Presentation by Dominic White at ISSA in 2010. This presentation is about online privacy. The presentation begins with a look at what privacy is. Where online privacy leaks occur and the implications of the leaks are discussed. The presentation ends with a brief discussion on how you can protect your online privacy.

1. Online Privacy, the next Battleground
Dominic White, SensePost
1

2. About Me
• Dominic White
– Security guy talking about privacy
– Work:
• Consulting @ SensePost
• http://www.sensepost.com/blog/
– Academic
• MSc Computer Security
– Personal
• http://singe.za.net/
• @singe
2

3. 3
Agenda
• What’s Changed
• Defining Privacy & Private Data
• Collecting Online Private Information
• Online Privacy Attacks
• Defences

4. What’s changed?
• Initial reactions were based on new technology to
record and disseminate information
• Later reactions driven by active recording from
governments and companies
• Today, many lives are no longer just recorded online,
but lived online
4

5. Reactions to New Technology
“[Recent inventions] have invaded the sacred
precincts of private and domestic life; and
numerous mechanical devices threaten to
make good the prediction that "what is
whispered in the closet shall be proclaimed
from the house-tops.“
Warren and Brandeis “The Right to Privacy”
1890
5

6. Total Information Awareness
Post 9/11 project to:
“[Create] enormous computer databases to
gather and store the personal
information of everyone in the United
States, including personal e-mails,
social network analysis, credit card
records, phone calls, medical records,
and numerous other sources, without
any requirement for a search warrant.
Additionally, the program included
funding for biometric surveillance
technologies that could identify and
track individuals using surveillance
cameras, and other methods.”
6https://secure.wikimedia.org/wikipedia/en/wiki/Information_Awareness_Office

7. Your Typical Day
Plan Day
Check Mail
Plan Route
Doctor’s Appointment
Write Report
Phone a Friend
Visit Friends
Watch TV
Google Calendar
Gmail
Google Maps
Google Health
Google Docs
Google Voice
Google Latitude
YouTube
7

8. Follow the Money
The primary business model of today’s most successful
corporation is the monetisation of the mass collection,
correlation & analysis of individual private data
8

9. Private Info Monetised
• Acxiom – 750 billion pieces of information or 1 500 facts
on ½ billion people
– Correlate ‘consumer’ info from signups, surveys, magazine
subscriptions
– $1.38 billion turnover for 2008 FY
• Colligent – Actionable consumer research derived from
social networks
• Rapleaf – 450 million social network profiles
– Submit request and aggregated social network profiles returned
within a day
• Phorm
– uses "behavioural keywords" - keywords derived from a
combination of search terms, URLs and even contextual page
analysis, over time - to find the right users.
9

10. 10
Agenda
• What’s Changed
• Defining Privacy & Private Data
• Collecting Online Private Information
• Online Privacy Attacks
• Defences

11. What is Privacy
• Privacy is misunderstood, undefined, arbitrary and
disregarded
• Many people don’t care about online privacy, the few who do
are accused of extremism
• Poor understanding of actual threats
• What do you think privacy is?
– Secrecy,Concealment,Seclusion,Solitude,Confidentiality,Anonymity
– Prejudicial Information
– Personally Identifiable Information (PII)
– Whatever you want
• Intuitionist approaches abound
11

12. Privacy in Philosophy
• No single answer
• One century of philosophy and law summarized as:
1. Privacy as Control over Information
2. Privacy as Human Dignity
3. Privacy as Intimacy
4. Privacy as Social Relationships
5. Privacy as Restricted Access
6. Privacy as Plurality
12

13. Private Data Defined
• Isn’t Privacy just Security applied to a data subset?
The “C” in CIA?
• Keeping something private is not keeping something
secret
• Implies access control & authorised use
• Example:
– Credit card number used to pay for Pizza
• Access control : employee at Pizzeria
• Authorised use: pay for my order
– Privacy Violation
• Employee shares number with fraudster
• Company sells purchase detail to third party
• Additional facts deduced through data mining
13

14. Aggregation, Correlation & Meta-Data
Online Privacy Leaks
White’s Taxonomy of Online Privacy Invasion
14
Application Data
Rich Browser Environments
Cross Site Tracking
Web
Request
Application Stack Danger

15. Taxonomy | Web Request
• A single web request, e.g. an image on a website
• One webpage is made of multiple requests
• What they can find out
– Location (Latitude, Longitude, City, Country)
– Language
– Operating System & Browser used
– What site you came from
– Internet Service Provider
– Have you been here before?
15
Web
Request

16. Taxonomy | Cross Site Tracking
• Using cookies to track across computers and affiliated
sites
• Cookie is stored on your computer and sent with
every request
• Cookies usually associated with logon details
• What they can find out
– Who you are
– What sites you visit (affiliates)
– Behavioral profiles
16
Cross Site Tracking

17. Advertisers Allowing Opt-Out
• Acerno
• Adtech
• Advertising.com
• AOL
• Akamai
• AlmondNet
• Atlas
• Microsoft
• Audience Science
• Blue Kai
• Bluestreak
Source:
www.dubfire.net/opt-out/
• Next Action
• NexTag
• Media 6 Degrees
• Media Math
• MindSet Media
• Nielsen Online
• Omniture
• OpenX
• PrecisionClick
• Safecount
• Question Market
• Smart Adserver
17
• BrightRoll
• BTBuckets
• Collective Media
• Cossette
• Eyeblaster
• Exelator
• Fox Audience
Network
• Google
• Doubleclick
• interCLICK
• Lotame
• Tacoda Audience
Networks
• Traffic
Marketplace
• Tribal Fusion
• Exponential
• Turn
• Undertone
Networks
• Zedo
• ValueClick
• Mediaplex
• [x+1]

18. Taxonomy | Rich Browser Environments
• Rich Web 2.0 Technologies
– JavaScript / AJAX
– Flash / Silverlight
• What they can find out
– Browser history
– Clipboard data
– Key presses
– Visual stimulus
– Browser plug-ins
– Desktop display preferences
18
Rich Browser
Environments

19. CSS History Hack
available at http://singe.za.net/privacy/privacy.html
modified from http://ha.ckers.org/weird/CSS-history.cgi
stolen from http://blackdragon.jungsonnstudios.com/
19

20. Taxonomy | Application Data
• Rich information inputs
• Structured & unstructured data (previously only structured)
– Search requests
– E-mails
– Calendar items
– Instant Message Communications
• What they can find out
– Who you are
– Who your friends are
– What you’re doing on Sunday
– Your interests
20
Application Data

21. Application Data Example
21
• Search logs
• Far less information rich than e-mail
• Or are they …
• “Anonymised” search logs released by AOL
• AOL User 4417749
• Thelma Arnold
• Lilburn, Georgia

22. Taxonomy | Aggregation, Correlation
& Meta -Data
• Combining the previous levels
• Meta - Data – Include interactions with applications
• Aggregation – combining the information from various
sources
• Correlation – normalising entities across sources
• Provides information you may not be aware of
– e.g. Advertising profile
• What they can find out
– Social networks
– Behavioural profiles
– Psychological profiles
– Deep databases
22
Aggregation,
Correlation & Meta-
Data

23. 23
Agenda
• What’s Changed
• Defining Privacy & Private Data
• Collecting Online Private Information
• Online Privacy Attacks
• Defences

24. Correlation Demo
• Demo - How much information do you really leak publicly
– Name and Surname
• Known aliases
– Contacts
• Email addresses
• Physical location / street address
• Phone numbers
– Physical / Mobile
– IM/Skype details
– Associations and memberships (social networks + real life)
– Education
– Employment history
– Profiles of
• Family
• Friends
24

25. Meta Data Demo
• Data you may not be aware of leaking
• Complex insights into relationships available
• Social network example
– Twitter
– Facebook
25

26. 26
Agenda
• What’s Changed
• Defining Privacy & Private Data
• Collecting Online Private Information
• Online Privacy Attacks
• Defences

27. Threat Information
• Information leads to more information
– Don’t view info in isolation
• Simple leaks become fixation points for correlation
– Just mentioning a child’s name…
• Combining information leads to new, possibly undisclosed
information
• You leak more than you know
• Don’t trust people based on their knowledge of you
• View your disclosures as a whole (think correlation points)
• Err on the side of caution, you can’t undo a leak
27

28. Defences
• Connection
– MAC rotation
– Secured Medium
– Egress Firewall Filtering
• Network
– VPN: Prevents local
disclosure, Easy to spot
– Covert Channels: DNS, ICMP,
Steganography
– Proxies
– TOR
• Web Browser
– SRWare
– NoScript
– CookieButton
• Applications
– Don’t use if possible
– Don’t Identify
– Limit your disclosure
– Limit public disclosure
– Ensure authoritative source
• Correlation/Aggregation
– Temporary Information (e.g.
Mailinator)
– False Information (e.g.
FaceCloak)
– Split Across Providers
– Isolate cross-web invaders
• Plan for privacy breach!
– Request removal, offload risk,
change details, muddy waters
29

29. QUESTIONS?
Thanks to Paterva, Chris Sumner & Moxie Marlinspike
31