From 4f1487211b91c3a8a618c887c07fec28dfbf871c Mon Sep 17 00:00:00 2001 From: Mike Gerwitz Date: Mon, 6 Mar 2017 23:57:38 -0500 Subject: [PATCH] slides.org (The Web): Initial note breakout --- slides.org | 165 +++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 127 insertions(+), 38 deletions(-) diff --git a/slides.org b/slides.org index fb281d4..493c392 100644 --- a/slides.org +++ b/slides.org @@ -42,7 +42,7 @@ | **** Free/Libre Mobile OS? | | DRAFT | | | **** Modem | | DRAFT | | |-----------------------------------------------+----------+---------+---------------| -| ** Stationary [0/5] | | RAW | | +| ** Stationary [0/5] | | LACKING | | |-----------------------------------------------+----------+---------+---------------| | *** Introduction [0/1] | | DRAFT | ignoreheading | | **** Introduction | 00:00:30 | DRAFT | fullframe | @@ -65,29 +65,33 @@ | **** ALPRs | 00:01 | LACKING | | | **** Car Itself | 00:00:30 | LACKING | | |-----------------------------------------------+----------+---------+---------------| -| ** The Web [0/6] | | RAW | | +| ** The Web [0/6] | | LACKING | | |-----------------------------------------------+----------+---------+---------------| -| *** Introduction [0/1] | | RAW | ignoreheading | -| **** Introduction | | RAW | fullframe | +| *** Introduction [0/1] | | DRAFT | ignoreheading | +| **** Introduction | | DRAFT | fullframe | |-----------------------------------------------+----------+---------+---------------| -| *** Bridging the Gap [0/1] | | RAW | | -| **** Ultrasound Tracking | 00:01 | RAW | | +| *** Bridging the Gap [0/1] | | LACKING | | +| **** Ultrasound Tracking | 00:01 | LACKING | | |-----------------------------------------------+----------+---------+---------------| -| *** Incentive to Betray [0/1] | | RAW | | -| **** Summary | 00:00:30 | RAW | fullframe | +| *** Incentive to Betray [0/1] | | DRAFT | | +| **** Summary | 00:00:30 | DRAFT | fullframe | |-----------------------------------------------+----------+---------+---------------| -| *** Analytics [0/2] | | RAW | | -| **** Trackers | 00:01 | RAW | | -| **** Like Buttons | 00:01 | RAW | | +| *** Analytics [0/2] | | LACKING | | +| **** Trackers | 00:01 | LACKING | | +| **** Like Buttons | 00:01 | DRAFT | | |-----------------------------------------------+----------+---------+---------------| -| *** Fingerprinting [0/2] | | RAW | | -| **** Summary | 00:03 | RAW | fullframe | -| **** Browser Addons | 00:01 | RAW | | +| *** Fingerprinting [0/3] | | LACKING | | +| **** Summary | | DRAFT | | +| **** Alarmingly Effective | 00:03 | LACKING | fullframe | +| **** Browser Addons | 00:01 | LACKING | | |-----------------------------------------------+----------+---------+---------------| -| *** Anonymity [0/3] | | RAW | | -| **** Summary | 00:01 | RAW | fullframe | -| **** The Tor Network | 00:01 | RAW | | -| **** TorBrowser, Tails, and Whonix | 00:02 | RAW | | +| *** Anonymity [0/4] | | LACKING | | +| **** Summary | 00:01 | LACKING | fullframe | +| ***** TODO Anonymity | | | | +| ***** TODO Pseudonymity | | | | +| **** IANAAE | | DRAFT | fullframe | +| **** The Tor Network | 00:01 | LACKING | | +| **** TorBrowser, Tails, and Whonix | 00:02 | LACKING | | |-----------------------------------------------+----------+---------+---------------| | ** Data Analytics [0/2] | | LACKING | | |-----------------------------------------------+----------+---------+---------------| @@ -701,25 +705,37 @@ Maybe your car itself is a tracking device (e.g. OnStar). #+END_COMMENT -** RAW The Web [0/6] -*** RAW Introduction [0/1] :B_ignoreheading: +** LACKING The Web [0/6] +*** DRAFT Introduction [0/1] :B_ignoreheading: :PROPERTIES: :BEAMER_env: ignoreheading :END: -**** RAW Introduction :B_fullframe: +**** DRAFT Introduction :B_fullframe: :PROPERTIES: :BEAMER_env: fullframe :END: + +- Much of our lives are no longer in the flesh +- Or have some non-fleshy (virtual) analog + +#+BEGIN_COMMENT But you're not just tracked in the flesh. Much of what we do today is virtual. What better way to segue than to bridge the two? +#+END_COMMENT -*** RAW Bridging the Gap [0/1] -**** RAW Ultrasound Tracking + +*** LACKING Bridging the Gap [0/1] +**** LACKING Ultrasound Tracking :PROPERTIES: :DURATION: 00:01 :END: +- <1-> How do you bridge that analog? +- <2-> Particularly insidious example: ultrasound tracking + - <2-> Correlates users across devices + +#+BEGIN_COMMENT A challenge for advertisers is correlating users across multiple devices, and in the real world. @@ -735,14 +751,21 @@ Others play inaudible sounds that are picked up by your mobile device or computer. <...> +#+END_COMMENT -*** RAW Incentive to Betray [0/1] -**** RAW Summary :B_fullframe: +*** DRAFT Incentive to Betray [0/1] +**** DRAFT Summary :B_fullframe: :PROPERTIES: :DURATION: 00:00:30 :BEAMER_env: fullframe :END: + +#+BEGIN_CENTER +There is strong incentive to betray +#+END_CENTER + +#+BEGIN_COMMENT So how does tracking happen? How does this tracking code _get_ on so much of the web? @@ -751,13 +774,20 @@ Incentives to betray users. Many websites make money through advertising. It can be lucrative. And it's _easy_ to do. +#+END_COMMENT -*** RAW Analytics [0/2] -**** RAW Trackers + +*** LACKING Analytics [0/2] +**** LACKING Trackers :PROPERTIES: :DURATION: 00:01 :END: +- <1-> Website owners want to know what their visitors are doing + - <1-> That in itself isn't an unreasonable concept +- <2-> Methods and data define the issue + +#+BEGIN_COMMENT Site analytics is another issue. Website owners want to know what their visitors are doing. That in itself isn't an unreasonable thing broadly speaking, @@ -777,12 +807,19 @@ All of this can be used to identify users across the entire web. If you must track your users, consider using Piwik, which you can host yourself. +#+END_COMMENT -**** RAW Like Buttons + +**** DRAFT Like Buttons :PROPERTIES: :DURATION: 00:01 :END: +- <1-> Services encourage use of "like" buttons and such +- <1-> Infecting the web with trackers under the guise of community +- <2-> **Use Privacy Badger** + +#+BEGIN_COMMENT Another popular example are "like buttons" and similar little widgets that websites like Facebook offer. If a user is logged into Facebook, @@ -794,17 +831,31 @@ But even if you don't have a Facebook account, you are still being tracked. Addons like Privacy Badger will block these. +#+END_COMMENT -*** RAW Fingerprinting [0/2] -**** RAW Summary :B_fullframe: + +*** LACKING Fingerprinting [0/3] +**** DRAFT Summary :B_fullframe: +#+BEGIN_CENTER + Browser Fingerprinting +#+END_CENTER + +#+BEGIN_COMMENT +These methods are part of a broader topic called "browser fingerprinting". +It's just what it sounds like: + uniquely identify users online. +#+END_COMMENT + + +**** LACKING Alarmingly Effective :PROPERTIES: :DURATION: 00:03 :BEAMER_env: fullframe :END: -These methods are part of a broader topic called "browser fingerprinting". -It's just what it sounds like: - uniquely identify users online. +- TODO + +#+BEGIN_COMMENT It's alarmingly effective. <> @@ -814,25 +865,33 @@ Some methods allow fingerprinting even if the user uses multiple browsers and takes care to clear all session data. They can do this by effectively breaking out of the browser's sandbox by doing operations that depend heavily on specifics of users' hardware. +#+END_COMMENT + -**** RAW Browser Addons +**** LACKING Browser Addons :PROPERTIES: :DURATION: 00:01 :END: +- TODO + +#+BEGIN_COMMENT (Merge into other sections?) So how do we avoid this type of tracking? <>. +#+END_COMMENT -*** RAW Anonymity [0/3] -**** RAW Summary :B_fullframe: +*** LACKING Anonymity [0/4] +**** LACKING Summary :B_fullframe: :PROPERTIES: :DURATION: 00:01 :BEAMER_env: fullframe :END: + +#+BEGIN_COMMENT Another way is to be anonymous or pseudononymous. In the latter case, you assume a pseudoynm online and perform only activities that should be @@ -840,19 +899,43 @@ In the latter case, In the former case, there should be no way to ever correlate past or future actions with your current session. +#+END_COMMENT +***** TODO Anonymity +Foo + +***** TODO Pseudonymity +Bar + + +**** DRAFT IANAAE :B_fullframe: +:PROPERTIES: +:BEAMER_env: fullframe +:END: + +#+BEGIN_CENTER + IANAAE (I Am Not An Anonymity Expert) +#+END_CENTER + +#+BEGIN_COMMENT This is a difficult topic that's pretty dangerous to give advice on if you have strong need for anonymity---for example, if you are a dissident or whistleblower. If your life depends on anonymity, please do your own research. I provide a number of resources to get you started. +#+END_COMMENT -**** RAW The Tor Network +**** LACKING The Tor Network :PROPERTIES: :DURATION: 00:01 :END: + +- The Onion Router (Tor) +- ... + +#+BEGIN_COMMENT Most here have probably heard of Tor. "Tor" stands for "The Onion Router", which describes how it relays data through the Tor network. @@ -873,12 +956,17 @@ It's also possible to resolve DNS requests through Tor. There are lots of other details that I don't have time to get to here, but I provide a number of resources for you. +#+END_COMMENT -**** RAW TorBrowser, Tails, and Whonix +**** LACKING TorBrowser, Tails, and Whonix :PROPERTIES: :DURATION: 00:02 :END: + +- TODO + +#+BEGIN_COMMENT Tor alone isn't enough to secure your anonymity. It's hard to secure a web browser. @@ -891,6 +979,7 @@ The Tor browser recommends that you don't rely on a vanilla Firefox for Tails... Whonix... +#+END_COMMENT ** LACKING Data Analytics [0/2]