The Internet: Metadata and Privacy
advertisement
Mass-Surveillance, Metadata, and Methamphetamine. 22nd August 2015 – Things We Know Leslie Hughes Disclaimer The views expressed herein are presented for academic and/or entertainment purposes, and do not necessarily reflect those of Leslie Hughes, Monash University, the Liberal Democratic Party, Things We Know organisers, or Snoop Dogg. Nothing here constitutes as any type of professional advice: legal, technical, or otherwise. You are responsible for how you use this information. Listen to Les at your own risk. Licencing/Copyright While I am fairly knowledgeable in this discipline, I am not looking to re-invent the wheel. Much of the information in this presentation has been taken from various sources on the internet, sometimes word for word. Where possible, I’ve tried to give credit and/or link the to each website where material is referenced. While I have tried to ensure that all content in this presentation is free from restriction on copying/sharing/etc, I can not guarantee it. Given that, everything which I have authored may be modified, distributed, copied, in a personal, commercial, or whatever other means without giving credit. Whatever restrictions could possibly exist, none of them apply to my work within this slide. Credit is always nice, but I’d rather the information be out there with no credit, than not out there at all. About Les http://leshugh.es - Bachelor of Computer Science, Monash Clayton + Penn State. Teaching Associate at Monash for seven years. 10+ years working in the I.T. industry. Secretary of the Liberal Democratic Party in Victoria. Liberal Democratic Party Candidate – 2014 Victorian Elections. Winner RuxCon Capture the Flag 2003. Winner RuxCon Cryptography Challenge 2004. Has a messy car. We are being watched. Telephone: Australia is known to be an avid user of telephone surveillance. In 2003, Australia issued 75% more wiretap warrants than the US did and this was 26 times greater than the US on a per capita basis. In 2012 it was reported that year-on-year "Access to private data has increased by 20 per cent by Australia’s law enforcement and government agencies – and with no warrant." https://en.wikipedia.org/wiki/Mass_surveillance_in_Australia We are being watched. Internet: In 2013 it was reported that under Australian law state, territory and federal law enforcement authorities can access a variety of 'non-content' data from internet companies like Telstra, Optus and Google with authorization by senior police officers or government officials rather than judicial warrant, and that "During criminal and revenue investigations in 2011-12, government agencies accessed private data and internet logs more than 300,000 times." https://en.wikipedia.org/wiki/Mass_surveillance_in_Australia … then came 2014/2015 National Security Legislation Amendment Bill (No. 1) 2014 http://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=s969 - giving ASIO the power to ‘disrupt’ computers by adding, modifying or deleting files. giving ASIO the power to spy on a number of computers – including a whole computer network – under a single computer-access warrant. giving ASIS (Australia’s foreign intelligence agency) the power to collect intelligence on Australian citizens overseas. creating a new criminal offence, with a maximum penalty of 10 years imprisonment for revealing information about ‘special intelligence operations’. This comes with no exceptions and would apply to journalists, even if they were unaware that they were revealing information about such an operation. https://www.citizensnotsuspects.org.au/learn-more http://www.abc.net.au/news/2014-10-14/journalists-face-jail-for-exposing-security-agency-bungles/5776504 National inSecurity Legislation Amendment Bill (No.1 ) 2014 Schedule 2—Powers of the Organisation Part 1—Amendments Australian Security Intelligence Organisation Act 1979 Subdivision A—Preliminary 4 Section 22 (definition of computer) Repeal the definition, substitute: computer means all or part of: a) one or more computers; or b) one or more computer systems; or c) one or more computer networks; or d) any combination of the above. http://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=s969 National inSecurity Legislation Amendment Bill (No.1 ) 2014 - - Australian Security Intelligence Organisation officers will now have greater immunity from prosecution if they commit a crime in the course of a "special intelligence operation". Authorised ASIO officers will decide which operations are classed as "special intelligence operations" and there is no limit on how many operations can be designated as such. The immunity is broad. The laws state only that ASIO officers must not be engaged in conduct that causes death or serious injury, involves a sexual offence against any person or the significant loss of or damage to property. After Liberal Democrat Senator David Leyonhjelm raised concerns about ASIO officers using torture, the government inserted a clause clarifying that torture is not permitted under these laws. http://www.smh.com.au/federal-politics/political-news/australias-new-security-laws-explained-20140926-10mh6d.html National inSecurity Legislation Amendment Bill (No.1 ) 2014 TORTURE FFS!!!!1! Under the heading, "Immunity from liability", the bill stated: A participant in a special intelligence operation is not subject to any civil or criminal liability for or in relation to conduct if … the conduct does not involve the participant engaging in any conduct that: (i) causes the death of, or serious injury to, any person; or (ii) involves the commission of a sexual offence against any person; or (iii) causes significant loss of, or serious damage to, property. Thankyou, based Leyonhjelm. Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015 http://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r5375 Mandatory retention for two years of data relating to the internet and telecommunications activity of all Australians. This data could include records of your phone calls and texts, your location (if you use a mobile phone) and who you send emails to and who you receive them from. As Sir Tim Berners-Lee said when he was down under last year, retention of data on this scale “is so dangerous, you have to think of it as dynamite”. https://www.citizensnotsuspects.org.au/learn-more/ Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015 Twenty-two agencies who will be able to access metadata under the new laws is actually fewer than the roughly 80 who can do so currently. As a trade-off under the new laws, Attorney-General George Brandis limited the number of agencies to crucial crimefighting and national security bodies, removing groups like the RSPCA and local councils. http://www.smh.com.au/federal-politics/political-news/2500-metadata-cops-to-search-phone-and-internet-records-20150328-1m9e0a.html Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015 110A Meaning of criminal law-enforcement agency (1) Each of the following is a criminal law-enforcement agency: (a) the Australian Federal Police; (b) a Police Force of a State; (c) the Australian Commission for Law Enforcement Integrity; (d) the ACC; (e) the Australian Customs and Border Protection Service; (ea) the Australian Securities and Investments Commission; (eb) the Australian Competition and Consumer Commission; (f) the Crime Commission; (g) the Independent Commission Against Corruption; (h) the Police Integrity Commission; (i) the IBAC; (j) the Crime and Corruption Commission of Queensland; (k) the Corruption and Crime Commission; http://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r5375 Metadata :: What is? Metadata is “data about data” Metadata describes “data”. Example: Word Document Author, Word Count, Time Created, Size, Pages, Fonts Used, etc Metadata can contain more data than the data itself…. More: https://en.wikipedia.org/wiki/Metadata What is Metadata? “We kill people based on metadata” -- Gen. Michael Hayden Former head of the National Security Agency https://www.techdirt.com/articles/20140511/06390427191/michael-hayden-gleefully-admits-we-kill-people-based-metadata.shtml Metadata :: EXIF Exchangeable Image File Format Some metadata collected: Camera Type, Exposure, Date time, Focal Length, GPS Location, Phone Serial Number? EXIF Data has been used to find criminals, rob people, and according to Edward Snowden’s leaks: the NSA is targeting EXIF information under the XKeyscore program. https://en.wikipedia.org/wiki/Exchangeable_image_fi le_format http://www.superutils.com/2010/09/to-remove-ornot-to-remove-exif-metadata/ Metadata :: Twitter Twitter allows you to post 140 character text messages. The public twitter API exposes ~31 pieces of metadata. Twitter themselves would have further metadata. Even more meta-data now: https://blog.twitter.com/2013/introdu cing-new-metadata-for-tweets Metadata :: Further Examples Phone Calls - Caller. - Who they called. - Date/Time. - Call Duration. SMS - Sender. - Receiver. - Message encoding. (UTF8, UnicodeX, …) - Date/Time. - Length http://www.smartposition.nl/resources/sms_pdu.html Metadata :: Inherent in Communications Technologies Metadata embedded in photographs is purely an “extra”; not required for the picture itself. In contrast, metadata is inherent in communications technologies. If you have X devices connected to a network, the network must be able to differentiate between devices. Mobile Phones Your phone has a serial number: IMEI (International Mobile Station Equipment Identity) You put a SIM card into your phone (Subscriber Identification Module) Your SIM Card contains an IMSI (International Mobile Subscriber Identity). You access data (4G/WiFi/etc) each network interface has a MAC Address (Media Access Control Address) https://en.wikipedia.org/wiki/International_Mobile_Station_Equipment_Identity https://en.wikipedia.org/wiki/International_mobile_subscriber_identity https://en.wikipedia.org/wiki/Subscriber_identity_module https://en.wikipedia.org/wiki/MAC_address Metadata :: Technology can leak data. As a result of the differing technical implementation of various technologies, devices can leak private data, which although not required for the operation of the device, can be deduced from required data. Example: Mobile Phones In order to relay a phone call or SMS to your mobile device, mobile infrastructure needs to know what towers you are connected to, and to which ones have the strongest signal. With this information, simple physics equations are able to determine your location within 50metres. “We just needed to connect your phone, but we know you were at that nudist beach.” Storing this information indefinitely is cheap and easy. https://en.wikipedia.org/wiki/Mobile_phone_tracking http://cryptome.org/2014/01/nsa-sms-exploit.pdf - More on metadata “leakage” and uses. Metadata :: Technology can leak data. Stated Differently: When you have your phone with you and switched on, telecommunications companies know where you are. Your location data will be accessible without a warrant for two years. Metadata :: Secret Metadata Steganography: the art or practice of concealing a message, image, or file within another message, image, or file. Example: You can hide secret messages in JPEG files. Your devices may be embedding metadata into your pictures, documents, without you knowing…. and it’s already been done! Colour Printers In 2005 it was discovered that various US Government agencies had been pressuring/forcing printer companies to mark your print-outs in a nearlyimpossible-to-see way with secret codes. Thus, if you print something they do not like, they know what printer it came from. https://w2.eff.org/Privacy/printers/docucolor/ https://www.eff.org/issues/printers https://en.wikipedia.org/wiki/Steganography https://en.wikipedia.org/wiki/Printer_steganography Metadata :: Secret Metadata Metadata :: Secret Metadata Privacy Most of us value our privacy. We get dressed in private, don't like people listening in on our phone calls, and choose whether to share our letters, diary entries, or medical records with others. Privacy is a basic human impulse, and the right to control who sees our most personal information and activities is recognised by most democratic legal systems. Without Privacy It would mean that you would be highly vulnerable to the control of others, you would lose your freedom which may lead to inhibition and tentativeness and you may be less spontaneous and you would be more likely to be manipulated. http://zeroknowledgeprivacy.org/library/why-privacy-matters/ http://www.craigbellamy.net/2006/04/24/privacy/ http://www.privacilla.org/fundamentals/whyprivacy.html Internet :: What is? The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite (TCP/IP) to link several billion devices worldwide. It is an international network of networks that consists of millions of private, public, academic, business, and government packet switched networks, linked by a broad array of electronic, wireless, and optical networking technologies. The internet is a “Series of Tubes” -- former United States Senator Ted Stevens (R-Alaska) Said differently: The internet is “distributed network” or “network of networks”. Despite Ted Stevens’ obvious ignorance on technical matters, the “series of tubes” metaphor, at least in my opinion, is a good one when talking about some of the Internet’s physical implementation. https://en.wikipedia.org/wiki/Internet https://en.wikipedia.org/wiki/Series_of_tubes The Internet Visualised Author: https://commons.wikimedia.org/wiki/User:Rezonansowy Internet :: How is? A quick lesson on files and bits: Files, such as a document, photo, or application, are each an array of bits. - A bit is a 1 or a 0 - 8 bits = 1 byte - 2^20 bytes = 1 megabyte - 1-megabyte = 1,048,576 bytes = 8,388,608 bits. Les wants to send a 3MB photo to his Mum: 3-megabytes = 3,145,728 bytes = 25,165,824 bits. How do we send 25million+ 1’s or 0’s across the internet? How does the receiving computer know what to do with the 1s and 0s? In order for computers to understand each other, “Protocols” are established, in the case of the Internet, we can use the “Internet Protocol” or IP. As the file is large, we break our file up into something called “Packets”. https://en.wikipedia.org/wiki/Bit https://en.wikipedia.org/wiki/Internet_Protocol https://en.wikipedia.org/wiki/Network_packet TCP/IP :: What is? The Transmission Control Protocol (TCP) is one of the core protocols of the Internet protocol suite (IP), and is so common that the entire suite is often called TCP/IP. Web browsers use TCP when they connect to servers on the World Wide Web, and it is used to deliver email and transfer files from one location to another. HTTP, HTTPS, SMTP, POP3, IMAP, SSH, FTP, Telnet and a variety of other protocols are typically encapsulated in TCP. When data is broken up into TCP packets, each packet looks like this. While there is one data field, there are 16 fields that make up 256 bits of metadata. https://en.wikipedia.org/ wiki/Transmission_Contr ol_Protocol Packets :: The Journey VIA 7 TUBES! LES MUM Original image author: https://commons.wikimedia.org/wiki/User:Mro Series of Tubes :: Tubes to 4chan.org c:\> tracert 4chan.org Tracing route to 4chan.org [141.101.114.6] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 10.0.2.2 2 3 ms 7 ms 4 ms 192.168.0.1 3 10 ms 29 ms 14 ms 10.213.160.1 4 10 ms 9 ms 12 ms CPE-58-175-61-14.vic.bigpond.net.au [58.175.61.14] 5 12 ms 13 ms 15 ms 58.160.7.226 6 11 ms 18 ms 12 ms bundle-ether4.lon-edge902.melbourne.telstra.net [203.50.76.12] 7 14 ms 15 ms 15 ms bundle-ether11.exi-core1.melbourne.telstra.net [203.50.11.113] 8 29 ms 26 ms 28 ms bundle-ether12.chw-core10.sydney.telstra.net [203.50.11.124] 9 40 ms 31 ms 27 ms bundle-ether19.chw-core2.sydney.telstra.net [203.50.11.130] 10 25 ms 34 ms 25 ms tengigabitethernet8-1.ken45.sydney.telstra.net [203.50.19.64] 11 26 ms 26 ms 26 ms pacnet2.lnk.telstra.net [139.130.94.34] 12 29 ms 31 ms 32 ms te0-2-0-0.cr2.syd5.asianetcom.net [203.192.174.181] 13 26 ms 28 ms 26 ms gi2-0-0-900.gw1.syd2.asianetcom.net [202.147.55.90] 14 28 ms 24 ms 26 ms CDF-0011.asianetcom.net [203.192.167.86] 15 28 ms 34 ms 33 ms 141.101.114.6 Trace complete. Series of Tubes :: Who’s watching? When sending a file, downloading a movie, or accessing a website, your packets go though “a series of tubes”, or more accurately, “nodes”. There can even be “hidden nodes” which are transparent to the user. Every single node receives a full copy of the data which passes though. Any node could store relayed information, or a subset of, for various purposes. (Spying, advertising data, research, etc) If a node were to collect data, this can be called a “Man-in-the Middle attack”. There are many methods that can and are used to intercept your communications. However, an in-depth discussion of this is outside the scope of this presentation. https://en.wikipedia.org/wiki/Man-in-the-middle_attack Series of Tubes :: Madman in the Middle One form of man-in-the-middle attack is to use “SSID Spoofing”, where you set up a wireless access point aimed at tricking people to connect to your network as opposed to their intended network. The same thing can be done with mobile phone towers, and recent news shows that Law Enforcement have been actively doing this. Adversaries do not necessarily need to be in “the middle” either. It’s possible to passively listen in on wireless communications. Software such as “Kismet” will allow you to do this on unencrypted open networks fairly easily. Image Source: KQED https://en.wikipedia.org/wiki/Monitor_mode https://en.wikipedia.org/wiki/Packet_analyzer https://www.kismetwireless.net/ https://en.wikipedia.org/wiki/IMSI-catcher https://en.wikipedia.org/wiki/Stingray_phone_tracker Internet :: Not just for cat photos Thinking back to Steganography: Maybe this image, although silly, contains the a secret message , with the details of what *really* happened to the Titanic. Internet :: Accessing a website - Hypertext Transfer Protocol (HTTP) is the foundation of data communication for the World Wide Web. Things such as webpages, videos, images, and sound are often delivered in your web browser by HTTP, which is why you see the http:// in front of your website address. What does accessing a website actually entail from a data/network point of view? Let’s check out http://ldpvic.org.au and find out! Network Demo – Using Firefox’s “Web Developer Tools” (F12) https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol Series of Tubes :: Tubes to ldpvic.org.au c:\> tracert ldpvic.org.au Tracing route to ldpvic.org.au [143.95.39.205] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 10.0.2.2 2 3 ms 3 ms 3 ms 192.168.0.1 3 12 ms 11 ms 11 ms 10.213.160.1 4 10 ms 11 ms 16 ms CPE-58-175-61-14.vic.bigpond.net.au [58.175.61.14] 5 12 ms 13 ms 12 ms 58.160.7.226 6 13 ms 16 ms 16 ms bundle-ether4.lon-edge902.melbourne.telstra.net [203.50.76.12] 7 13 ms 14 ms 13 ms bundle-ether11.exi-core1.melbourne.telstra.net [203.50.11.113] 8 27 ms 28 ms 26 ms bundle-ether12.chw-core10.sydney.telstra.net [203.50.11.124] 9 28 ms 36 ms 31 ms Bundle-ether17.oxf-gw2.sydney.telstra.net [203.50.13.70] 10 27 ms 27 ms 27 ms bundle-ether1.sydo-core01.sydney.reach.com [203.50.13.38] 11 35 ms 27 ms 31 ms i-0-3-2-0.sydo-core02.bi.telstraglobal.net [202.84.220.189] 12 218 ms 216 ms 219 ms i-0-3-0-0.eqnx-core01.bx.telstraglobal.net [202.84.144.17] 13 215 ms 243 ms 218 ms i-0-4-0-3.eqnx03.bi.telstraglobal.net [202.84.251.98] 14 191 ms 182 ms 223 ms l3-peer.eqnx03.pr.telstraglobal.net [134.159.61.106] 15 * * * Request timed out. 16 * * * Request timed out. 17 * * * Request timed out. 18 * * * Request timed out. 19 * * * Request timed out. 20 * * * Request timed out. 21 * * * Request timed out. 22 211 ms 215 ms 212 ms COLO4-DALLA.ear1.Dallas1.Level3.net [4.15.32.134] 23 216 ms 209 ms 211 ms 206.123.64.45 24 216 ms 213 ms 211 ms 72.249.128.74 25 223 ms 212 ms 209 ms starbuck.asmallorange.com [143.95.39.205] Trace complete. Series of Tubes :: The Packets Wireshark Demo: Packet capture http://ldpvic.org.au https://www.wireshark.org https://en.wikipedia.org/wiki/Wiresharkrg/ Series of Tubes :: The Packets This time a secure connection using https:// Firefox Demo: Network https://reddit.com Series of Tubes :: reddit.com Series of Tubes :: reddit.com Series of Tubes :: The Packets Wireshark Demo: Packet capture https://reddit.com Encryption/Cryptography Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries). Encryption doesn’t stop others from intercepting your messages, but attempts to stop them from reading it. Symmetrical - Caesar (Add three letters: Les -> Ohv) - Advanced Encryption Standard (AES) Asymmetrical - RSA - Elliptic Curve cryptography (ECC) - Lattice-based cryptography https://en.wikipedia.org/wiki/Encryption https://en.wikipedia.org/wiki/Cryptography http://nayuki.eigenstate.org/page/caesar-cipher-javascript https://en.wikipedia.org/wiki/Advanced_Encryption_Standard https://en.wikipedia.org/wiki/Public-key_cryptography https://en.wikipedia.org/wiki/RSA_%28cryptosystem%29 https://en.wikipedia.org/wiki/Elliptic_curve_cryptography https://en.wikipedia.org/wiki/Lattice-based_cryptography Encryption :: Demo Caesar Demo : http://nayuki.eigenstate.org/page/caesar-cipherjavascript Encryption :: Demo Portable PGP Demo Internet :: Cookies and Tracking What is a cookie? A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is a small piece of data sent from a website and stored in a user's web browser while the user is browsing that website. Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user's previous activity. Tracking cookies and especially third-party tracking cookies are commonly used as ways to compile long-term records of individuals' browsing histories Advertisers and Trackers get more Advanced Online tracking is no longer limited to the installation of the traditional "cookies" that record websites a user visits. Now, new tools can track in real time the data people are accessing or browsing on a web page and combine that with data about that user's location, income, hobbies, and even medical problems. Large Organisations like Google, Microsoft, Facebook, DoubleClick, QuanCast, Bizo, and sometimes even your own ISP want to track as much of your online activity as possible. Your habits, preferences, and personal details can be worth a lot of money! https://en.wikipedia.org/wiki/HTTP_cookie https://www.eff.org/issues/online-behavioral-tracking Stop Tracking: Browser Add-ons Most recent browsers give you options with regard to accepting cookies, and letting websites know if you want to be tracked or not. Web browsers alone are not providing adequate protection against tracking. There are various web-browser add-ons you can use to help prevent tracking. I personally use a combination of several, and would recommend using a combination of the following: HTTPS Everywhere : https://www.eff.org/https-everywhere Privacy Badger: https://www.eff.org/privacybadger Disconnect.Me : https://disconnect.me/ Ghostry : https://www.ghostery.com/en/ AdBlock Plus : https://adblockplus.org/ NoScript : http://noscript.net/ RefControl : https://addons.mozilla.org/en-US/firefox/addon/refcontrol/ Lightbeam: https://www.mozilla.org/en-US/lightbeam/ There are also several other methods which can assist in limiting the extent to which you are tracked, many are out of the scope of this presentation. However the use of VPNs, I2P, TOR will be covered. Stop Tracking: Search Engines Search engines (such as Google and Bing), make money via advertising and selling statistics. Some organisations spend a lot of time and effort in gathering large amounts of data on your usage as to create your own personalised dossier which probably knows more about you, than you know about yourself! Google’s “Flu Trends” is able to figure out who is sick and where, by monitoring millions of users’ health tracking behaviours online, the large number of Google search queries gathered can be analysed to reveal if there is the presence of flu-like illness in a population. Google Flu Trends compares these findings to a historic baseline level of influenza activity for its corresponding region and then reports the activity level as either minimal, low, moderate, high, or intense. These estimates have been generally consistent with conventional surveillance data collected by health agencies, both nationally and regionally. There are alternatives! DuckDuckGo is my current favourite. Others: Startpage, Ixquick, Blekko, Ask.com with AskEraser + more Check their privacy policy! RTFM! https://en.wikipedia.org/wiki/Google_Flu_Trends http://www.howtogeek.com/113513/5-alternative-search-engines-that-respect-your-privacy/ VPN :: What Is? A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer or Wi-Fi-enabled device to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security and management policies of the private network. A VPN is created by establishing a virtual point-topoint connection through the use of dedicated connections, virtual tunnelling protocols, or traffic encryptions. While VPN encryption may stop adversaries from monitoring your data, they can still gather the metadata, which tells them you are hiding data . It can also show usage patterns (how much data at what time of day) https://en.wikipedia.org/wiki/Virtual_private_network VPN :: Uses - Connect to a remote office. Have a continuous internet connection, no matter where you are. Subvert internet censorship. Hide the content of your internet session from (local) prying eyes. Obfuscate your location from the servers you are accessing. Access TV shows and other content which is not available at your location. Using a VPN - Setting up a VPN is easy, and there are various tutorials online. Various businesses and non-profits provide VPN services. Not all VPN services are equal, each organisation may distinguish themselves on things like speed, privacy, local laws and jurisdiction, data limits, etc. Some are free, but most are paid subscriptions starting from a few dollars per month. http://www.pcworld.com/article/2030763/how-and-why-to-set-up-a-vpn-today.html http://torrentfreak.com/which-vpn-services-take-your-anonymity-seriously-2014-edition-140315/ I2P :: What is? - I2P is an anonymous overlay network - a network within a network. It is intended to protect communication from dragnet surveillance and monitoring by third parties such as ISPs. - I2P is used by many people who care about their privacy: activists, oppressed people, journalists and whistle-blowers, as well as the average person. - The software is free and open source https://geti2p.net/en/ https://en.wikipedia.org/wiki/I2P TOR – The Onion Router What is Tor? “Software for enabling online anonymity and resisting censorship. It is designed to make it possible for users to surf the Internet anonymously, so their activities and location cannot be discovered by government agencies, corporations, or anyone else.” Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than five thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult for Internet activity to be traced back to the user: this includes "visits to Web sites, online posts, instant messages, and other communication forms". Tor's use is intended to protect the personal privacy of users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored. An extract of a Top Secret appraisal by the National Security Agency (NSA) characterized Tor as "the King of high secure, low latency Internet anonymity" with "no contenders for the throne in waiting". https://www.torproject.org/ https://en.wikipedia.org/wiki/Tor_%28anonymity_network%29 https://en.wikipedia.org/wiki/Onion_routing TOR :: What it (kind of) looks like TOR :: Onion Routing TOR :: Onion Routing Image Author: Primepq - https://en.wikipedia.org/wiki/File:Decryption_mix_net.png TOR :: Some Stats TOR:: Demo TOR Browser Demonstration Tails “When NSA whistle-blower Edward Snowden first emailed Glenn Greenwald, he insisted on using email encryption software called PGP for all communications. But this month, we learned that Snowden used another technology to keep his communications out of the NSA’s prying eyes. It’s called Tails.” Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity, and helps you to: - use the Internet anonymously and circumvent censorship; all connections to the Internet are forced to go through the Tor network; leave no trace on the computer you are using unless you ask it explicitly; use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging. https://tails.boum.org/ http://www.wired.com/2014/04/tails/ Bitcoin Bitcoin is a payment system invented by Satoshi Nakamoto, who published the invention in 2008 and released it as open-source software in 2009. The system is peer-to-peer; users can transact directly without needing an intermediary. Transactions are verified by network nodes and recorded in a public distributed ledger called the block chain. The ledger uses its own unit of account, also called bitcoin. The system works without a central repository or single administrator, which has led the US Treasury to categorize it as a decentralized virtual currency. Bitcoin is often called the first cryptocurrency, although prior systems existed. Bitcoin is more correctly described as the first decentralized digital currency. It is the largest of its kind in terms of total market value. https://en.wikipedia.org/wiki/Bitcoin Bitcoin :: In Brief - Bitcoin is a digital currency When your “wallet” is properly backed up, your own Bitcoin can’t be: lost, stolen, frozen, or seized. Allows a direct and almost immediate transfer of value between two people anywhere in the world. No banks, governments, or organizations control or influence it.* Cannot be counterfeited, inflated, printed, or devalued over time.* A peer-to-peer network functions as a distributed authority to record transactions. Bitcoin operates on free, open-source software on any computer or smart phone. There are no start-up, transaction, or usage fees.* Purchases can be completely anonymous.* Transactions cannot be reversed. Privacy is enhanced with Bitcoin and it reduces identity theft. Bitcoins can be exchanged in open markets for any other currency. http://bitcoinintro.com/ Bitcoin :: What is money? “Money is any item or verifiable record that is generally accepted as payment for goods and services and repayment of debts in a particular country or socioeconomic context, or is easily converted to such a form. The main functions of money are distinguished as: a medium of exchange; a unit of account; a store of value; and, sometimes, a standard of deferred payment. Any item or verifiable record that fulfils these functions can be considered money.” https://en.wikipedia.org/wiki/Money Bitcoin :: What is money? - Among Economists, Philosophers, and tin-foil basement dwellers, there is still strong debate about what “money” is, and what it isn’t. - One interesting thing is that the general public generally have no idea, they just accept today’s money as what it is, without any real thought Interest rates, business cycles, inflation, etc aren’t taught in schools. - No one really knows what “inflation” is, confusing it for CPI (Consumer Price Index) and according to former Federal Reserve Chairman, Ben Bernanke, inflation is a “tax”. Bitcoin :: Money Today? - “Fiat” dollars. - Basically: government tokens for government credits. - No “useful value” on their own, but simply as a way to transfer government credits among each other. - … but hey, the government is competent in what they do! Surely you trust the government to look after and manage a financial system with competence and without corruption, right? LOL Money LOL Money “That’s pretty unfair Les, I mean, that was Zimbabwe, everyone knows they are horrible!” LOL Money “That’s pretty unfair Les, I mean, that was Zimbabwe, everyone knows they are horrible!” “Luckily for us, we have Tony Abbott and the ‘Liberal’ Party”. … but the RBA is independent! “k” Bitcoin Bitcoin:: Demo coinjar.io Blockchain.info Methamphetamine Things not covered - How to securely delete files. Just because you are encrypting, doesn’t mean your data is secure. Your phone is probably already backdoored. So is your computer/laptop. The software you install to protect you could also be backdoored. The software you use might not be secure. Recently a huge hole was found in Secure HTTP, meaning attacks could have decrypted messages/etc. Search for “Heartbleed bug”. Government data collection programs we know about: Prism, XKeyScore, Five Eyes, ECHELON, Government collection programs we don’t know about!? The NBN: Why do you think they really want to build a government network for all information? They care about your fast internet? (LOL) https://en.wikipedia.org/wiki/PRISM_%28surveillance_program%29 https://en.wikipedia.org/wiki/Five_Eyes https://en.wikipedia.org/wiki/XKeyscore https://en.wikipedia.org/wiki/ECHELON Heroes Questions? Thankyou!
