT
*** LACKING Analytics [0/2]
**** LACKING Trackers
**** DRAFT Web of Surveillance :B_fullframe:
:PROPERTIES:
:DURATION: 00:01
:BEAMER_env: fullframe
:END:
- <1-> Website owners want to know what their visitors are doing
- <1-> That in itself isn't an unreasonable concept
- <2-> Methods and data define the issue
#+BEGIN_COMMENT
Site analytics is another issue.
Website owners want to know what their visitors are doing.
That in itself isn't an unreasonable thing broadly speaking,
but how you go about it and what types of data you collect
defines the issue.
Take Google Analytics for example.
A very popular proprietary analytics service.
It is one of the most widely distributed malware programs in the world.
<<examples of how GA tracks>>
And all of this is known to Google.
All of this can be used to identify users across the entire web.
<<list others>>
If you must track your users, consider using Piwik, which you can host
yourself.
#+END_COMMENT
**** DRAFT Like Buttons
:PROPERTIES:
:DURATION: 00:01
:END:
- <1-> Services encourage use of "like" buttons and such
- <1-> Infecting the web with trackers under the guise of community
- <2-> **Use Privacy Badger**
#+BEGIN_COMMENT
Another popular example are "like buttons" and similar little widgets that
websites like Facebook offer.
If a user is logged into Facebook,
then Facebook now knows that they visited that website,
_even if they don't click on the button_.
But even if you don't have a Facebook account,
information is being leaked to them
you are still being tracked.
Addons like Privacy Badger will block these.
#+END_COMMENT
*** LACKING Fingerprinting [0/3]
**** DRAFT Summary :B_fullframe:
#+BEGIN_CENTER
Browser Fingerprinting
#+BEAMER: \only<1>{
#+ATTR_LATEX: :height 2.5in
[[./images/lightbeam-ex.png]]
\incite{moz:lightbeam}
#+BEAMER: }
#+BEAMER: \only<2>{
#+ATTR_LATEX: :height 2.5in
[[./images/lightbeam-ex-good.png]]
(After mitigations)
#+BEAMER: }
#+END_CENTER
#+BEGIN_COMMENT
And I do mean a Web of surveillance.
This is LightBeam.
It's an addon for Firefox that graphs first- and third-party sites that you
visit,
providing you with a visualization of the Web that's hidden from most
users.
I created a new FF profile and installed the addon;
none of my privacy settings or other addons I'm used to.
You can see at the top that I visited five websites:
Washington Post, NY Times from Google, Guargian, and---which you can't see
here because they're actually disjoint from this graph---The Intercept.
Good for them!
And yet,
it hit /86/ third party sites!
NYT alone connected to 47 different third parties!
I was blown away.
Some of these are trackers.
Some of them are remotely hosted scripts and fonts and media.
So let me show you what I'm used to seeing.
This is what happens when I try to mitigate some of these threats.
#+END_COMMENT
*** REVIEWED Mitigations & Anonymity [0/8]
**** REVIEWED Summary :B_fullframe:
:PROPERTIES:
:DURATION: 00:00:05
:BEAMER_env: fullframe
:END:
#+BEGIN_CENTER
\Huge How Do We Mitigate?
#+END_CENTER
#+BEGIN_COMMENT
These methods are part of a broader topic called "browser fingerprinting".
It's just what it sounds like:
uniquely identify users online.
So how do we do that?
Well, it depends on your threat model,
but let's start with the easy stuff.
#+END_COMMENT
**** LACKING Alarmingly Effective
**** REVIEWED Disable the Damn JavaScript!
:PROPERTIES:
:DURATION: 00:03
:BEAMER_env: fullframe
:DURATION: 00:00:45
:END:
- Panopticlick (EFF)\cite{panopti:about}
- JavaScript opens up a world of possibilities
- Clearing cookies et al. won't always help
- Can even track separate browsers on the same box
#+BEGIN_CENTER
#+ATTR_LATEX: :height 1.5in
[[./images/tp/noscript.png]]
#+END_CENTER
#+BEAMER: \only<2-3>{
- <2-3> Preempt most sophisticated and damning fingerprinting methods
- <2-3> Stop hardware profiling
- <2-3> Stop keystroke/mouse analysis
- <3> Remember those audio beacons?\cite{bleep:ultrasound-tor}
#+BEAMER: }
#+BEAMER: \only<4-5>{
- <4-> Running arbitrary untrusted, unsigned, ephemeral code
(/also\nbsp{}from many third parties/)\cite{mtg:rof}
- <4-> /Restore Online Freedom!/ (My LibrePlanet 2016 talk)
- <5-> LibreJS blocks non-free, but free doesn't mean free of malice
#+BEAMER: }
#+BEAMER: \only<6>{
- NoScript blocks JavaScript based on URL patterns\cite{noscript}
- /Warning:/ Allows some sites by default!
- Also blocks media and fonts; provides XSS and clickjacking prevention
#+BEAMER: }
#+BEGIN_COMMENT
It's alarmingly effective.
Okay, I can't say this enough.
Disable the damn JavaScript!
The Web isn't broken without it,
they're breaking the web /with/ it!
I write a lot of JavaScript for a living.
My GNU project is ease.js, which is a JavaScript library.
And yet,
/I do not allow JavaScript to run 99% of the time!/.
Even on most websites I trust.
Some people run LibreJS.
But note that free software doesn't mean free of malice.
Some methods allow fingerprinting even if the user uses multiple browsers
and takes care to clear all session data.
They can do this by effectively breaking out of the browser's sandbox by
doing operations that depend heavily on specifics of users' hardware.
It's probably obvious from the logo that I'm talking about the NoScript
extension.
It does more than just block JS---
it also blocks media, custom fonts, prevents against certain types of XSS
and clickjacking attacks, and more.
If you don't know what XSS and clickjacking is, that's okay.
#+END_COMMENT
**** DRAFT User Agent
- <1-> User agents can leak a lot of information
- <1-> ~18 bits in my browser on GNU/Linux, 1/~250,000
- <2-> Tor Browser\cite{panopti:about}
#+BEGIN_COMMENT
Your browser's user agent is a string that it sends with every request
identifying itself and some of its capabilities.
It can be surprisingly unique.
When I tested a Firefox browser on GNU/Linux,
I was unique out of nearly 250,000 users.
#+END_COMMENT
*** DRAFT Anonymity [0/4]
**** DRAFT Summary :B_fullframe:
**** REVIEWED LightBeam NoScript :B_fullframe:
:PROPERTIES:
:DURATION: 00:01
:BEAMER_env: fullframe
:DURATION: 00:00:15
:END:
#+BEGIN_CENTER
#+BEAMER: \only<1>{
#+ATTR_LATEX: :height 2.5in
[[./images/lightbeam-ex.png]]
(Before NoScript)
#+BEAMER: }
#+BEAMER: \only<2>{
#+ATTR_LATEX: :height 2.5in
[[./images/lightbeam-ex-noscript.png]]
(After NoScript)
#+BEAMER: }
#+END_CENTER
#+BEGIN_COMMENT
So this was our graph before NoScript.
And here it is after disabling scripts.
Without any other mitigations.
Obviously results will vary depending on the website.
We're going to get back to JS soon.
#+END_COMMENT
**** REVIEWED Block Ads and Trackers
:PROPERTIES:
:DURATION: 00:00:40
:END:
#+BEGIN_CENTER
#+ATTR_LATEX: :height 0.75in
[[./images/tp/privacy-badger.png]]
#+ATTR_LATEX: :height 0.75in
[[./images/tp/ublock0.png]]
#+ATTR_LATEX: :height 0.75in
[[./images/tp/sdcookies.png]]
#+END_CENTER
- /Privacy Badger/ blocks trackers\cite{eff:privacy-badger,lp:2016:privacy-badger}
- /uBlock_0/ filters (primarily) ads\cite{gh:ublock-origin}
- /Self-Destructing Cookies/ clears cookies and
LocalStorage\cite{moz:sd-cookies}
#+BEGIN_COMMENT
The issue surrounding Ad Blockers is framed such that we're waging war
against advertisers.
No---they're waging war against /us/.
You'll find that the bulk of what these addons for Firefox browsers handle
is related to ad networks.
Privacy Badger works to block sites that appear to be tracking you.
Cooper Quintin---developer of Privacy Badger---gave a great talk last year
here at LP; go check it out.
uBlock Origin describes itself as a ``wide-spectrum blocker'',
but it serves primarily as an ad blocker.
Self-Destructing cookies clears out a site's cookies and LocalStorage once a
tab is closed.
There may be better options out there;
this seems to be useful for me.
I don't have time to go into technical details, unfortunately.
#+END_COMMENT
**** REVIEWED Anonymity :B_fullframe:
:PROPERTIES:
:BEAMER_env: fullframe
:DURATION: 00:00:15
:END:
#+BEGIN_CENTER
#+BEAMER: \only<1>{
#+BEAMER: {\Huge Anonymity}
\bigskip
Origin is unknown to server; no unique identifier known
by\nbsp{}server\incite{whonix:donot}
#+BEAMER: }
#+BEAMER: \only<2>{
#+BEAMER: {\Huge Pseudonymity}
\bigskip
Origin is unknown to server; unique identifier /is\nbsp{}available/
to\nbsp{}server\incite{whonix:donot}
#+BEAMER: }
#+END_CENTER
#+BEGIN_COMMENT
Another way is to be anonymous or pseudononymous.
In the latter case,
@ -1253,22 +1712,17 @@ In the former case,
current session.
#+END_COMMENT
***** Anonymity
Origin is unknown to server; no unique identifier known by
server\incite{whonix:donot}
***** Pseudonymity
Origin is unknown to server; unique identifier /is available/ to
server\incite{whonix:donot}
**** DRAFT IANAAE :B_fullframe:
**** REVIEWED IANAAE :B_fullframe:
:PROPERTIES:
:BEAMER_env: fullframe
:DURATION: 00:00:10
:END:
#+BEGIN_CENTER
IANAAE (I Am Not An Anonymity Expert)
#+BEAMER: {\Huge IANAAE}
(I Am Not An Anonymity Expert)
#+END_CENTER
#+BEGIN_COMMENT
@ -1281,52 +1735,103 @@ I provide a number of resources to get you started.
#+END_COMMENT
**** DRAFT The Tor Network
**** REVIEWED The Tor Network
:PROPERTIES:
:DURATION: 00:01
:DURATION: 00:00:30
:END:
- The Onion Router (Tor)\cite{tor}
- Helps defend against traffic analysis
- (Routing image)
#+BEGIN_CENTER
#+BEAMER: \only<1>{
#+ATTR_LATEX: :height 1in
[[./images/tp/tor.png]]
#+BEAMER: }
#+BEAMER: \only<2>{
[[./images/tp/tor-diagram.png]]
#+BEAMER: }
#+END_CENTER
- <1> The Onion Router (Tor)\cite{tor}
- <1> Helps defend against traffic analysis
#+BEGIN_COMMENT
Most here have probably heard of Tor.
Its purpose is to protect against certain kinds of traffic analysis.
"Tor" stands for "The Onion Router",
which describes how it relays data through the Tor network.
The packet is routed through a number of servers,
encrypted with the public key of each server such that the first hop
strips off the first layer and so on.
strips off the first layer and so on,
like an onion.
The exit node reveals the packet and delivers it to the destination,
then begins relaying the reply back to through the network to the user.
then begins relaying the reply back to through the network to the
requesting user.
As long as a sufficient portion of the network can be trusted and has not
been compromised by an adversary,
it isn't possible to trace data back through the network.
The most common use of Tor is to route web traffic.
Many nodes block most other ports.
It's also possible to resolve DNS requests through Tor.
There are lots of other details that I don't have time to get to here,
but I provide a number of resources for you.
#+END_COMMENT
**** DRAFT TorBrowser, Tails, and Whonix
**** REVIEWED TorBrowser, Tails, and Whonix
:PROPERTIES:
:DURATION: 00:02
:DURATION: 00:01
:END:
- <1-> Tor alone isn't enough
- <1-> Browser needs to be hardened
- <2-> TorBrowser is a hardened Firefox derivative
- <1-> Operating System needs to be hardened
- <2-> Tails, Whonix
#+BEGIN_CENTER
#+BEAMER: \only<2>{
#+ATTR_LATEX: :height 1in
[[./images/tp/torbrowser.png]]
#+BEAMER: }
#+BEAMER: \only<3>{
#+ATTR_LATEX: :height 1in
[[./images/tp/tails.png]]
#+BEAMER: }
#+BEAMER: \only<4>{
#+ATTR_LATEX: :height 1in
[[./images/tp/whonix.png]]
#+BEAMER: }
#+END_CENTER
#+BEAMER: \only<1>{
- Also need to change browsing habits\cite{whonix:donot}
#+BEAMER: }
#+BEAMER: \only<2>{
- Browser needs to be hardened
- Remember: browser leaks a lot of
data\cite{panopti:about,eff:browser-uniqueness}
- TorBrowser is a hardened Firefox derivative\cite{tor:browser,tor:browser-design}
#+BEAMER: }
#+BEAMER: \only<3->{
- <3-> Operating System needs to be hardened
- <3-> Tails---The Amnesic Incognito Live System\cite{tor:tails}
- <4> Whonix---Multi-layer isolation in VMs\cite{whonix}
#+BEAMER: }
#+BEGIN_COMMENT
Tor alone isn't enough to secure your anonymity.
But Tor alone isn't enough to secure your anonymity.
You also have to change your browsing habits.
That is difficult and nuanced advice to give,
let alone in a mention in a talk,
so I defer to my citations.
For some people, that's enough.
If your threat model involves only advertisers and other snoopers,
you might be okay with Tor and privacy extensions.
For nearly all of my Web traffic,
that's what I care about.
But if you're a dissident,
and your life is in danger,
you have more work to do.
If you are worried about government surveillance or cracking,
you have more work to do.
It's hard to secure a web browser.
@ -1334,9 +1839,23 @@ TorBrowser is a hardened version of Firefox.
The Tor browser recommends that you don't rely on a vanilla Firefox for
anonymity with Tor.
Tails...
The operating system needs hardening.
There are two major options.
The first one is Tails: The Amnesic Incognito Live System.
It is an ephemeral OS that you can simply boot from USB on any PC.
It routes all traffic through the Tor network.
Whonix...
The second is Whonix.
It is not ephemeral: it requires a host OS (or hypervisor) and runs two VMs:
one is the guest that the user uses as a desktop,
and the other is the VM it routes all traffic through,
which goes through Tor.
If the guest the user is using is compromised,
an attacker cannot subvert the Tor network.
There's obvious tradeoffs there for both;
I encourage you to look into both before deciding which is best for your
threat model.
#+END_COMMENT