privacy 102

#vierdevrijdag                                                      @bartroorda                                                20190322

a bunch of examples

oorsprong:

bezig met crypto.

 

dacht: doe een crypto & privacy session.

hoe gebruik je veilig het internet

privacy 102

privacy = freedom

If you can be told what you can see or read

 

Then it follows that you can be told what to say or think

you

bart roorda

Tim Berners-Lee

🐣

1996

people start using the internet

2000

year of the nokia 3310

Topics

  • This is how websites track you
  • This is how a VPN works
  • These are the default settings of Chrome
  • This is how Private Messages are stored
  • ...

browser on computer

router

'internet' (server)

ISP

site

site

1/5 what happens when you visit a site?

site

You visit a website

  • cookies are set
  • mouse tracking
  • registering things you typed

cookie example 1

site

cookie example 2

site

what these companies know

Your location

Your device type

Your browser type

 

Time of visit

Duration of visit

Your interests

URL of every site you visit

 

Search queries on sites:

site.com?q=Pregnant

site

how cookie tracking works

let's have a look into Lightbeam..

site

how to protect yourself

  • use a privacy focussed browser like Brave or Firefox
  • install an addon that blocks trackers (uBlock Origin)

site

'internet' (server)

2/5 what happens when you visit a server?

site

You visit a website

  • the page you visit is logged
  • your ip address & location are logged
  • logged in?
    • server knows its you
    • server gets to know when you're awake and such
  • all the contents you receive is known by server
    • your emails
    • your private messages
    • your confidential data, like passwords

everything is visible - the server knows everything

server knows everything - example 1

server

All the things you type, stored forever

server knows everything - example 2

server

email password
mail@bartroorda.nl i_live_in_utrecht_1*
you@youremail.com ilovepuppies

server knows everything - example 3

server

Your 'private' messages on Twitter

 

Your chats on Facebook & Telegram

server knows everything - example 3

server

what these servers know

Your location

Your device type

Your browser type

 

Time of visit

Duration of visit

Your interests

URL of every site you visit

Content of every page

 

The server stores most things for a long, long time

server

how to protect yourself

  • think before you post data to a server
    • i.e.: don't send passwords via email
  • have a unique password for every site
    • use a password manager
  • use a vpn
    • this way the server can't connect your ip to your real identity
    • this is only useful if you are not logged in onto the site
  • use end to end encrypted messages

server

ISP

3/5 what does your ISP know?

ISP

You visit a website

  • if http connection: ISP knows everything
    • every url you visit
    • content of site (including mails, IM's, etc)
    • cookies content
    • everything you submit using forms
       
  • if https connection:
    • every url you visit

ISP

ISP knows a lot - example

  • every URL you access is recorded

 

until 2016:

  • all data of all Dutch internet users was kept for 12 months
  • data could be shared with USA without any control on the data

ISP

ISP controls what you see - example

URLs are filtered based on censorship rules

how to protect yourself

  • use a vpn
    • this way the ISP knows nothing
    • and you can access all sites

ISP

router

4/5 what does your local network know?

router

You visit a website

  • Every domain name you visit visible
  • Every non SSL text visible
  • Pages can be altered

router

local wifi users know a lot - example 1

router

local wifi users know a lot - example 2

router

local wifi users know a lot - example 3

router

local wifi users know a lot - example 3

router

how to protect yourself

  • use https sites
    • this way only the URLs you visit are known
  • use a vpn
    • this way the wifi users know nothing

browser on computer

5/5 what does your browser know?

router

You visit a website

  • Every domain name you visit visible
  • Every non SSL text visible
  • Pages can be altered