Protecting your personal info online.

March 23rd, 2019

For the Win

Outline:

  • Introduction
  • Rules n’ Such
  • Tales of cyberwins
  • Game (Red v Blue
  • Mini Workshops
    • Intro to threat modeling
    • DeGoogle Yourself
  • Thank You/Resources

Who are we? Who are you?

  • We are the…
    • The Cypurr Collective: A group of folks that organize cybersecurity workshops and socials, looking to spread knowledge and talk about privacy rights!
  • ...and you are?
    • Name
    • Pronouns (i.e. he/him, she/her, they/them, etc)
    • In a few words, what brings you here today?

A few rules for this workshop …

  • Share the space!

    • Ask a question, give a comment, leave room for others to speak

  • Stack!  Raise your hand, we will queue speakers

  • Saf(er) Space

    • We DO NOT tolerate language or behavior purposefully meant to demean or harm others

    • Don't pressure anyone to discuss their experience/threat model/situation

    • Consent: Ask before helping someone out, e.g. before taking their device

  • Photo/Video- No photo/video without asking!

  • Reporters/Researchers: Make yourself known

  • Bonus Rule: Don't invalidate experiences!

     

Tales of epic cybersecurity wins

Story #1: Teen reports Group FaceTime eavesdropping bug

  • A major FaceTime bug lets iPhone users see and hear others before they accept a video call
  • Apple responds after news goes viral on social media

Story #1: FaceTime bug

  • His mother tried for over a week to bring attention to this by tweeting at Apple and many different news orgs
  • Apple wanted her to register as a developer to submit the bug report, which she did, even though she was not a developer
  • After news of the bug went viral, Apple finally disabled Group FaceTime feature and released a patch a week later
  • A teenager discovered that he could listen in on their iPhones/iPads without their approval

The Story

Story #1: FaceTime bug

  • Apple was slow to respond after the company had been made aware of the bug
  • Bug reports go through Apple's developer site. Even though non-developers can use the site, there isn’t a clear, public-facing way for consumers to report these types of bugs

Sources: 1 2 3 4 5 6 7

Story #2: NSA shutting down phone records program

This program analyzes “metadata” of calls between US callers

  • Who, How long & Where

Trump administration might not ask them to renew the program’s legal authority, which is set to expire at the end of March

Story #2: NSA ending program

  • Started by Bush after 9/11
  • Revealed by Edward Snowden  in 2011
  • Contaminated data bringing the entire system into question

  • Gathering unauthorized data, so they had to purge the entire dataset recorded

  • Gathered 151 million records in 2016 alone

    • 0 terrorist attacks thwarted

Is there better tech now?

Was the program too useless to maintain?

NSA decided to ones right to privacy

Source: NYT

Story #3: HQ2 BTFO

Preamble:

  • Amazon announced plan for a second headquarter in NA city
  • Cities scramble to compete, promise of #HQ2 improving real estate prices
  • (Nominally for 50k jobs)
  • Split HQ2 between LIC and Arlington VA
  • NYC offers and NYS offers

Story #3: HQ2 BTFO

Blowback from local activists, gains support among unions/politicians

  • Corporate welfare
  • Not democratic
  • Anti-Amazon
  • Seatlization
    • Rent trippled,
    • homelessness
    • hyper-gentrification,
    • Amazon dictates

Amazon has a temper tantrum...

  • State Sen. Gianaris, supporter turned critic, given power to veto the deal
  • executive made decision after hearing unfavorable coverage on the radio
  • No notice, no negotiations-- Amazon punishes NYC

Story #3: HQ2 BTFO

  • Cuomo, who receives >$1.5 M from real estate, calls polticiians who listened to activists "corrupt"
  • de Blasio critiques Amazon for the pull-out

 

  • Advertisement campaign to scold NYC
  • Scapegoating...AOC?
  • Warren calls to break up Amazon (and others)
  • Growing opposition in VA

Break up & Boycott Amazon

Game: Red v Blue

Scenario:

Evil Corp has many contracts with the US Department of Defense, as well as several other state and private militias. It was recently revealed that Evil Corp has been helping a foreign prince inhumanely suppress local protests with a mysterious new surveillance technology.

Mini Workshops

  1. Intro Threat Modeling

2. De-Google yourself

Thank You and Resources

  • CyPurr Collective

    • https://www.cypurr.nyc

    • Facebook & Twitter

  • Sign up to our email list too, we won’t spam ya!

  • Further Resources

    • NYC CryptoParty Meetup/CryptoParty Harlem (Meetup)

    • HackBlossom (Hackblossom.org)

    • ctrlshift.space I/O

    • Tactical Tech Collective- Holistic Security, MyShadow, Data Detox

  • EFF- Surveillance Self Defense (ssd.eff.org)

  • Freedom of the Press Foundation (Freedom.press)

Upcoming

  • Here again on April 6th
  • Open meeting here Monday April 1st @ 6:00pm
  • Find more on Facebook/Twitter

Thank You!

BPL 19.03.23: For the Win

By cypurr

Made with Slides.com

BPL 19.03.23: For the Win

  • 144

More from cypurr