ONLINE PRIVACY THREATS TO YOU AND YOUR FAMILY@IceQUICK @DC970

April 16, 2015

AGENDA

Who is DC970? What’s going on? Why should you care? What can you do about it? Questions

WHO IS DC970 DEF CON is one of the world’s largest hacker

conferences Occurs every year in Las Vegas Over 16,000 attended in 2014

DC970 is a local meet up with similar interest Meets the 3rd Thursday of the month at Wild Boar Café

One of a handful of groups around Northern Colorado E.g. NoCo2600.org meets the 1st Friday of the month at Centerra Starbucks

WIRELESS – CURRENT STATE WPA2 released in 2004 WPA released in 2003 WEP released in 1999

162.5M+ data points on

https://wigle.net/

HOW TOR WORKS TO KEEP YOU SAFE ONLINE

WHAT’S GOING ON? Search for ‘best Bluetooth headset’ Visit an online store, buy nothing Later, browse to a news site See ads for Bluetooth headsets

On nearly every site (85%+) something is logging you Combined (Big Data?), this data can put together a full

picture of you

COVERAGE

WHY SHOULD YOU CARE? It’s your personal data! I trust the people holding my personal information… If I’m not doing anything illegal… I don’t post extreme political or religious stuff on

Facebook…

YOUR DATA Renting a sexy video Discussing business with a

partner Emailing an off-color joke Text messages to your lover Seeking help for depression Writing about your past

history of alcoholism Your online search and

browsing history (yes, all of it)

YOUR DATA IN THEIR HANDS Renting a sexy video Discussing business with a

partner Emailing an off-color joke Text messages to your lover Seeking help for depression Writing about your past history

of alcoholism Your online search and

browsing history (yes, all of it)

A boss who wants to lower your wages

A political opponent A business competitor A disgruntled neighbor A criminal The town gossip An important business

clientSource:https://www.reddit.com/r/privacy/wiki/index

WHAT CAN YOU DO ABOUT IT?

Threat Matrix Countermeasures

Change your habits Browser Device Network Advanced

THREAT MATRIX

Who you are fighting against will determine your tactics

Some (or all) of: Lone wolf hackers Underground criminal enterprises Private corporations Telecom Providers Governments

HABITS Change Search Engine

Startpage.com DuckDuckGo.com

Reduce quantity/quality of personal data you post

Configure social sites for privacy ‘AVG PrivacyFix’ can help

Segregate online identities Chrome for sites you log in to Firefox for generic

reading/searching

BROWSER Lock down configurations Plug-ins (basic)

HTTPS Everywhere Ghostery Disconnect AVG PrivacyFix

Fewer options on mobile

Plug-ins (advanced Certificate Patrol Request Policy NoScript

DEVICE Lock down configuration HOSTS File

NETWORK PROS Route everything through VPN Comcast can’t see what sites / files you’re downloading The bad guys (ad sites, Facebook) won’t know your home

IP CONS Increases latency (gaming, VOIP) Some sites block common VPN exits (Craigslist,

Nordstrom)

ADVANCED Separate computers for separate online identities Separate home networks for separate functions Use of Tor and I2P Browser Fingerprinting https://panopticlick.eff.org/

REFERENCES https://www.reddit.com/r/privacy https://prism-break.org/ https://www.privacytools.io/ http://grugq.tumblr.com/

WOULD YOU LIKE TO SEE MORE?

If DC970 came back, what topic / demo would you like to see?