28 KiB
The Surreptitious Assault on Privacy, Security, and Freedom
#+BEGIN_COMMENT
| ITEM | DURATION |
|---|---|
| * Introduction / Opening | 00:00:30 |
* Mobile [0/5] |
0:04 |
| ** Introduction | 0:00 |
| * Introduction | 00:00:30 |
** Cell Towers [0/2] |
00:01 |
| * Fundamentally Needed | |
| * Cell-Site Simulators | |
** Wifi [0/1] |
0:01 |
| * Wifi | 00:01 |
** Location Services [0/2] |
00:01 |
| * GPS | |
| * Access Points | |
** Operating System [0/1] |
0:01 |
| * Untrusted/Proprietary OS | 00:01 |
* Stationary [0/5] |
0:08 |
** Introduction [0/1] |
0:00 |
| * Introduction | 00:00:30 |
** Surveillance Cameras [0/2] |
0:00 |
| * Unavoidable | |
| * Access to Data | 00:00:30 |
** Internet of Things [0/4] |
0:04 |
| * Wide Open | 00:00:30 |
| * Lack of Security | 00:01:30 |
| * Who's Watching? | 00:00:30 |
| * Facial Recognition | 00:01 |
** Social Media [0/1] |
0:01 |
| * Collateral Damage | 00:01 |
** Driving [0/3] |
0:02 |
| * Introduction | 00:00:30 |
| * ALPRs | 00:01 |
| * Car Itself | 00:00:30 |
* The Web [0/6] |
0:12 |
** Introduction [0/1] |
|
| * Introduction | |
** Bridging the Gap [0/1] |
0:01 |
| * Ultrasound Tracking | 00:01 |
** Incentive to Betray [0/1] |
0:00 |
| * Summary | 00:00:30 |
** Analytics [0/2] |
0:02 |
| * Trackers | 00:01 |
| * Like Buttons | 00:01 |
** Fingerprinting [0/2] |
0:04 |
| * Summary | 00:03 |
| * Browser Addons | 00:01 |
** Anonymity [0/3] |
0:04 |
| * Summary | 00:01 |
| * The Tor Network | 00:01 |
| * TorBrowser, Tails, and Whonix | 00:02 |
* Data Analytics [0/2] |
0:04 |
** Introduction [0/1] |
0:00 |
| * Introduction | 00:00 |
** Headings [0/3] |
0:04 |
| * Advertisers | 00:02 |
| * Social Media | 00:01 |
| * Governments | 00:00:30 |
* Policy and Government [0/6] |
0:12 |
** Introduction [0/1] |
0:00 |
| * Introduction | 00:00:30 |
** Surveillance [0/4] |
0:06 |
| * History of NSA Surveillance | 00:02 |
| * Verizon Metadata | 00:00:30 |
| * Snowden | 00:01 |
| * Tools | 00:02 |
** Crypto Wars [0/3] |
0:03 |
| * Introduction | 00:00 |
| * Bernstein v. United States | 00:01 |
| * Makes Us Less Safe | 00:02 |
** Espionage [0/1] |
0:01 |
| * US Can't Keep Its Own Secrets | 00:01 |
** Subpoenas, Warrants, NSLs [0/1] |
0:01 |
| * National Security Letters | 00:01 |
** Law [0/1] |
0:01 |
| * Summary | 00:01 |
* Your Fight [0/1] |
0:05 |
** Headings [0/5] |
0:05 |
| * Feeding | 00:00 |
| * SaaSS and Centralization | 00:01 |
| * Corporate Negligence | 00:01 |
| * Status Quo | 00:02 |
| * Push Back | 00:01 |
| * Local Variabes |
#+END
Remember the themes!: Surreptitious User privacy and security Affects on freedom; chilling effects How free software can help
The big players seem to be the Web and Government. No surprises there.
It would be a good idea to immediately connect with the audience. So: Most everyone has a mobile device. This is the most immediate and relatable since it's physically present with them in their travels. Security cameras et. al. during travel.
So start briefly with the topic of pervasive surveillance? That is what the abstract refers to, after all.
Surreptitious—many audience members won't consider that they're being tracked. But by whom?
Maybe a gentle introduction that gets increasingly more alarming and invasive topic-wise.
GOAL: Captivate; Startle
Introduction / Opening B_fullframe
None of you made it here without being tracked in some capacity. Some of us are still being tracked at this very moment.
…
Let's start with the obvious.
(Note: You're being "tracked", rather than "watched": the latter is too often used and dismissed as tinfoil-hat FUD.)
Mobile [0/5]
Introduction B_ignoreheading
Introduction B_fullframe
<1-> Most people carry mobile phones <1-> Synonymous with individual <2> Excellent tracking devices
How many of you are carrying a mobile phone right now? Probably most of us. They are something we carry with us everywhere; they are computers that are always on. A phone is often synonymous with an individual. In other words: they're excellent tracking devices.
Cell Towers [0/2]
Fundamentally Needed
<1-> Phone needs tower to make and receive calls <2-> Gives away approximate location (can triangulate)
The primary reason is inherent in a phone's design: cell towers. A phone "needs" to be connected to a tower to make and receive calls.
Unless it is off, its connection to the cell tower exposes your approximate location. These data persist for as long as the phone companies are willing to persist it. If it's mined by the NSA, then it might be persisted indefinitely.
Some people don't use phones primarily for this reason.
rms said he might use a phone if it could act as a pager, where he'd only need to expose his location once he is in a safe place. You can imagine that such would be a very useful and important feature for reporters and dissidents as well.
Cell-Site Simulators
<1-> Masquerade as cell towers <2-> (List them) e.g. Stingray
I'm sure many of you have heard of Cell Site Simulators; one of the most popular examples being the Stingray. These devices masquerade as cell towers and can perform a dragnet search for an individual. Your location can be triangulated.
Wifi [0/3]
Wifi
Device may broadcast ESSIDs of past hidden networks Expose unique hardware identifiers (MAC address)
What else is inherent in a modern phone design? A common feature is Wifi.
If you connected to any hidden networks, your phone may broadcast that network name to see if it exists.
Your mobile device could be broadcasting information like past network connections and unique device identifiers (MAC), which can be used to uniquely identify you.
Ubiquitous Access Points
<AP stuff>
Access points increasingly line the streets or are within range in nearby buildings.
Can be incredibly accurate for tracking movements, and it is passive—it requires no software on your device.
Mitigations
Disable Wifi [when not in use] Do not automatically connect to known networks At the very least, not hidden Randomize MAC address
Disable Wifi when not in use. You can also randomize your MAC address, and be sure not to broadcast hidden networks.
Location Services [0/2]
GPS
Often enabled by default Might prompt user, but features are attractive
Programs give excuses to track Location for tweets, photos, nearby friends, etc.
Oh, but what if we do have software on the device? And we do.
Let's talk about location services! Many people find them to be very convenient.
The most popular being GPS. Because of the cool features it permits, it's often enabled. And programs will track your movements just for the hell of it. Or give an excuse to track you.
Access Points
<1-> No GPS? No problem! <2-> AP harvesting (e.g. Google Street View cars) <2-> Works even where GPS and Cell signals cannot penetrate <3> Can be more accurate than GPS (e.g. what store in a shopping mall)
But GPS doesn't need to be available. Have you ever used a map program on a computer that asked for your location? How does it do that without GPS? Google scours the planet recording APs. It knows based on what APs are simply near you where you are. Sometimes this can be more accurate than GPS. And it works where GPS and maybe even cell service don't, such as inside shopping malls.
So having radio and GPS off may not help you. MAC spoofing won't help since software on your device has countless other ways to uniquely identify you—this is active monitoring, unlike previous examples.
Operating System [0/1]
Untrusted/Proprietary OS
The OS situation on mobile is lousy. Does your phone work for Apple? Google? Microsoft? Blackberry? …?
You carry around this computer everywhere you go. And you fundamentally cannot trust it.
I use Replicant. Does anyone here use Replicant? I feel like I can at least trust my phone a little bit. But on nearly every phone, the modem still runs proprietary software. And often times has direct access to disk and memory.
So even with Replicant, I consider the device compromised; I put nothing important on it if I can avoid it.
Stationary [0/5]
Introduction [0/1] B_ignoreheading
Introduction B_fullframe
So let's say you have evaded that type of tracking. Maybe you don't carry a phone. Or maybe you've mitigated those threats in some way.
There's certain things that are nearly impossible to avoid.
Surveillance Cameras [0/2]
Unavoidable
On the way here, you likely walked by numerous security cameras. They could be security cameras for private businesses. Traffic cameras. Cameras on streets to deter crime.
Let's set aside local, state, and federal-owned cameras for a moment and focus on businesses. So a bunch of separate businesses have you on camera. So what?
Access to Data
Well one of the most obvious threats, should it pertain to you, is a subpoena. The best form of privacy is to avoid having the data be collected to begin with. If law enforcement wanted to track you for whatever reason—crime or not!—they could simply subpoena the surrounding area.
Internet of Things [0/4]
Wide Open
In the past, these cameras were "closed-circuit"— they were on their own segregated network. You'd have to subpoena the owner, or otherwise physically take the tape.
Today, that might be the intent, but these cameras are often connected to the Internet for one reason or another. It might be intentional—to view the camera remotely—or it may just be how it is set up by default.
Well… Let's expand our pool of cameras a bit. Because it's not just businesses that use Internet-connected cameras. They're also popular among individuals for personal/home use. Home security systems. Baby monitors.
Lack of Security
Who here has heard of Shodan?
Shodan is a search engine for the Internet of Things. It spiders for Internet-connected devices and indexes them. Okay, that's to be expected. Maybe that wouldn't be a problem if people knew proper NAT configuration that isn't subverted by UPnP. Maybe it wouldn't be a problem if these devices even gave a moment of thought to security.
Anyone heard of Insecam? It's a site that aggregates live video feeds of unsecured IP cameras. I can tell you personally that you feel like a scumbag looking at the site. There's fascinating things on there. And sobering ones. And creepy ones. Restaurants—families eating dinner; chefs preparing food in the back. Public areas—beaches, pools, walkways, city streets. Private areas—inside homes; private businesses. Hotel clerks sitting behind desks on their cell phones. Warehouses. Behind security desks. Behind cash registers. Hospital rooms. Inside surveillance rooms where people watch their surveillance system! With armed guards! Scientific research: people in full dress performing experiments. I saw someone at the dentist getting a teeth cleaning. Anything you can think of. You can literally explore the world. There are some beautiful sights! Absolutely gorgeous. They remove things that are too deeply personal. Assuming someone reports it.
This is an excellent example to demonstrate to others why this is such a big deal.
Who's Watching?
So that's what your average person can do. That's what some of you are going to be doing as soon as you leave this talk, if you haven't started looking already!
That's what law enforcement is going to do. That's what the NSA, GHCQ, et. al. are going to do.
Facial Recognition
Now let's couple that with facial recognition.
Consider the breadth of devices we just covered. Literally everywhere. People don't need to manually look for you anymore; it's automated. Hell, any of us can download a free (as in freedom) library to do facial recognition and train it to recognize people. Facebook famously got creepy by saying it could recognize people by their dress and posture, from behind.
You don't need facial recognition, though. You can also be identified by your gait.
There's a lot to say about IoT. We'll come back to it.
Social Media [0/1]
Collateral Damage
So you don't have any unsecured IoT cameras in your home. Or in this conference. But you do have unsecured people running wild with their photos and their selfies.
I'm sure you've heard a frequent request/demand from rms: "Don't put pictures of me on Facebook." This applies to all social media, really. I just mentioned facial recognition— this is precisely what Facebook (for example) made it for! To identify people you might know to tag them. It's excellent surveillance. What irks me is when people try to take pictures of my kids, or do and ask if they can put them online. Uh, no. You cannot. And people are sometimes surprised by that refusal.
Most people are being innocent— they're just trying to capture the moment. What they're actually doing is inflicting collateral damage. If I'm off in the background when you take a picture of your friends in the foreground, I'm still in the photo.
Driving [0/3]
Introduction B_fullframe
Okay. So you have no phone. You sneak around public areas like a ninja. Like a vampire, you don't show up in photos. And you have no friends.
So how else can I physically track you in your travels here?
Well if you flew here, then your location is obviously known. That's not even worth discussing.
But what about if you drove?
ALPRs
ALPRs possibly tracked your movements. Automated License Plate Readers.
<…>
Maybe you try to evade them with special license plate covers. If need be, one could just track you by other unique features of your vehicle. And those might not just be law enforcement.
Security issues extend to this too! <Mention EFF's project>
You could rent a car. But the rental place probably took your name, license, and other information. You could take a cab and pay with cash. But that can get expensive. And they might have cameras and such anyway.
Car Itself
Maybe your car itself is a tracking device (e.g. OnStar).
(Move into Mobile?)
<…>
The Web [0/6]
Introduction [0/1] B_ignoreheading
Introduction B_fullframe
But you're not just tracked in the flesh. Much of what we do today is virtual. What better way to segue than to bridge the two?
Bridging the Gap [0/1]
Ultrasound Tracking
A challenge for advertisers is correlating users across multiple devices, and in the real world.
Let's say you saw a commercial for some product Foo on TV. And then you went online to research Foo. And then you bought Foo.
Sometimes commercials have you enter promo codes online to know that you arrived at the site from a TV commercial. Or give you a unique URL.
Others play inaudible sounds that are picked up by your mobile device or computer.
<…>
Incentive to Betray [0/1]
Summary B_fullframe
So how does tracking happen? How does this tracking code get on so much of the web?
Incentives to betray users.
Many websites make money through advertising. It can be lucrative. And it's easy to do.
Analytics [0/2]
Trackers
Site analytics is another issue. Website owners want to know what their visitors are doing. That in itself isn't an unreasonable thing broadly speaking, but how you go about it and what types of data you collect defines the issue.
Take Google Analytics for example. A very popular proprietary analytics service. It is one of the most widely distributed malware programs in the world.
<<examples of how GA tracks>>
And all of this is known to Google. All of this can be used to identify users across the entire web.
<<list others>>
If you must track your users, consider using Piwik, which you can host yourself.
Like Buttons
Another popular example are "like buttons" and similar little widgets that websites like Facebook offer. If a user is logged into Facebook, then Facebook now knows that they visited that website, even if they don't click on the button.
But even if you don't have a Facebook account, information is being leaked to them you are still being tracked.
Addons like Privacy Badger will block these.
Fingerprinting [0/2]
Summary B_fullframe
These methods are part of a broader topic called "browser fingerprinting". It's just what it sounds like: uniquely identify users online. It's alarmingly effective.
<<general fingerprinting stuff>>
<<hardware-fingerprint>> Some methods allow fingerprinting even if the user uses multiple browsers and takes care to clear all session data. They can do this by effectively breaking out of the browser's sandbox by doing operations that depend heavily on specifics of users' hardware.
Browser Addons
(Merge into other sections?)
So how do we avoid this type of tracking?
<<Talk about browser addons>>.
Anonymity [0/3]
Summary B_fullframe
Another way is to be anonymous or pseudononymous. In the latter case, you assume a pseudoynm online and perform only activities that should be associated with that pseudonym. In the former case, there should be no way to ever correlate past or future actions with your current session.
This is a difficult topic that's pretty dangerous to give advice on if you have strong need for anonymity—for example, if you are a dissident or whistleblower. If your life depends on anonymity, please do your own research. I provide a number of resources to get you started.
The Tor Network
Most here have probably heard of Tor. "Tor" stands for "The Onion Router", which describes how it relays data through the Tor network.
The packet is routed through a number of servers, encrypted with the public key of each server such that the first hop strips off the first layer and so on. The exit node reveals the packet and delivers it to the destination, then begins relaying the reply back to through the network to the user.
As long as a sufficient portion of the network can be trusted and has not been compromised by an adversary, it isn't possible to trace data back through the network.
The most common use of Tor is to route web traffic. Many nodes block most other ports. It's also possible to resolve DNS requests through Tor.
There are lots of other details that I don't have time to get to here, but I provide a number of resources for you.
TorBrowser, Tails, and Whonix
Tor alone isn't enough to secure your anonymity.
It's hard to secure a web browser. <links>
TorBrowser is a hardened version of Firefox. The Tor browser recommends that you don't rely on a vanilla Firefox for anonymity with Tor.
Tails…
Whonix…
Data Analytics [0/2]
Introduction [0/1] B_ignoreheading
Introduction B_fullframe
We've seen adversaries with different motives. Let's explore what some of them do with all those data.
Headings [0/3]
Advertisers
The biggest threat to privacy to the average user is by companies that aggregate data for the purpose of understanding you. Probably better than you understand you. I'm sure many of you heard of the story of Target knowing a girl was pregnant before she did.
<<user profiles>>
Social Media
(Where you are, what you do.)
Governments
(Segue into government surveillance.)
Policy and Government [0/6]
Introduction [0/1] B_ignoreheading
Introduction B_fullframe
Where to begin.
Governments have a duty to protect their people. But they also have a duty to know their bounds; to respect citizens' rights and privacy.
We know how that story goes.
Surveillance [0/4]
History of NSA Surveillance
(EFF, <<Klein v. NSA>>)
Verizon Metadata
(Add date)
…
Snowden
…
Tools
XKeyscore and others Exploits Hardware Intercepting shipments Etc.
Crypto Wars [0/3]
Introduction B_fullframe
All of that happened behind our backs.
But there is also a war being waged in public. As if we haven't learned from the past. The Crypto wars.
Bernstein v. United States
… (Include export-grade crypto) (Code is speech)
Makes Us Less Safe
Apple v. FBI
Backdoors Clipper chip LOGJAM, etc from export-grade crypto VEP
Espionage [0/1]
US Can't Keep Its Own Secrets
Office of Personnel Management DNC
Subpoenas, Warrants, NSLs [0/1]
National Security Letters
Gag orders Prior restraint Canaries
Law [0/1]
Summary B_fullframe
DMCA Risks to security researchers Draconian CFAA
Your Fight [0/1]
Headings [0/5]
Feeding B_fullframe
We're feeding into all of this!
SaaSS and Centralization
Be sure to mention Cloudbleed and S3 Who has access to your data? The "Cloud"
Corporate Negligence
Companies don't care. They'll balance costs of failure to comply with regulation. Is it cheaper just to pay up in the event of a data breach?
Governments try, sort of. They need to catch up with the times. <<sec regulations>>
<<large-scale breaches>>
(Tie into SaaSS)
Status Quo
You would think after the Snowden revelations that people would be more privacy-centric.
Some are. Many aren't. There is complacency with the status quo. Everything is so convenient.
"I have nothing to hide." A common argument. One that can be notoriously hard to address.
"Report anything suspicious." (Example of mathematician on plane.)
These all have chilling effects, conscious or not. <<Wikipedia articles>>
I hope I've convinced you that the status quo cannot hold. That even people who aren't that privacy- or security-conscious recognize that there are risks not only at a personal level, but also national and global.
Push Back
We need to push back.
Good crypto; no trust Lawmakers: this is not something we can win while we fight with our governments.