The Internet: Metadata and Privacy

advertisement
Mass-Surveillance, Metadata,
and Methamphetamine.
22nd August 2015 – Things We Know
Leslie Hughes
Disclaimer
The views expressed herein are presented for academic
and/or entertainment purposes, and do not necessarily
reflect those of Leslie Hughes, Monash University, the
Liberal Democratic Party, Things We Know organisers,
or Snoop Dogg.
Nothing here constitutes as any type of professional
advice: legal, technical, or otherwise. You are
responsible for how you use this information.
Listen to Les at your own risk.
Licencing/Copyright
While I am fairly knowledgeable in this discipline, I am not looking to re-invent the
wheel. Much of the information in this presentation has been taken from various
sources on the internet, sometimes word for word.
Where possible, I’ve tried to give credit and/or link the to each website where
material is referenced.
While I have tried to ensure that all content in this presentation is free from restriction
on copying/sharing/etc, I can not guarantee it.
Given that, everything which I have authored may be modified, distributed, copied, in
a personal, commercial, or whatever other means without giving credit. Whatever
restrictions could possibly exist, none of them apply to my work within this slide.
Credit is always nice, but I’d rather the information be out there with no credit, than
not out there at all.
About Les
http://leshugh.es
-
Bachelor of Computer Science, Monash Clayton + Penn State.
Teaching Associate at Monash for seven years.
10+ years working in the I.T. industry.
Secretary of the Liberal Democratic Party in Victoria.
Liberal Democratic Party Candidate – 2014 Victorian Elections.
Winner RuxCon Capture the Flag 2003.
Winner RuxCon Cryptography Challenge 2004.
Has a messy car.
We are being watched.
Telephone:
Australia is known to be an avid user of telephone surveillance.
In 2003, Australia issued 75% more wiretap warrants than the US
did and this was 26 times greater than the US on a per capita
basis. In 2012 it was reported that year-on-year "Access to
private data has increased by 20 per cent by Australia’s law
enforcement and government agencies – and with no warrant."
https://en.wikipedia.org/wiki/Mass_surveillance_in_Australia
We are being watched.
Internet:
In 2013 it was reported that under Australian law state, territory
and federal law enforcement authorities can access a variety of
'non-content' data from internet companies like Telstra, Optus
and Google with authorization by senior police officers or
government officials rather than judicial warrant, and that
"During criminal and revenue investigations in 2011-12,
government agencies accessed private data and internet logs
more than 300,000 times."
https://en.wikipedia.org/wiki/Mass_surveillance_in_Australia
… then came 2014/2015
National Security Legislation Amendment Bill (No. 1) 2014
http://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=s969
-
giving ASIO the power to ‘disrupt’ computers by adding, modifying or
deleting files.
giving ASIO the power to spy on a number of computers – including a
whole computer network – under a single computer-access warrant.
giving ASIS (Australia’s foreign intelligence agency) the power to collect
intelligence on Australian citizens overseas.
creating a new criminal offence, with a maximum penalty of 10 years
imprisonment for revealing information about ‘special intelligence
operations’. This comes with no exceptions and would apply to journalists,
even if they were unaware that they were revealing information about
such an operation.
https://www.citizensnotsuspects.org.au/learn-more
http://www.abc.net.au/news/2014-10-14/journalists-face-jail-for-exposing-security-agency-bungles/5776504
National inSecurity Legislation
Amendment Bill (No.1 ) 2014
Schedule 2—Powers of the Organisation
Part 1—Amendments
Australian Security Intelligence Organisation Act 1979
Subdivision A—Preliminary
4 Section 22 (definition of computer)
Repeal the definition, substitute:
computer means all or part of:
a) one or more computers; or
b) one or more computer systems; or
c) one or more computer networks; or
d) any combination of the above.
http://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=s969
National inSecurity Legislation
Amendment Bill (No.1 ) 2014
-
-
Australian Security Intelligence Organisation officers will now have greater
immunity from prosecution if they commit a crime in the course of a
"special intelligence operation".
Authorised ASIO officers will decide which operations are classed as
"special intelligence operations" and there is no limit on how many
operations can be designated as such. The immunity is broad. The laws
state only that ASIO officers must not be engaged in conduct that causes
death or serious injury, involves a sexual offence against any person or the
significant loss of or damage to property. After Liberal Democrat Senator
David Leyonhjelm raised concerns about ASIO officers using torture, the
government inserted a clause clarifying that torture is not permitted
under these laws.
http://www.smh.com.au/federal-politics/political-news/australias-new-security-laws-explained-20140926-10mh6d.html
National inSecurity Legislation
Amendment Bill (No.1 ) 2014
TORTURE FFS!!!!1!
Under the heading, "Immunity from liability", the bill stated:
A participant in a special intelligence operation is not subject to any civil or
criminal liability for or in relation to conduct if … the conduct does not involve
the participant engaging in any conduct that:
(i) causes the death of, or serious injury to, any person; or
(ii) involves the commission of a sexual offence against any person; or
(iii) causes significant loss of, or serious damage to, property.
Thankyou, based Leyonhjelm.
Telecommunications (Interception and Access)
Amendment (Data Retention) Bill 2015
http://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r5375
Mandatory retention for two years of data relating to the
internet and telecommunications activity of all Australians. This
data could include records of your phone calls and texts, your
location (if you use a mobile phone) and who you send emails to
and who you receive them from. As Sir Tim Berners-Lee said
when he was down under last year, retention of data on this
scale “is so dangerous, you have to think of it as dynamite”.
https://www.citizensnotsuspects.org.au/learn-more/
Telecommunications (Interception and Access)
Amendment (Data Retention) Bill 2015
Twenty-two agencies who will be able to access metadata under
the new laws is actually fewer than the roughly 80 who can do so
currently. As a trade-off under the new laws, Attorney-General
George Brandis limited the number of agencies to crucial crimefighting and national security bodies, removing groups like the
RSPCA and local councils.
http://www.smh.com.au/federal-politics/political-news/2500-metadata-cops-to-search-phone-and-internet-records-20150328-1m9e0a.html
Telecommunications (Interception and Access)
Amendment (Data Retention) Bill 2015
110A Meaning of criminal law-enforcement agency
(1) Each of the following is a criminal law-enforcement agency:
(a) the Australian Federal Police;
(b) a Police Force of a State;
(c) the Australian Commission for Law Enforcement Integrity;
(d) the ACC;
(e) the Australian Customs and Border Protection Service;
(ea) the Australian Securities and Investments Commission;
(eb) the Australian Competition and Consumer Commission;
(f) the Crime Commission;
(g) the Independent Commission Against Corruption;
(h) the Police Integrity Commission;
(i) the IBAC;
(j) the Crime and Corruption Commission of Queensland;
(k) the Corruption and Crime Commission;
http://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r5375
Metadata :: What is?
Metadata is “data about data”
Metadata describes “data”.
Example: Word Document
Author, Word Count, Time Created, Size, Pages, Fonts Used, etc
Metadata can contain more data than the data
itself….
More: https://en.wikipedia.org/wiki/Metadata
What is Metadata?
“We kill people based on metadata”
-- Gen. Michael Hayden
Former head of the National Security Agency
https://www.techdirt.com/articles/20140511/06390427191/michael-hayden-gleefully-admits-we-kill-people-based-metadata.shtml
Metadata :: EXIF
Exchangeable Image File Format
Some metadata collected: Camera
Type, Exposure, Date time, Focal
Length, GPS Location, Phone
Serial Number?
EXIF Data has been used to find
criminals, rob people, and according
to Edward Snowden’s leaks: the NSA
is targeting EXIF information under
the XKeyscore program.
https://en.wikipedia.org/wiki/Exchangeable_image_fi
le_format
http://www.superutils.com/2010/09/to-remove-ornot-to-remove-exif-metadata/
Metadata ::
Twitter
Twitter allows you
to post 140
character text
messages.
The public twitter
API exposes ~31
pieces of metadata.
Twitter themselves
would have further
metadata.
Even more meta-data now:
https://blog.twitter.com/2013/introdu
cing-new-metadata-for-tweets
Metadata :: Further Examples
Phone Calls
- Caller.
- Who they called.
- Date/Time.
- Call Duration.
SMS
- Sender.
- Receiver.
- Message encoding. (UTF8, UnicodeX, …)
- Date/Time.
- Length
http://www.smartposition.nl/resources/sms_pdu.html
Metadata :: Inherent in
Communications Technologies
Metadata embedded in photographs is purely an “extra”; not required for the picture
itself. In contrast, metadata is inherent in communications technologies.
If you have X devices connected to a network, the network must be able to
differentiate between devices.
Mobile Phones
Your phone has a serial number: IMEI (International Mobile Station Equipment
Identity)
You put a SIM card into your phone (Subscriber Identification Module)
Your SIM Card contains an IMSI (International Mobile Subscriber Identity).
You access data (4G/WiFi/etc) each network interface has a MAC Address (Media
Access Control Address)
https://en.wikipedia.org/wiki/International_Mobile_Station_Equipment_Identity
https://en.wikipedia.org/wiki/International_mobile_subscriber_identity
https://en.wikipedia.org/wiki/Subscriber_identity_module
https://en.wikipedia.org/wiki/MAC_address
Metadata :: Technology can leak data.
As a result of the differing technical implementation of various technologies, devices
can leak private data, which although not required for the operation of the device,
can be deduced from required data.
Example: Mobile Phones
In order to relay a phone call or SMS to your mobile device, mobile infrastructure
needs to know what towers you are connected to, and to which ones have the
strongest signal.
With this information, simple physics equations are able to determine your location
within 50metres.
“We just needed to connect your phone, but we know you were at that nudist beach.”
Storing this information indefinitely is cheap and easy.
https://en.wikipedia.org/wiki/Mobile_phone_tracking
http://cryptome.org/2014/01/nsa-sms-exploit.pdf - More on metadata “leakage” and uses.
Metadata :: Technology can leak data.
Stated Differently:
When you have your phone with you and switched on,
telecommunications companies know where you are.
Your location data will be accessible without a warrant for
two years.
Metadata :: Secret Metadata
Steganography: the art or practice of concealing a message, image, or file
within another message, image, or file.
Example: You can hide secret messages in JPEG files.
Your devices may be embedding metadata into your pictures, documents,
without you knowing…. and it’s already been done!
Colour Printers
In 2005 it was discovered that various US Government agencies had been
pressuring/forcing printer companies to mark your print-outs in a nearlyimpossible-to-see way with secret codes.
Thus, if you print something they do not like, they know what printer it came
from.
https://w2.eff.org/Privacy/printers/docucolor/
https://www.eff.org/issues/printers
https://en.wikipedia.org/wiki/Steganography
https://en.wikipedia.org/wiki/Printer_steganography
Metadata :: Secret Metadata
Metadata :: Secret Metadata
Privacy
Most of us value our privacy. We get dressed in private, don't like people
listening in on our phone calls, and choose whether to share our letters, diary
entries, or medical records with others.
Privacy is a basic human impulse, and the right to control who sees our most
personal information and activities is recognised by most democratic legal
systems.
Without Privacy
It would mean that you would be highly vulnerable to the control of others,
you would lose your freedom which may lead to inhibition and tentativeness
and you may be less spontaneous and you would be more likely to be
manipulated.
http://zeroknowledgeprivacy.org/library/why-privacy-matters/
http://www.craigbellamy.net/2006/04/24/privacy/
http://www.privacilla.org/fundamentals/whyprivacy.html
Internet :: What is?
The Internet is a global system of interconnected computer networks that use the
standard Internet protocol suite (TCP/IP) to link several billion devices worldwide. It
is an international network of networks that consists of millions of private, public,
academic, business, and government packet switched networks, linked by a broad
array of electronic, wireless, and optical networking technologies.
The internet is a “Series of Tubes”
-- former United States Senator Ted Stevens (R-Alaska)
Said differently: The internet is “distributed network” or “network of networks”.
Despite Ted Stevens’ obvious ignorance on technical matters, the “series of tubes”
metaphor, at least in my opinion, is a good one when talking about some of the
Internet’s physical implementation.
https://en.wikipedia.org/wiki/Internet
https://en.wikipedia.org/wiki/Series_of_tubes
The Internet Visualised
Author:
https://commons.wikimedia.org/wiki/User:Rezonansowy
Internet :: How is?
A quick lesson on files and bits:
Files, such as a document, photo, or application, are each an array of bits.
- A bit is a 1 or a 0
- 8 bits = 1 byte
- 2^20 bytes = 1 megabyte
- 1-megabyte = 1,048,576 bytes = 8,388,608 bits.
Les wants to send a 3MB photo to his Mum:
3-megabytes = 3,145,728 bytes = 25,165,824 bits.
How do we send 25million+ 1’s or 0’s across the internet?
How does the receiving computer know what to do with the 1s and 0s?
In order for computers to understand each other, “Protocols” are established, in the case of the
Internet, we can use the “Internet Protocol” or IP. As the file is large, we break our file up into
something called “Packets”.
https://en.wikipedia.org/wiki/Bit
https://en.wikipedia.org/wiki/Internet_Protocol
https://en.wikipedia.org/wiki/Network_packet
TCP/IP :: What is?
The Transmission Control Protocol (TCP) is one of the core protocols of the Internet protocol
suite (IP), and is so common that the entire suite is often called TCP/IP.
Web browsers use TCP when they connect to servers on the World Wide Web, and it is used
to deliver email and transfer files from one location to another. HTTP, HTTPS, SMTP, POP3,
IMAP, SSH, FTP, Telnet and a variety of other protocols are typically encapsulated in TCP.
When data is broken up into TCP packets, each packet looks like this. While there is one data
field, there are 16 fields that make up 256 bits of metadata.
https://en.wikipedia.org/
wiki/Transmission_Contr
ol_Protocol
Packets :: The Journey
VIA 7 TUBES!
LES
MUM
Original image author: https://commons.wikimedia.org/wiki/User:Mro
Series of Tubes :: Tubes to 4chan.org
c:\> tracert 4chan.org
Tracing route to 4chan.org [141.101.114.6]
over a maximum of 30 hops:
1
<1 ms
<1 ms
<1 ms 10.0.2.2
2
3 ms
7 ms
4 ms 192.168.0.1
3
10 ms
29 ms
14 ms 10.213.160.1
4
10 ms
9 ms
12 ms CPE-58-175-61-14.vic.bigpond.net.au [58.175.61.14]
5
12 ms
13 ms
15 ms 58.160.7.226
6
11 ms
18 ms
12 ms bundle-ether4.lon-edge902.melbourne.telstra.net [203.50.76.12]
7
14 ms
15 ms
15 ms bundle-ether11.exi-core1.melbourne.telstra.net [203.50.11.113]
8
29 ms
26 ms
28 ms bundle-ether12.chw-core10.sydney.telstra.net [203.50.11.124]
9
40 ms
31 ms
27 ms bundle-ether19.chw-core2.sydney.telstra.net [203.50.11.130]
10
25 ms
34 ms
25 ms tengigabitethernet8-1.ken45.sydney.telstra.net [203.50.19.64]
11
26 ms
26 ms
26 ms pacnet2.lnk.telstra.net [139.130.94.34]
12
29 ms
31 ms
32 ms te0-2-0-0.cr2.syd5.asianetcom.net [203.192.174.181]
13
26 ms
28 ms
26 ms gi2-0-0-900.gw1.syd2.asianetcom.net [202.147.55.90]
14
28 ms
24 ms
26 ms CDF-0011.asianetcom.net [203.192.167.86]
15
28 ms
34 ms
33 ms 141.101.114.6
Trace complete.
Series of Tubes :: Who’s watching?
When sending a file, downloading a movie, or accessing a website, your
packets go though “a series of tubes”, or more accurately, “nodes”. There can
even be “hidden nodes” which are transparent to the user.
Every single node receives a full copy of the data which passes though.
Any node could store relayed information, or a subset of, for various
purposes. (Spying, advertising data, research, etc)
If a node were to collect data, this can be called a “Man-in-the Middle attack”.
There are many methods that can and are used to intercept your
communications. However, an in-depth discussion of this is outside the scope
of this presentation.
https://en.wikipedia.org/wiki/Man-in-the-middle_attack
Series of Tubes :: Madman in the Middle
One form of man-in-the-middle attack is to
use “SSID Spoofing”, where you set up a
wireless access point aimed at tricking
people to connect to your network as
opposed to their intended network.
The same thing can be done with mobile
phone towers, and recent news shows that
Law Enforcement have been actively doing
this.
Adversaries do not necessarily need to be
in “the middle” either.
It’s possible to passively listen in on
wireless communications. Software such
as “Kismet” will allow you to do this on
unencrypted open networks fairly easily.
Image Source: KQED
https://en.wikipedia.org/wiki/Monitor_mode
https://en.wikipedia.org/wiki/Packet_analyzer
https://www.kismetwireless.net/
https://en.wikipedia.org/wiki/IMSI-catcher
https://en.wikipedia.org/wiki/Stingray_phone_tracker
Internet :: Not just for cat photos
Thinking back to Steganography:
Maybe this image, although silly, contains the a secret message , with the
details of what *really* happened to the Titanic.
Internet :: Accessing a website
-
Hypertext Transfer Protocol (HTTP) is the foundation of data
communication for the World Wide Web.
Things such as webpages, videos, images, and sound are often delivered in
your web browser by HTTP, which is why you see the http:// in front of
your website address.
What does accessing a website actually entail from a data/network point of
view?
Let’s check out http://ldpvic.org.au and find out!
Network Demo – Using Firefox’s “Web Developer Tools” (F12)
https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol
Series of Tubes :: Tubes to ldpvic.org.au
c:\> tracert ldpvic.org.au
Tracing route to ldpvic.org.au [143.95.39.205]
over a maximum of 30 hops:
1
<1 ms
<1 ms
<1 ms 10.0.2.2
2
3 ms
3 ms
3 ms 192.168.0.1
3
12 ms
11 ms
11 ms 10.213.160.1
4
10 ms
11 ms
16 ms CPE-58-175-61-14.vic.bigpond.net.au [58.175.61.14]
5
12 ms
13 ms
12 ms 58.160.7.226
6
13 ms
16 ms
16 ms bundle-ether4.lon-edge902.melbourne.telstra.net [203.50.76.12]
7
13 ms
14 ms
13 ms bundle-ether11.exi-core1.melbourne.telstra.net [203.50.11.113]
8
27 ms
28 ms
26 ms bundle-ether12.chw-core10.sydney.telstra.net [203.50.11.124]
9
28 ms
36 ms
31 ms Bundle-ether17.oxf-gw2.sydney.telstra.net [203.50.13.70]
10
27 ms
27 ms
27 ms bundle-ether1.sydo-core01.sydney.reach.com [203.50.13.38]
11
35 ms
27 ms
31 ms i-0-3-2-0.sydo-core02.bi.telstraglobal.net [202.84.220.189]
12
218 ms
216 ms
219 ms i-0-3-0-0.eqnx-core01.bx.telstraglobal.net [202.84.144.17]
13
215 ms
243 ms
218 ms i-0-4-0-3.eqnx03.bi.telstraglobal.net [202.84.251.98]
14
191 ms
182 ms
223 ms l3-peer.eqnx03.pr.telstraglobal.net [134.159.61.106]
15
*
*
*
Request timed out.
16
*
*
*
Request timed out.
17
*
*
*
Request timed out.
18
*
*
*
Request timed out.
19
*
*
*
Request timed out.
20
*
*
*
Request timed out.
21
*
*
*
Request timed out.
22
211 ms
215 ms
212 ms COLO4-DALLA.ear1.Dallas1.Level3.net [4.15.32.134]
23
216 ms
209 ms
211 ms 206.123.64.45
24
216 ms
213 ms
211 ms 72.249.128.74
25
223 ms
212 ms
209 ms starbuck.asmallorange.com [143.95.39.205]
Trace complete.
Series of Tubes :: The Packets
Wireshark Demo: Packet capture http://ldpvic.org.au
https://www.wireshark.org
https://en.wikipedia.org/wiki/Wiresharkrg/
Series of Tubes :: The Packets
This time a secure connection using https://
Firefox Demo: Network https://reddit.com
Series of Tubes :: reddit.com
Series of Tubes :: reddit.com
Series of Tubes :: The Packets
Wireshark Demo: Packet capture https://reddit.com
Encryption/Cryptography
Cryptography is the practice and study of techniques for secure communication in
the presence of third parties (called adversaries). Encryption doesn’t stop others
from intercepting your messages, but attempts to stop them from reading it.
Symmetrical
- Caesar (Add three letters: Les -> Ohv)
- Advanced Encryption Standard (AES)
Asymmetrical
- RSA
- Elliptic Curve cryptography (ECC)
- Lattice-based cryptography
https://en.wikipedia.org/wiki/Encryption
https://en.wikipedia.org/wiki/Cryptography
http://nayuki.eigenstate.org/page/caesar-cipher-javascript
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
https://en.wikipedia.org/wiki/Public-key_cryptography
https://en.wikipedia.org/wiki/RSA_%28cryptosystem%29
https://en.wikipedia.org/wiki/Elliptic_curve_cryptography
https://en.wikipedia.org/wiki/Lattice-based_cryptography
Encryption :: Demo
Caesar Demo :
http://nayuki.eigenstate.org/page/caesar-cipherjavascript
Encryption :: Demo
Portable PGP Demo
Internet :: Cookies and Tracking
What is a cookie?
A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is a small
piece of data sent from a website and stored in a user's web browser while the user is
browsing that website. Every time the user loads the website, the browser sends the
cookie back to the server to notify the website of the user's previous activity.
Tracking cookies and especially third-party tracking cookies are commonly used as
ways to compile long-term records of individuals' browsing histories
Advertisers and Trackers get more Advanced
Online tracking is no longer limited to the installation of the traditional "cookies" that
record websites a user visits. Now, new tools can track in real time the data people are
accessing or browsing on a web page and combine that with data about that user's
location, income, hobbies, and even medical problems.
Large Organisations like Google, Microsoft, Facebook, DoubleClick, QuanCast, Bizo,
and sometimes even your own ISP want to track as much of your online activity as
possible. Your habits, preferences, and personal details can be worth a lot of money!
https://en.wikipedia.org/wiki/HTTP_cookie
https://www.eff.org/issues/online-behavioral-tracking
Stop Tracking: Browser Add-ons
Most recent browsers give you options with regard to accepting cookies, and letting websites
know if you want to be tracked or not.
Web browsers alone are not providing adequate protection against tracking.
There are various web-browser add-ons you can use to help prevent tracking. I personally use a
combination of several, and would recommend using a combination of the following:
HTTPS Everywhere : https://www.eff.org/https-everywhere
Privacy Badger: https://www.eff.org/privacybadger
Disconnect.Me : https://disconnect.me/
Ghostry : https://www.ghostery.com/en/
AdBlock Plus : https://adblockplus.org/
NoScript : http://noscript.net/
RefControl : https://addons.mozilla.org/en-US/firefox/addon/refcontrol/
Lightbeam: https://www.mozilla.org/en-US/lightbeam/
There are also several other methods which can assist in limiting the extent to which you are
tracked, many are out of the scope of this presentation. However the use of VPNs, I2P, TOR will
be covered.
Stop Tracking: Search Engines
Search engines (such as Google and Bing), make money via advertising and selling statistics.
Some organisations spend a lot of time and effort in gathering large amounts of data on your
usage as to create your own personalised dossier which probably knows more about you, than
you know about yourself!
Google’s “Flu Trends” is able to figure out who is sick and where, by monitoring millions of users’
health tracking behaviours online, the large number of Google search queries gathered can be
analysed to reveal if there is the presence of flu-like illness in a population. Google Flu Trends
compares these findings to a historic baseline level of influenza activity for its corresponding
region and then reports the activity level as either minimal, low, moderate, high, or intense.
These estimates have been generally consistent with conventional surveillance data collected by
health agencies, both nationally and regionally.
There are alternatives!
DuckDuckGo is my current favourite.
Others: Startpage, Ixquick, Blekko, Ask.com with AskEraser + more
Check their privacy policy! RTFM!
https://en.wikipedia.org/wiki/Google_Flu_Trends
http://www.howtogeek.com/113513/5-alternative-search-engines-that-respect-your-privacy/
VPN :: What Is?
A virtual private network (VPN) extends a private network across a public network,
such as the Internet. It enables a computer or Wi-Fi-enabled device to send and
receive data across shared or public networks as if it were directly connected to the
private network, while benefiting from the functionality, security and management
policies of the private network. A VPN is created by establishing a virtual point-topoint connection through the use of dedicated connections, virtual tunnelling
protocols, or traffic encryptions.
While VPN encryption may stop adversaries from monitoring your data, they can still
gather the metadata, which tells them you are hiding data . It can also show usage
patterns (how much data at what time of day)
https://en.wikipedia.org/wiki/Virtual_private_network
VPN :: Uses
-
Connect to a remote office.
Have a continuous internet connection, no matter where you are.
Subvert internet censorship.
Hide the content of your internet session from (local) prying eyes.
Obfuscate your location from the servers you are accessing.
Access TV shows and other content which is not available at your location.
Using a VPN
-
Setting up a VPN is easy, and there are various tutorials online.
Various businesses and non-profits provide VPN services.
Not all VPN services are equal, each organisation may distinguish themselves on things
like speed, privacy, local laws and jurisdiction, data limits, etc.
Some are free, but most are paid subscriptions starting from a few dollars per month.
http://www.pcworld.com/article/2030763/how-and-why-to-set-up-a-vpn-today.html
http://torrentfreak.com/which-vpn-services-take-your-anonymity-seriously-2014-edition-140315/
I2P :: What is?
- I2P is an anonymous overlay network - a network within a
network. It is intended to protect communication from
dragnet surveillance and monitoring by third parties such as
ISPs.
- I2P is used by many people who care about their privacy:
activists, oppressed people, journalists and whistle-blowers,
as well as the average person.
- The software is free and open source
https://geti2p.net/en/
https://en.wikipedia.org/wiki/I2P
TOR – The Onion Router
What is Tor?
“Software for enabling online anonymity and resisting censorship. It is designed to
make it possible for users to surf the Internet anonymously, so their activities and
location cannot be discovered by government agencies, corporations, or anyone else.”
Tor directs Internet traffic through a free, worldwide, volunteer network consisting of
more than five thousand relays to conceal a user's location and usage from anyone
conducting network surveillance or traffic analysis. Using Tor makes it more difficult
for Internet activity to be traced back to the user: this includes "visits to Web sites,
online posts, instant messages, and other communication forms". Tor's use is intended
to protect the personal privacy of users, as well as their freedom and ability to
conduct confidential communication by keeping their Internet activities from being
monitored. An extract of a Top Secret appraisal by the National Security Agency (NSA)
characterized Tor as "the King of high secure, low latency Internet anonymity" with
"no contenders for the throne in waiting".
https://www.torproject.org/
https://en.wikipedia.org/wiki/Tor_%28anonymity_network%29
https://en.wikipedia.org/wiki/Onion_routing
TOR :: What it (kind of) looks like
TOR :: Onion Routing
TOR :: Onion Routing
Image Author: Primepq - https://en.wikipedia.org/wiki/File:Decryption_mix_net.png
TOR :: Some Stats
TOR:: Demo
TOR Browser Demonstration
Tails
“When NSA whistle-blower Edward Snowden first emailed Glenn Greenwald,
he insisted on using email encryption software called PGP for all
communications. But this month, we learned that Snowden used another
technology to keep his communications out of the NSA’s prying eyes. It’s called
Tails.”
Tails is a live operating system, that you can start on almost any computer from
a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity,
and helps you to:
-
use the Internet anonymously and circumvent censorship;
all connections to the Internet are forced to go through the Tor network;
leave no trace on the computer you are using unless you ask it explicitly;
use state-of-the-art cryptographic tools to encrypt your files, emails and
instant messaging.
https://tails.boum.org/
http://www.wired.com/2014/04/tails/
Bitcoin
Bitcoin is a payment system invented by Satoshi Nakamoto, who published
the invention in 2008 and released it as open-source software in 2009.
The system is peer-to-peer; users can transact directly without needing an
intermediary. Transactions are verified by network nodes and recorded in a
public distributed ledger called the block chain. The ledger uses its own unit
of account, also called bitcoin. The system works without a central repository
or single administrator, which has led the US Treasury to categorize it as a
decentralized virtual currency. Bitcoin is often called the first cryptocurrency,
although prior systems existed.
Bitcoin is more correctly described as the first decentralized digital currency.
It is the largest of its kind in terms of total market value.
https://en.wikipedia.org/wiki/Bitcoin
Bitcoin :: In Brief
-
Bitcoin is a digital currency
When your “wallet” is properly backed up, your own Bitcoin can’t be: lost, stolen,
frozen, or seized.
Allows a direct and almost immediate transfer of value between two people
anywhere in the world.
No banks, governments, or organizations control or influence it.*
Cannot be counterfeited, inflated, printed, or devalued over time.*
A peer-to-peer network functions as a distributed authority to record transactions.
Bitcoin operates on free, open-source software on any computer or smart phone.
There are no start-up, transaction, or usage fees.*
Purchases can be completely anonymous.*
Transactions cannot be reversed.
Privacy is enhanced with Bitcoin and it reduces identity theft.
Bitcoins can be exchanged in open markets for any other currency.
http://bitcoinintro.com/
Bitcoin :: What is money?
“Money is any item or verifiable record that is generally
accepted as payment for goods and services and
repayment of debts in a particular country or socioeconomic context, or is easily converted to such a form.
The main functions of money are distinguished as: a
medium of exchange; a unit of account; a store of
value; and, sometimes, a standard of deferred
payment. Any item or verifiable record that fulfils these
functions can be considered money.”
https://en.wikipedia.org/wiki/Money
Bitcoin :: What is money?
- Among Economists, Philosophers, and tin-foil basement
dwellers, there is still strong debate about what “money” is,
and what it isn’t.
- One interesting thing is that the general public generally have
no idea, they just accept today’s money as what it is, without
any real thought Interest rates, business cycles, inflation, etc
aren’t taught in schools.
- No one really knows what “inflation” is, confusing it for CPI
(Consumer Price Index) and according to former Federal
Reserve Chairman, Ben Bernanke, inflation is a “tax”.
Bitcoin :: Money Today?
- “Fiat” dollars.
- Basically: government tokens for government credits.
- No “useful value” on their own, but simply as a way
to transfer government credits among each other.
- … but hey, the government is competent in what
they do! Surely you trust the government to look
after and manage a financial system with
competence and without corruption, right?
LOL Money
LOL Money
“That’s pretty unfair Les, I mean, that was
Zimbabwe, everyone knows they are horrible!”
LOL Money
“That’s pretty unfair Les, I mean, that was
Zimbabwe, everyone knows they are horrible!”
“Luckily for us, we have Tony Abbott and the
‘Liberal’ Party”.
… but the RBA is independent!
“k”
Bitcoin
Bitcoin:: Demo
coinjar.io
Blockchain.info
Methamphetamine
Things not covered
-
How to securely delete files.
Just because you are encrypting, doesn’t mean your data is secure.
Your phone is probably already backdoored.
So is your computer/laptop.
The software you install to protect you could also be backdoored.
The software you use might not be secure. Recently a huge hole was found in
Secure HTTP, meaning attacks could have decrypted messages/etc. Search for
“Heartbleed bug”.
Government data collection programs we know about: Prism, XKeyScore, Five
Eyes, ECHELON,
Government collection programs we don’t know about!?
The NBN: Why do you think they really want to build a government network
for all information? They care about your fast internet? (LOL)
https://en.wikipedia.org/wiki/PRISM_%28surveillance_program%29
https://en.wikipedia.org/wiki/Five_Eyes
https://en.wikipedia.org/wiki/XKeyscore
https://en.wikipedia.org/wiki/ECHELON
Heroes
Questions?
Thankyou!
Download