Jose Aguinaga
Web Engineer. UX & Interactions Designer. Full-Stack Javascript Developer.
Privacy awareness
and control
A presentation by José Aguinaga
Disclaimer
Use content to your own risk, can't be held liable or accountable of the information
Me.
Hacked.
Story time.
Story #1
The disgruntled lover
😱
👻
Story #2
The big brother
Story #3
The unrequested loan
😂😂😂
Sharing information.
The four stages of information sharing
Stage 1
Unaware and without any control
We are sharing information without being aware it’s happening, and we can not do anything about it.
Stage 2
Aware but without control, or very little
We know we are sharing information, but we can't do anything to stop it.
Stage 3
Control, but without awareness
We are unaware that we are sharing information, but we are given the control of stopping doing so.
Stage 4
Awareness and control
We know what we are sharing, and we can control whether we keep sharing it or not.
We should always aim for stage 4
Understanding types of information.
Three types of information.
Public Information
Anyone can see this information
Your first name, physical appearance, general location, perceived gender.
Private Information
Trusted parties have access to this information
Personal phone, home address, personal documents, age, economical situation, family.
Confidential
Information
Binded by law individuals only
Bank account details, behavioural patterns, economical investments, social security information.
Real problems come when private or confidential information is shared without awareness or without being able to control
Regaining awareness
Our current awareness on privacy matters is way below the threshold companies use to handle your information.
“If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place”
Eric Schmidt, Google Chairman CNBC's Interview 2009
“Privacy is no longer a ‘social norm’”
Mark Zuckerberg, Facebook CEO, Crunch Awards Interview 2010
“You already have zero privacy. Get over it”
Scott G. McNealy, CEO of Sun Microsystems Inc, 1999
The reality is that the tools we use abuse in many instances our privacy - if you are not paying for it, you are the product.
“No place to hide”, a book describing the findings of Edward Snowden while working for the NSA, describes the depth of the PRISM program to harvest and interpret people's information through multiple web services.
“Mass surveillance creates a prison in the mind”
Glenn Greenwald, “Why privacy matters” TED Global.
NSA Files Decoded
http://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa-files-surveillance-revelations-decoded
Regaining
control
1. Lock your screen
Leaving your computer unlocked while not being on your workstation makes it prone to privacy attacks.
This goes the same for your phone. Notifications should not be show on lock screen.
Personal Recommendation: Hot corners + Screen saver
2. Cover your camera
..as well as your screen. Privacy shades on your display stops strangers to snoop confidential information. A camera cover stops potential hackers to take over more than just digital information located in the device.
Personal Recommendation: None
3. Separate users
Use a different user for your everyday activities, and a super admin user for controlling privileged actions on your computer. Were it to be compromised, access would be limited to the malware.
Personal Recommendation: OS setup.
4. Uninstall Adobe Flash
Flash is no longer required for sites like YouTube. For years, it has been the entry point of failure for multiple vulnerabilities while browsing webpages.
Personal Recommendation: HTML5 Video
4. Ditch gmail
Unless you really enjoy their flawless synchronization alongside all their products, using a more private aware provider is a better option.
Personal Recommendation: Proton Mail (Free)
Kolab Now ($)
5. Set up a password strategy
Either use a password manager or your own (ideally an offline local solution), or setup a tabula recta for generating site specific passwords.
Passwords: Long, unique, memorable.
Personal Recommendation: Tabula recta
6. Set up a firewall
The easiest way to ensure traffic doesn't go outside your computer is to setup outbound rules to avoid malware or third party software to ping home.
Personal Recommendation: Little Snitch, Private Eye
7. Disable suggestions
Most autocomplete or autosearch features leak every request inserted in them. A big example is Mac OSX Spotlight
Personal Recommendation: Disable Spotlight
8. Get a VPN
Your traffic should be your concern, and your concern only. Specially while browsing on public wifi.
Additional note: Avoid public wifi when possible.
Personal Recommendation: NordVPN ($), FreeVPN.Ninja (Free)
9. Browse with Firefox
Although Chrome is definitely a great browser, the guys at Mozilla put privacy one of their top concerns.
Learn how to setup: HTTPS Everywhere, Cookie and User Agent buster.
Personal Recommendation: See “Additional Links”
10. Drop US services
After the NSA files were exposed, it has been revealed that major internet services providers located in the US are being used as data sources for mass surveillance.
Additionally, under US Patriotic Act, companies under US soil can be requested to hand over any customer information (e.g. Lavabit)
Personal Recommendation: See https://prism-break.org
Additional links
https://pack.resetthenet.org/
https://securityinabox.org/
https://www.privacytools.io/
https://prism-break.org/en/
https://ssd.eff.org/
FAQ
Why how much information we share is relevant while working in the banking industry?
How you handle your own personal information is a reflection of how you handle others’.
Phone notifications usually contain sensitive information. Anyone that oversees a notification might be able to get information from a client, investor, or third party.
Disable notifications on lock screen to avoid this.
Why should I pay attention to the latest trends in privacy in the world of fintech?
Fintech technologies usually also cover it's share of privacy related operations, which might affect potential customers/investors.
Being aware of most up-to date payments technologies allows to give clients the best insights on investments, latest development in digital currencies and other financial developments.
Enroll to multiple fintech newsletters to spot the latest news in the industry
Why you should always lock your screen if you are not in front of your workstation?
Your workstation contains privileged information that affects the company and/or its clients.
Anyone that has physical access to your computer even for a few seconds is able to retrieve confidential data, infect the network, plug malware into your computer or setup even surveillance software.
See
https://github.com/juuso/keychaindump
What can I do to delete my online persona and “start from scratch”, so to speak?
You can't. You can only start slowly migrating from the services you use everyday.
A mix of technologies is required for setting up full anonymity. From setting untraceable bitcoin wallets, to setting up Tails, the task can be pretty daunting... but possible.
See
https://prism-break.org
QA
Thank you.
Privacy awareness and control
By Jose Aguinaga
