You've probably heard the phrase "If a Service is Free, You Are the Product". While there are exceptions, it's definitely the norm when it comes to web services.
Our interactions with online portals expose a wealth of personal information. When such services become compromised, the exposure of that information can have far reaching consequences for their users.
The damage to a company's reputation is often irreversable, and at the very least such events put marketing departments on the defensive. Yet, few who are in a position to attract attention have been immune to attacks. Well-intentioned employees get manipulated, and customer details get exposed.
With each high profile data leak, it becomes more apparent that the only way to keep private information secret is to ensure that it remains inaccessible even to yourself.
At XWiki we've been developing systems which use cryptography and distributed computing to offer real time collaboration systems which keep the server oblivious of the contents of a session's contents. Zero Knowledge systems protect not just your customers, but your reputation.
This presentation focuses on how an organization can use such systems, and keep its information safe, even from itself.
2. 09/19/16
$whoami
● Aaron MacSween (IRL)
● https://github.com/ansuz
● https://keybase.io/ansuz
● Research Engineer at XWikiSAS
● building tools for Collaborative Real Time Editing
(CRTE)
4. 09/19/16
The Old Economy
● Businesses and individuals buy and sell goods
and services to each other
● Many services are provided by local businesses
● Globally available products are sold for cash
● Paper records are difficult to analyze
6. 09/19/16
Old Economy Analytics
“Being a Nielsen
household brought
with it some nice
perks. They actually
paid us. We got a
check several times a
year for $50. Now,
that’s not a lot of
money, but every little
bit helps.”
7. 09/19/16
Running an Old Economy Business
● Data is expensive
● Data is biased because users self-select
● Only metadata can be analyzed
● Data science was still fairly primitive
8. 09/19/16
What we learned
● Consumer relations are tangible
● You can always just stop buying
● Boycotts are effective
● Users have a lot of power
10. 09/19/16
● Over time the economy changed into something
else
● Few people noticed
● The results were hilarious, or depressing
depending on your perspective
11. 09/19/16
The Data Economy
● Data is plentiful and profitable
● Comprehensive privacy is practically
unattainable
● Sell once to users, sell again to marketers
● Users don't have much option
● Users probably don't need to know that you're
selling their data
13. 09/19/16
How much is your data worth?
● $0.50-$2.11 per 1000 people
– ($0.0005-$0.0021 each)
● Pregnant in your second trimester?
– $0.11
● Have a specific health condition?
– $0.26
● $2200 Credit card stolen?
– $190 on the dark web
16. 09/19/16
Full Delete
● For a mere $19, users could 'fully delete' their
account information
● This feature modified some data, but left behind data
which could potentially be personally identifying
18. 09/19/16
The Sad and Lulzy Truth
● Ashley Madison used bots to simulate women
and attract male users
● 31,343,429 male accounts in the database
● “Out of 5.5 million female accounts, roughly
zero percent had ever shown any kind of
activity at all, after the day they were created.”
19. 09/19/16
The Plan
● Attract male users by pretending to have
female users
● Wait until male users get bored or feel guilty
● Charge $19 to delete user information
● Don't actually delete user information
● Get hacked and leak everything
● Shrug it off and keep selling to chumps
21. 09/19/16
Pregnancy Tracking Apps
● menstruation cycle
● weight
● medications
● cervical mucous appearance
● history of abortions
● diarrhea, low sex drive, mood
● all with poor security standards...
22. 09/19/16
Glow Pregnancy App
● Accounts linked without
permission ✔
● Personal Data Transmitted in
Forums ✔
● Passwords Changed by
Attackers ✔
23. 09/19/16
A Testimonial
Seven months after my miscarriage, mere weeks
before my due date, I came home from work to find
a package on my welcome mat. It was a box of
baby formula bearing the note:
“We may all do it differently, but the joy of
parenthood is something we all share.”
pregnancy tracking app not disclosed*
24. 09/19/16
I hadn’t realized, however, that when I had
entered my information into the pregnancy app,
the company would then share it with marketing
groups targeting new mothers.
Although I logged my miscarriage into the app
and stopped using it, that change in status
apparently wasn’t passed along.
26. 09/19/16
The Internet of Things
● hardware margins start at 2%
● vendors compete to offer the most for the lowest
price
● the only way to make money is to
● lock your customers into buying
● collect your customers' data and hope someone
will buy
29. 09/19/16
● The devices share temperature data (sent once a
minute), and intensity settings (in real time)
● “We want to question that assumption and say you
know if you you're making [intimate] devices that
are controlled by mobile apps, maybe you should
consider whether you should be collecting that
information in the first place. If the information isn't
collected, then its not vulnerable to either security
or data releases and legal enforcement.” – Followr
30. 09/19/16
Lawsuit Pending
● The suit also alleges that without explaining to
customers, the toy collects data on date, time of
use, and settings, along the user’s personal
email and transmits the information to the
Ottawa company.
● “Any data you collect will probably leak; any
data you retain will definitely leak. If the NSA
can't stop its secrets from leaking, what chance
does Standard Innovation stand?”
31. 09/19/16
That's just how it works!
● You can't just connect two devices over the
internet
● You need some server to act as an intermediary
● Servers naturally collect metadata
● It's not that big a deal
32. 09/19/16
That's not just how it works!
● The web has improved!
● We have technology like WebRTC for peer to
peer communication
● You may still create metadata, but most of what
you send can be encrypted
● India, the Philippines and Alabama criminally
punish the sale or possession of sex toys
37. 09/19/16
The Zero Knowledge Economy
● Users can't verify that a service has deleted
their data, and must rely on trust
● Service operators commonly abuse trust
● When sensitive information is involved, a user's
best option is to prevent the operator from ever
having access to their data
38. 09/19/16
The Zero Knowledge Economy
● Businesses provide a service to clients with a guarantee
of confidentiality
● Privacy is assured via Cryptography, not empty
promises
● Cryptography is open source, SaaS for paying users
● Paid apps use local computation where no network (or
cryptography) is necessary
● Sensitive information is never available to those who
might abuse it (malicious hackers or otherwise)
43. 09/19/16
That's it?
● Most collaborative apps have been built with the
assumption that servers have to know
everything!
● Zero-Knowledge applications are still a
relatively untapped market
● When you respect a user's privacy, you earn
their loyalty