Your Privacy Online by Alex McGeorge
Version 4.2 - Presented at Black Rose Tuesday Education 10/18/16
My name is Alex McGeorge and I break into things for a living with Immunity, Inc.
There are some limitations..
You may value your privacy or be worried that someone is actively trying to snoop on you
Some of the topics we cover in this talk will help you make their job more difficult
I am not an employee of: Facebook, Google, FetLife, Recon, DropBox, Microsoft, etc.
I can not comment on what they actually do with your data only what is possible
Nothing I say here will prepare you for a nation state level adversary
Allow me to save you some time: if the NSA is your enemy, you're fucked
Not really, any social networking site or forum will have similar information
FetLife profile photo
Talking head photo
File name : dsc_0790.jpg |
File size : 4654488 bytes
File date : 2008:07:16 09:45:20
Camera make : NIKON CORPORATION |
Camera model : NIKON D200
Date/Time : 2007:06:23 22:00:14
Resolution : 3880 x 2608
Exposure bias: 1.00
Whitebalance : Auto
Exposure : aperture priority (semi-auto) |
GPS Latitude : 41.40338
GPS Longitude: 2.17403
DateCreated : 20070623
Time Created : 220014
Record vers. : 4
Note: I have only tried the Linux methods (because I am a big nerd)
Find the latest recommendations from Torrent Freak
Let's talk about stopping people from snooping on you via your router
What files? Maybe high quality videos of your.. unique desires
Allow me to tell you about a WiFi network I used to run...
VPNs are a good way to mitigate this risk, get in the habit of using them away from home
Not surprisingly there's a lot to say
Yes, the gear to do this has gotten cheaper but is still a few thousand dollars investment
A safe assumption is: it can be done and will only become cheaper to do
Yes, many more things become possible such as
Not really, someone just scraped a bunch of the information public account information and made a searchable relational database out of it
While I was thinking about updating this class I had a spammy FetLife friend request
I figured I would take you through my brief "legitness" workflow
Is there a link to an external site in their profile?
Are their friends a bunch of dudes from all over?
Various bits and bobs that I think are relevant to online privacy
FDE encrypts the entire contents of a disk drive such that if anyone steals it they will not be able to retrieve any of the data on it unless they have the password
Do get a lawyer! There are situations they can help you resolve
They can also (hopefully) help you avoid looking like a giant idiot if you have no case
This presentation has been made with Flowtime.js