Online Privacy, the next Battleground

Online Privacy, the next Battleground

Dominic White, SensePost

1

About Me •  Dominic White

–  Security guy talking about privacy

–  Work: •  Consulting @ SensePost •  http://www.sensepost.com/blog/

–  Academic •  MSc Computer Security

–  Personal •  http://singe.za.net/ •  @singe

2

3

Agenda

•  What’s Changed

•  Defining Privacy & Private Data

•  Collecting Online Private Information

•  Online Privacy Attacks

•  Defences

What’s changed?

•  Initial reactions were based on new technology to record and disseminate information

•  Later reactions driven by active recording from governments and companies

•  Today, many lives are no longer just recorded online, but lived online

4

Reactions to New Technology

“[Recent inventions] have invaded the sacred precincts of private and domestic life; and numerous mechanical devices threaten to make good the prediction that "what is whispered in the closet shall be proclaimed from the house-tops.“ Warren and Brandeis “The Right to Privacy”

1890

5

Total Information Awareness Post 9/11 project to: “[Create] enormous computer databases to

gather and store the personal information of everyone in the United States, including personal e-mails, social network analysis, credit card records, phone calls, medical records, and numerous other sources, without any requirement for a search warrant. Additionally, the program included funding for biometric surveillance technologies that could identify and track individuals using surveillance cameras, and other methods.”

6 https://secure.wikimedia.org/wikipedia/en/wiki/Information_Awareness_Office

Your Typical Day Plan Day

Check Mail

Plan Route

Doctor’s Appointment

Write Report

Phone a Friend

Visit Friends

Watch TV

Google Calendar

Gmail

Google Maps

Google Health

Google Docs

Google Voice

Google Latitude

YouTube

7

Follow the Money

The primary business model of today’s most successful corporation is the monetisation of the mass collection,

correlation & analysis of individual private data

8

Private Info Monetised •  Acxiom – 750 billion pieces of information or 1 500 facts

on ½ billion people –  Correlate ‘consumer’ info from signups, surveys, magazine

subscriptions –  $1.38 billion turnover for 2008 FY

•  Colligent – Actionable consumer research derived from social networks

•  Rapleaf – 450 million social network profiles –  Submit request and aggregated social network profiles returned

within a day •  Phorm

–  uses "behavioural keywords" - keywords derived from a combination of search terms, URLs and even contextual page analysis, over time - to find the right users.

9

10

Agenda

•  What’s Changed

•  Defining Privacy & Private Data

•  Collecting Online Private Information

•  Online Privacy Attacks

•  Defences

What is Privacy •  Privacy is misunderstood, undefined, arbitrary and

disregarded •  Many people don’t care about online privacy, the few who do

are accused of extremism •  Poor understanding of actual threats

•  What do you think privacy is? –  Secrecy,Concealment,Seclusion,Solitude,Confidentiality,Anonymity –  Prejudicial Information –  Personally Identifiable Information (PII) –  Whatever you want

•  Intuitionist approaches abound

11

Privacy in Philosophy

•  No single answer •  One century of philosophy and law summarized as:

1.  Privacy as Control over Information 2.  Privacy as Human Dignity 3.  Privacy as Intimacy 4.  Privacy as Social Relationships 5.  Privacy as Restricted Access 6.  Privacy as Plurality

12

Private Data Defined •  Isn’t Privacy just Security applied to a data subset?

The “C” in CIA? •  Keeping something private is not keeping something

secret •  Implies access control & authorised use •  Example:

–  Credit card number used to pay for Pizza •  Access control : employee at Pizzeria •  Authorised use: pay for my order

–  Privacy Violation •  Employee shares number with fraudster •  Company sells purchase detail to third party •  Additional facts deduced through data mining

13

Aggregation, Correlation & Meta-Data

Online Privacy Leaks

White’s Taxonomy of Online Privacy Invasion

14

Application Data

Rich Browser Environments

Cross Site Tracking

Web Request

Application Stack Danger

Taxonomy | Web Request

•  A single web request, e.g. an image on a website •  One webpage is made of multiple requests

•  What they can find out –  Location (Latitude, Longitude, City, Country) –  Language –  Operating System & Browser used –  What site you came from –  Internet Service Provider –  Have you been here before?

15

Web Request

Taxonomy | Cross Site Tracking

•  Using cookies to track across computers and affiliated sites

•  Cookie is stored on your computer and sent with every request

•  Cookies usually associated with logon details

•  What they can find out –  Who you are –  What sites you visit (affiliates) –  Behavioral profiles

16

Cross Site Tracking

Advertisers Allowing Opt-Out •  Acerno •  Adtech •  Advertising.com •  AOL •  Akamai •  AlmondNet •  Atlas •  Microsoft •  Audience Science •  Blue Kai •  Bluestreak

Source: www.dubfire.net/opt-out/

•  Next Action •  NexTag •  Media 6 Degrees •  Media Math •  MindSet Media •  Nielsen Online •  Omniture •  OpenX •  PrecisionClick •  Safecount •  Question Market •  Smart Adserver

17

•  BrightRoll •  BTBuckets •  Collective Media •  Cossette •  Eyeblaster •  Exelator •  Fox Audience

Network •  Google •  Doubleclick •  interCLICK •  Lotame

•  Tacoda Audience Networks

•  Traffic Marketplace

•  Tribal Fusion •  Exponential •  Turn •  Undertone

Networks •  Zedo •  ValueClick •  Mediaplex •  [x+1]

Taxonomy | Rich Browser Environments

•  Rich Web 2.0 Technologies –  JavaScript / AJAX –  Flash / Silverlight

•  What they can find out –  Browser history –  Clipboard data –  Key presses –  Visual stimulus –  Browser plug-ins –  Desktop display preferences

18

Rich Browser Environments

CSS History Hack

available at http://singe.za.net/privacy/privacy.html modified from http://ha.ckers.org/weird/CSS-history.cgi stolen from http://blackdragon.jungsonnstudios.com/

19

Taxonomy | Application Data •  Rich information inputs •  Structured & unstructured data (previously only structured)

–  Search requests –  E-mails –  Calendar items –  Instant Message Communications

•  What they can find out –  Who you are –  Who your friends are –  What you’re doing on Sunday –  Your interests

20

Application Data

Application Data Example

21

•  Search logs •  Far less information rich than e-mail •  Or are they …

•  “Anonymised” search logs released by AOL •  AOL User 4417749

•  Thelma Arnold •  Lilburn, Georgia

Taxonomy | Aggregation, Correlation & Meta -Data •  Combining the previous levels •  Meta - Data – Include interactions with applications •  Aggregation – combining the information from various

sources •  Correlation – normalising entities across sources •  Provides information you may not be aware of

–  e.g. Advertising profile

•  What they can find out –  Social networks –  Behavioural profiles –  Psychological profiles –  Deep databases

22

Aggregation, Correlation & Meta-

Data

23

Agenda

•  What’s Changed

•  Defining Privacy & Private Data

•  Collecting Online Private Information

•  Online Privacy Attacks

•  Defences

Correlation Demo •  Demo - How much information do you really leak publicly

–  Name and Surname •  Known aliases

–  Contacts •  Email addresses •  Physical location / street address •  Phone numbers

–  Physical / Mobile –  IM/Skype details

–  Associations and memberships (social networks + real life) –  Education –  Employment history –  Profiles of

•  Family •  Friends

24

Meta Data Demo

•  Data you may not be aware of leaking •  Complex insights into relationships available

•  Social network example –  Twitter –  Facebook

25

26

Agenda

•  What’s Changed

•  Defining Privacy & Private Data

•  Collecting Online Private Information

•  Online Privacy Attacks

•  Defences

Threat Information •  Information leads to more information

–  Don’t view info in isolation •  Simple leaks become fixation points for correlation

–  Just mentioning a child’s name… •  Combining information leads to new, possibly undisclosed

information

•  You leak more than you know •  Don’t trust people based on their knowledge of you •  View your disclosures as a whole (think correlation points) •  Err on the side of caution, you can’t undo a leak

27

Defences •  Connection

–  MAC rotation –  Secured Medium –  Egress Firewall Filtering

•  Network –  VPN: Prevents local

disclosure, Easy to spot –  Covert Channels: DNS, ICMP,

Steganography –  Proxies –  TOR

•  Web Browser –  SRWare –  NoScript –  CookieButton

•  Applications –  Don’t use if possible –  Don’t Identify –  Limit your disclosure –  Limit public disclosure –  Ensure authoritative source

•  Correlation/Aggregation –  Temporary Information (e.g.

Mailinator) –  False Information (e.g.

FaceCloak) –  Split Across Providers –  Isolate cross-web invaders

•  Plan for privacy breach! –  Request removal, offload risk,

change details, muddy waters

29

QUESTIONS? Thanks to Paterva, Chris Sumner & Moxie Marlinspike

31