privacy 102
#vierdevrijdag @bartroorda 20190322
a bunch of examples
oorsprong:
bezig met crypto.
dacht: doe een crypto & privacy session.
hoe gebruik je veilig het internet
privacy 102
privacy = freedom
If you can be told what you can see or read
Then it follows that you can be told what to say or think
you
bart roorda
Tim Berners-Lee
🐣
1996
people start using the internet
2000
year of the nokia 3310
Topics
- This is how websites track you
- This is how a VPN works
- These are the default settings of Chrome
- This is how Private Messages are stored
- ...
browser on computer
router
'internet' (server)
ISP
site
site
1/5 what happens when you visit a site?
site
You visit a website
- cookies are set
- mouse tracking
- registering things you typed
cookie example 1
site
cookie example 2
site
what these companies know
Your location
Your device type
Your browser type
Time of visit
Duration of visit
Your interests
URL of every site you visit
Search queries on sites:
site.com?q=Pregnant
site
how cookie tracking works
let's have a look into Lightbeam..
site
how to protect yourself
- use a privacy focussed browser like Brave or Firefox
- install an addon that blocks trackers (uBlock Origin)
site
'internet' (server)
2/5 what happens when you visit a server?
site
You visit a website
- the page you visit is logged
- your ip address & location are logged
- logged in?
- server knows its you
- server gets to know when you're awake and such
- all the contents you receive is known by server
- your emails
- your private messages
- your confidential data, like passwords
everything is visible - the server knows everything
server knows everything - example 1
server
All the things you type, stored forever
server knows everything - example 2
server
| password | |
|---|---|
| mail@bartroorda.nl | i_live_in_utrecht_1* |
| you@youremail.com | ilovepuppies |
server knows everything - example 3
server
Your 'private' messages on Twitter
Your chats on Facebook & Telegram
server knows everything - example 3
server
what these servers know
Your location
Your device type
Your browser type
Time of visit
Duration of visit
Your interests
URL of every site you visit
Content of every page
The server stores most things for a long, long time
server
how to protect yourself
-
think before you post data to a server
- i.e.: don't send passwords via email
- have a unique password for every site
- use a password manager
- use a vpn
- this way the server can't connect your ip to your real identity
- this is only useful if you are not logged in onto the site
- use end to end encrypted messages
server
ISP
3/5 what does your ISP know?
ISP
You visit a website
- if http connection: ISP knows everything
- every url you visit
- content of site (including mails, IM's, etc)
- cookies content
- everything you submit using forms
- if https connection:
- every url you visit
ISP
ISP knows a lot - example
- every URL you access is recorded
until 2016:
- all data of all Dutch internet users was kept for 12 months
- data could be shared with USA without any control on the data
ISP
ISP controls what you see - example
URLs are filtered based on censorship rules
how to protect yourself
-
use a vpn
- this way the ISP knows nothing
- and you can access all sites
ISP
router
4/5 what does your local network know?
router
You visit a website
- Every domain name you visit visible
- Every non SSL text visible
- Pages can be altered
router
local wifi users know a lot - example 1
router
local wifi users know a lot - example 2
router
local wifi users know a lot - example 3
router
local wifi users know a lot - example 3
router
how to protect yourself
-
use https sites
- this way only the URLs you visit are known
-
use a vpn
- this way the wifi users know nothing
browser on computer
5/5 what does your browser know?
router
You visit a website
- Every domain name you visit visible
- Every non SSL text visible
- Pages can be altered