Your Privacy Online by Alex McGeorge
Version 4.1 - Presented at Debauchery NC, 2016
My name is Alex McGeorge and I break into things for a living with Immunity, Inc.
I also teach some of these things to others and occasionally I put on a suit and talk into a camera
There are some limitations..
You may value your privacy or be worried that someone is actively trying to snoop on you
Some of the topics we cover in this talk will help you make their job more difficult
I am not an employee of: Facebook, Google, FetLife, Recon, DropBox, Microsoft, etc.
I can not comment on what they actually do with your data only what is possible
Nothing I say here will prepare you for a nation state level adversary
Allow me to save you some time: if the NSA is your enemy, you're fucked
|
|
Not really, any social networking site or forum will have similar information
FetLife profile photo |
Talking head photo |
File name : dsc_0790.jpg File size : 4654488 bytes File date : 2008:07:16 09:45:20 |
Camera make : NIKON CORPORATION Camera model : NIKON D200 Date/Time : 2007:06:23 22:00:14 |
Resolution : 3880 x 2608 Exposure bias: 1.00 Whitebalance : Auto |
Exposure : aperture priority (semi-auto) GPS Latitude : 41.40338 GPS Longitude: 2.17403 |
DateCreated : 20070623 Time Created : 220014 Record vers. : 4 |
Here are some: Windows Options, Mac Options, and Linux Instructions.
Note: I have only tried the Linux methods (because I am a big nerd)
Let's talk about stopping people from snooping on you via your router
What files? Maybe high quality videos of your.. unique desires
Allow me to tell you about a WiFi network I used to run...
VPNs are a good way to mitigate this risk, get in the habit of using them away from home
Not surprisingly there's a lot to say
Yes, the gear to do this has gotten cheaper but is still a few thousand dollars investment
A safe assumption is: it can be done and will only become cheaper to do
Well..
|
|
Yes, many more things become possible such as
Ashley Madison |
FetLife Hacked! |
FetLife phonies! |
Not really, someone just scraped a bunch of the information public account information and made a searchable relational database out of it
While I was thinking about updating this class I had a spammy FetLife friend request
I figured I would take you through my brief "legitness" workflow
Run the image through Google reverse image search and TinEye
Is there a link to an external site in their profile?
Are their friends a bunch of dudes from all over?
Various bits and bobs that I think are relevant to online privacy
FDE encrypts the entire contents of a disk drive such that if anyone steals it they will not be able to retrieve any of the data on it unless they have the password
Do get a lawyer! There are situations they can help you resolve
They can also (hopefully) help you avoid looking like a giant idiot if you have no case