Web brother is watching you

Download Web brother is watching you

Post on 09-May-2015

2.183 views

Category:

Technology

1 download

Embed Size (px)

DESCRIPTION

Several aspects regarding the user privacy in the context of actual Web applications: treats and possible solutions.

TRANSCRIPT

<ul><li>1.Dr. Sabin Buragawww.purl.org/net/busaco Web brother is watching you!? </li></ul> <p>2. have you heard the news ? 3. Mark Zuckerberg (Facebook) www.guardian.co.uk/technology/2010/jan/11/facebook-privacy the age of privacy is over 4. Eric Schmidt (Google) http://gawker.com/5419271/google-ceo-secrets-are-for-filthy-people if you have something that you dont want anyone to know, maybe you shouldnt be doing it in the first place 5. what is privacy? 6. privacy is about secrecy 7. privacy is about secrecy 8. privacy: a persons right to control access to his/her personal information 9. privacy: a persons right to control access to his/her personal information 10. privacy is an inherent human right 11. privacy is an inherent human right a requirement for maintaining the human condition with dignity and respect Bruce Schneier, 2006 12. basic kinds of privacy rights 13. basic kinds of privacy rights unreasonable intrusion 14. basic kinds of privacy rights unreasonable intrusion e.g., physical/virtual invasion of the private space, searching wallet or USB disks, repeated &amp; persistent phone calls, obtaining data without persons consent, 15. basic kinds of privacy rights appropriation of a persons name or likeness 16. basic kinds of privacy rights appropriation of a persons name or likeness the use of a persons name on a product label or in advertising a product or service injury to personal feelings 17. basic kinds of privacy rights publication of private facts 18. basic kinds of privacy rights publication of private facts examples: personal letters, medical treatment, photographs of person in his/her home, ordered goodies, Web browser history 19. basic kinds of privacy rights publication that places a person in a false light 20. basic kinds of privacy rights publication that places a person in a false light defamation acts 21. liberty versus control 22. if there is the privacy of garbage 23. if there is the privacy of garbage then why not the privacy of virtual life? 24. Making Sense of Privacy and Publicity danah boyd, SXSW 2010 www.danah.org/papers/talks/2010/SXSW2010.html 25. main offenders 26. marketers 27. marketers spying on Web users 28. marketers companies are collecting information (via cookies, entered text, Flash cookies,) on Web pages you visit 29. http://blogs.wsj.com/wtk/ 30. solution: Ghostery 31. password crackers 32. password crackers using high speed GPU (video card) processors or SSD drives to crack passwords https://cyberarms.wordpress.com/ 33. password crackers http://tinyurl.com/ybhrhbv using SSD drives could crack passwords at a rate of 300 billion passwords a second, and could decode complex password in under 5.3 seconds 34. users having access to (public wireless) networks 35. users having access to (public wireless) networks capturing HTTP messages: client server 36. users having access to (public wireless) networks capturing HTTP messages: client server impersonating the victims on a variety of Web sites 37. users having access to (public wireless) networks available tools: WireShark, Firebug (Lite), HTTPwatch, Fiddler, 38. users having access to (public wireless) networks available tools: WireShark, Firebug (Lite), HTTPwatch, Fiddler, 39. users having access to (public wireless) networks available tools: Firesheep a benevolent HTTP session hijacker (October 2010) 40. users having access to (public wireless) networks available tools: Firesheep a benevolent HTTP session hijacker 41. resolving this issue: How to Deploy HTTPS Correctly Chris Palmer (November 2010) www.eff.org/pages/how-deploy-https-correctly 42. HTTPS Everywhere extension www.eff.org/https-everywhere 43. but real-time encryption is computationally expansive! 44. NOT any more! www.imperialviolet.org/2010/06/25/overclocking-ssl.html SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory per connection and less than 2% of network overhead 45. a long term solution? 46. WebID (FOAF+TLS) a secure authentication protocol for the social Web to enable the building of distributed, open and secure social networks Henry Story, 2010 47. WebID (FOAF+TLS) using semantic Web standards + security protocols built into current Web browsers web of trust 48. Web brother is still watching you ? </p>