Getting Your Secret Squirrel On

Securing your privacy in the online world

 

@doTheCodeOlivia

 

Who am I?

I do infosec things @Mapbox.

 

We build cool open-source things, like maps.

 

And we're always looking for awesome people!

So, what're we gonna talk about?

  • Why privacy is important
  • How your information is tracked
  • Action steps you can take to secure your privacy

⚠️ CAVEAT ⚠️

Take baby steps when you go through this process.

Maintaining your privacy takes a conscious and consistent effort. If you make all these dramatic changes at once, you'll drain yourself out.

Each month, target a particular area you want to focus. Action areas in this presentation are denoted with 🌟.

SELF-CARE IS IMPORTANT.

Why Privacy?

"I have nothing to hide. Why do I need to care?"

Iffy-Privacy Practices

  • Data companies, like Cambridge Analytica, building detailed psychological profiles on Americans to target ads.
  • Facebook uses ethnic affinity to let advertisers discriminate their ads based off of how Facebook classifies them.
  • Or that Facebook will use any way possible to make money off your data.

They can see you...

They can see you...

  • ISPs can infer a lot about you. Just take Malte Spitz, a green German politician, as an example:

Safe Assumptions

  • Anything you do online is tracked, monitored, and analyzed for whatever purpose.
  • Once you put information online, it cannot be fully redacted. Something's probably cached somewhere.

So.. how can they know this stuff about me?

Two main things:

🍪 and {meta.data}

Cookies

Cookies allows sites to recognize your browser and remember stateful information (like username/password, shopping cart, etc.).

 

Third-party tracking cookies allows sites to track your online behavior through different domains.

 

 

These cookies sound delicious!

Lightbeam, a Firefox extension, shows you what cookies are actually tracking you.

Metadata

The data about data.

Contains information about:

  • Who sent what message
  • When message was sent
  • Where the message is from
  • To whom the message was for

Metadata

So why should I care?

  • You got an email titled, "24 hours left to stop DAPL" from an activist group, and you later called your local representative. But no one knows the contents of that email.
  • You got an email from an HIV testing center and searched for some HIV support groups in your area within the same hour. But no one knows what was in your email or the contents of the sites you visited.

Let's take a look at how your network traffic looks to others

The Basics:

Privacy

🌟 Assess Yourself 🌟

  • Do a threat model assessment before committing to any strict privacy criteria
  • When using a service, read the privacy policy!
    • Ask yourself:
      • What information do they collect?
      • How do they use that information?
      • How do they protect sensitive information?
  • Do this checkup regularly.
  1. What do you want to protect?
  2. Who do you want to protect it from?
  3. How likely is it that you need to protect it?
  4. How bad are the consequences if you fail?
  5. How much trouble are you willing to go through in order to try to prevent loss?

The answers to these questions will dictate how you should handle your privacy.

Browser Privacy

  • Check to see if your browser is safe against tracking at Panopticlick
  • Switch to a browser like Firefox, Brave, or Tor
    • Chrome has implemented tracking at the protocol level through QUIC - making it easier for them to track you and harder to block
    • Refer to PrivacyTools.io for configuration
  • Install HTTPS Everywhere plugin on all your browsers
  • Install an ad and tracker blocker like uBlock Origin and Privacy Badger
  • Use a VPN to encrypt your network traffic
  • Configure your browser to delete cookies after each session

🌟 Minimize your digital footprint! 🌟

Communication Privacy

  • Set up PGP encryption for your email service
    • Keybase is a great starting point for proving your online identity and sharing keys
    • Proton Mail is a great mail provider that encrypts your mail and won't track you
  • Use an encrypted chat service for voice and text like Signal or Ricochet

🌟 Encrypt all the things! 🌟

The Basics:

Security

🌟 Basic Action Items 🌟

Your private data is only as secure as you make it.

Honorable Mentioned Resources

So now, get your squirrel on.

Getting Your Secret Squirrel On

By oliikit

Getting Your Secret Squirrel On

Securing your privacy online.

  • 718