29
Online Privacy, the next Battleground Dominic White, SensePost 1

Online Privacy, the next Battleground

Embed Size (px)

DESCRIPTION

Presentation by Dominic White at ISSA in 2010. This presentation is about online privacy. The presentation begins with a look at what privacy is. Where online privacy leaks occur and the implications of the leaks are discussed. The presentation ends with a brief discussion on how you can protect your online privacy.

Citation preview

Page 1: Online Privacy, the next Battleground

Online Privacy, the next Battleground

Dominic White, SensePost

1

Page 2: Online Privacy, the next Battleground

About Me •  Dominic White

–  Security guy talking about privacy

–  Work: •  Consulting @ SensePost •  http://www.sensepost.com/blog/

–  Academic •  MSc Computer Security

–  Personal •  http://singe.za.net/ •  @singe

2

Page 3: Online Privacy, the next Battleground

3

Agenda

•  What’s Changed

•  Defining Privacy & Private Data

•  Collecting Online Private Information

•  Online Privacy Attacks

•  Defences

Page 4: Online Privacy, the next Battleground

What’s changed?

•  Initial reactions were based on new technology to record and disseminate information

•  Later reactions driven by active recording from governments and companies

•  Today, many lives are no longer just recorded online, but lived online

4

Page 5: Online Privacy, the next Battleground

Reactions to New Technology

“[Recent inventions] have invaded the sacred precincts of private and domestic life; and numerous mechanical devices threaten to make good the prediction that "what is whispered in the closet shall be proclaimed from the house-tops.“ Warren and Brandeis “The Right to Privacy”

1890

5

Page 6: Online Privacy, the next Battleground

Total Information Awareness Post 9/11 project to: “[Create] enormous computer databases to

gather and store the personal information of everyone in the United States, including personal e-mails, social network analysis, credit card records, phone calls, medical records, and numerous other sources, without any requirement for a search warrant. Additionally, the program included funding for biometric surveillance technologies that could identify and track individuals using surveillance cameras, and other methods.”

6 https://secure.wikimedia.org/wikipedia/en/wiki/Information_Awareness_Office

Page 7: Online Privacy, the next Battleground

Your Typical Day Plan Day

Check Mail

Plan Route

Doctor’s Appointment

Write Report

Phone a Friend

Visit Friends

Watch TV

Google Calendar

Gmail

Google Maps

Google Health

Google Docs

Google Voice

Google Latitude

YouTube

7

Page 8: Online Privacy, the next Battleground

Follow the Money

The primary business model of today’s most successful corporation is the monetisation of the mass collection,

correlation & analysis of individual private data

8

Page 9: Online Privacy, the next Battleground

Private Info Monetised •  Acxiom – 750 billion pieces of information or 1 500 facts

on ½ billion people –  Correlate ‘consumer’ info from signups, surveys, magazine

subscriptions –  $1.38 billion turnover for 2008 FY

•  Colligent – Actionable consumer research derived from social networks

•  Rapleaf – 450 million social network profiles –  Submit request and aggregated social network profiles returned

within a day •  Phorm

–  uses "behavioural keywords" - keywords derived from a combination of search terms, URLs and even contextual page analysis, over time - to find the right users.

9

Page 10: Online Privacy, the next Battleground

10

Agenda

•  What’s Changed

•  Defining Privacy & Private Data

•  Collecting Online Private Information

•  Online Privacy Attacks

•  Defences

Page 11: Online Privacy, the next Battleground

What is Privacy •  Privacy is misunderstood, undefined, arbitrary and

disregarded •  Many people don’t care about online privacy, the few who do

are accused of extremism •  Poor understanding of actual threats

•  What do you think privacy is? –  Secrecy,Concealment,Seclusion,Solitude,Confidentiality,Anonymity –  Prejudicial Information –  Personally Identifiable Information (PII) –  Whatever you want

•  Intuitionist approaches abound

11

Page 12: Online Privacy, the next Battleground

Privacy in Philosophy

•  No single answer •  One century of philosophy and law summarized as:

1.  Privacy as Control over Information 2.  Privacy as Human Dignity 3.  Privacy as Intimacy 4.  Privacy as Social Relationships 5.  Privacy as Restricted Access 6.  Privacy as Plurality

12

Page 13: Online Privacy, the next Battleground

Private Data Defined •  Isn’t Privacy just Security applied to a data subset?

The “C” in CIA? •  Keeping something private is not keeping something

secret •  Implies access control & authorised use •  Example:

–  Credit card number used to pay for Pizza •  Access control : employee at Pizzeria •  Authorised use: pay for my order

–  Privacy Violation •  Employee shares number with fraudster •  Company sells purchase detail to third party •  Additional facts deduced through data mining

13

Page 14: Online Privacy, the next Battleground

Aggregation, Correlation & Meta-Data

Online Privacy Leaks

White’s Taxonomy of Online Privacy Invasion

14

Application Data

Rich Browser Environments

Cross Site Tracking

Web Request

Application Stack Danger

Page 15: Online Privacy, the next Battleground

Taxonomy | Web Request

•  A single web request, e.g. an image on a website •  One webpage is made of multiple requests

•  What they can find out –  Location (Latitude, Longitude, City, Country) –  Language –  Operating System & Browser used –  What site you came from –  Internet Service Provider –  Have you been here before?

15

Web Request

Page 16: Online Privacy, the next Battleground

Taxonomy | Cross Site Tracking

•  Using cookies to track across computers and affiliated sites

•  Cookie is stored on your computer and sent with every request

•  Cookies usually associated with logon details

•  What they can find out –  Who you are –  What sites you visit (affiliates) –  Behavioral profiles

16

Cross Site Tracking

Page 17: Online Privacy, the next Battleground

Advertisers Allowing Opt-Out •  Acerno •  Adtech •  Advertising.com •  AOL •  Akamai •  AlmondNet •  Atlas •  Microsoft •  Audience Science •  Blue Kai •  Bluestreak

Source: www.dubfire.net/opt-out/

•  Next Action •  NexTag •  Media 6 Degrees •  Media Math •  MindSet Media •  Nielsen Online •  Omniture •  OpenX •  PrecisionClick •  Safecount •  Question Market •  Smart Adserver

17

•  BrightRoll •  BTBuckets •  Collective Media •  Cossette •  Eyeblaster •  Exelator •  Fox Audience

Network •  Google •  Doubleclick •  interCLICK •  Lotame

•  Tacoda Audience Networks

•  Traffic Marketplace

•  Tribal Fusion •  Exponential •  Turn •  Undertone

Networks •  Zedo •  ValueClick •  Mediaplex •  [x+1]

Page 18: Online Privacy, the next Battleground

Taxonomy | Rich Browser Environments

•  Rich Web 2.0 Technologies –  JavaScript / AJAX –  Flash / Silverlight

•  What they can find out –  Browser history –  Clipboard data –  Key presses –  Visual stimulus –  Browser plug-ins –  Desktop display preferences

18

Rich Browser Environments

Page 19: Online Privacy, the next Battleground

CSS History Hack

available at http://singe.za.net/privacy/privacy.html modified from http://ha.ckers.org/weird/CSS-history.cgi stolen from http://blackdragon.jungsonnstudios.com/

19

Page 20: Online Privacy, the next Battleground

Taxonomy | Application Data •  Rich information inputs •  Structured & unstructured data (previously only structured)

–  Search requests –  E-mails –  Calendar items –  Instant Message Communications

•  What they can find out –  Who you are –  Who your friends are –  What you’re doing on Sunday –  Your interests

20

Application Data

Page 21: Online Privacy, the next Battleground

Application Data Example

21

•  Search logs •  Far less information rich than e-mail •  Or are they …

•  “Anonymised” search logs released by AOL •  AOL User 4417749

•  Thelma Arnold •  Lilburn, Georgia

Page 22: Online Privacy, the next Battleground

Taxonomy | Aggregation, Correlation & Meta -Data •  Combining the previous levels •  Meta - Data – Include interactions with applications •  Aggregation – combining the information from various

sources •  Correlation – normalising entities across sources •  Provides information you may not be aware of

–  e.g. Advertising profile

•  What they can find out –  Social networks –  Behavioural profiles –  Psychological profiles –  Deep databases

22

Aggregation, Correlation & Meta-

Data

Page 23: Online Privacy, the next Battleground

23

Agenda

•  What’s Changed

•  Defining Privacy & Private Data

•  Collecting Online Private Information

•  Online Privacy Attacks

•  Defences

Page 24: Online Privacy, the next Battleground

Correlation Demo •  Demo - How much information do you really leak publicly

–  Name and Surname •  Known aliases

–  Contacts •  Email addresses •  Physical location / street address •  Phone numbers

–  Physical / Mobile –  IM/Skype details

–  Associations and memberships (social networks + real life) –  Education –  Employment history –  Profiles of

•  Family •  Friends

24

Page 25: Online Privacy, the next Battleground

Meta Data Demo

•  Data you may not be aware of leaking •  Complex insights into relationships available

•  Social network example –  Twitter –  Facebook

25

Page 26: Online Privacy, the next Battleground

26

Agenda

•  What’s Changed

•  Defining Privacy & Private Data

•  Collecting Online Private Information

•  Online Privacy Attacks

•  Defences

Page 27: Online Privacy, the next Battleground

Threat Information •  Information leads to more information

–  Don’t view info in isolation •  Simple leaks become fixation points for correlation

–  Just mentioning a child’s name… •  Combining information leads to new, possibly undisclosed

information

•  You leak more than you know •  Don’t trust people based on their knowledge of you •  View your disclosures as a whole (think correlation points) •  Err on the side of caution, you can’t undo a leak

27

Page 28: Online Privacy, the next Battleground

Defences •  Connection

–  MAC rotation –  Secured Medium –  Egress Firewall Filtering

•  Network –  VPN: Prevents local

disclosure, Easy to spot –  Covert Channels: DNS, ICMP,

Steganography –  Proxies –  TOR

•  Web Browser –  SRWare –  NoScript –  CookieButton

•  Applications –  Don’t use if possible –  Don’t Identify –  Limit your disclosure –  Limit public disclosure –  Ensure authoritative source

•  Correlation/Aggregation –  Temporary Information (e.g.

Mailinator) –  False Information (e.g.

FaceCloak) –  Split Across Providers –  Isolate cross-web invaders

•  Plan for privacy breach! –  Request removal, offload risk,

change details, muddy waters

29

Page 29: Online Privacy, the next Battleground

QUESTIONS? Thanks to Paterva, Chris Sumner & Moxie Marlinspike

31