Data Privacy on the Web

Total Page:16

File Type:pdf, Size:1020Kb

Data Privacy on the Web Data Privacy On The Web McMaster Software Freedom March 3, 2020 Outline 1 Introduction 2 Data Scraping Demo 3 Theory 4 Tutorial 5 Wrapping Up 1 23 Introduction The Presenters Sil Hamilton, 3rd Year English & Multimedia S.M Mukarram Nainar, 2nd year Mathematics & Physics 2 23 McMaster Software Freedom Student group formed to promote software freedom and computer literacy on campus Bi-monthly drop-in meetings to discuss a wide variety of topics: I data privacy I operating systems I current aairs I programming See macswf.ca for more information and scheduled meetings 3 23 Privacy and Why It Matters Privacy is a complicated topic; depending mainly on personal politics Companies track a lot, but the steps required to counter-act it are easy These steps do not need to negatively aect your experience! Information is Power! I advertising is (surprisingly) eective I that should worry you 4 23 Data Scraping Demo Panopticlick Go to https://panopticlick.eff.org/ I note the items being gathered 5 23 Theory Entropy Measure of information One bit of entropy = cuts down possibilities by half 33 bits of entropy uniquely identies anyone globally I log2 (7 billion) ≈ 32.8 6 23 The Web How does the internet work? Servers Addresses & DNS HTTP & TLS Javascript 7 23 Servers The Web follows a "client-server" model You are a client; everything you do runs through a server Servers are just other people’s computers 8 23 Addresses & DNS The internet is primarily run on the IPv4 protocol, used to assign addresses to connected devices Address in this case means a unique series of numbers to dierentiate devices Limited space: 232 possible addresses Rent out to countries, institutions, and companies in blocks; then rented to you (by ISP) Typically leased dynamically, but does not change often 9 23 HTTP & TLS Base protocols HTTP is stateless I the protocol doesn’t store information I however, both the client and server can cookies, localstore HTTP Verbs I GET, POST, etc TLS encrypts and authenticates the connection I covered in more detail in next workshop 10 23 Javascript Arbitrary code on your client Huge risk, since you can’t (usually) know what code does until you run it Blocking (at least some) javascript is the best way to avoid tracking It can also be quite heavy on your computer 11 23 Knowing Yourself Moving on from the wider web: how do you t in? IP Address Useragents Cookies & localstorage Referers Passwords Fonts & more 12 23 IP Address IP is necessarily visible to all those you connect to Means you have a consistent identity when surng Primary method for tracking individuals over time ISP will keep logs of your activity VPNs and public networks may be used to mitigate this I Mullvad I Nord VPN (possibily compromised) I ExpressVPN, etc. Public networks introduce their own security implications 13 23 Useragent Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefoxversion String read by websites to detect your browser version Sent by your web browser in the header of a HTTP request Contains information regarding your specics I Compatibility I Rendering engine I Operating system I Browser Can be fairly unique depending on your context Mitigated by spoong (eg. Useragent Switcher) 14 23 Cookies & localStorage Cookies are the primary method for enabling persistence, manipulated with HTTP headers and used for. I login information I settings SameSite cookies (locality), averted by advertising domains Deprecated by localStorage (Web API) I accessed and modied via JS (client-side scripts) I supposed to be only read by the client I no expiration date, but only allows <10MB I essentially the same for tracking companies Among other mitigations, Cookie AutoDelete is good 15 23 Referers HTTP header often contains address of site visited immediately prior Enables gathering information for analysis HTTPS sites will not pass along data to non-secured sites Danger crops up when websites receive referers linking to sensitive information Referer is shared with third-party sites even without leaving a page, eg. CDNs Website can dictate referrer-policy (two Rs!) Add-ons can delete referer after the fact, eg. uMatrix 16 23 Passwords 17 23 Passwords Continued Passwords do not need to be complicated (for us)! I Six "random" words with non-regular capitalizations and special characters is good enough Best practice is to have a unique password for each service you have (don’t re-use them) I https://haveibeenpwned.com/ Various convenient password managers exist I KeepassXC I Firefox Lockwise 18 23 Fonts & Other "Features" Websites can request locally installed fonts with JS Leaks a lot of information (more entropy, etc.) 19 23 Do Not Track Essentially useless! Adds extra entropy 20 23 Tutorial Content Blocking Most add-ons are a one-time install, no conguration necessary uMatrix: an excellent all-in-one lter & blocking tool 21 23 Pi-hole Useful tool for DNS ltering Demonstration 22 23 Wrapping Up Final Notes Presentation slides will be available on our website I macswf.ca Thank you! 23 / 23.
Recommended publications
  • Download the Google Play App for Firefox Download the Google Play App for Firefox
    download the google play app for firefox Download the google play app for firefox. Completing the CAPTCHA proves you are a human and gives you temporary access to the web property. What can I do to prevent this in the future? If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware. If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices. Another way to prevent getting this page in the future is to use Privacy Pass. You may need to download version 2.0 now from the Chrome Web Store. Cloudflare Ray ID: 679fdb395c10c3f7 • Your IP : 188.246.226.140 • Performance & security by Cloudflare. Firefox Browser. No shady privacy policies or back doors for advertisers. Just a lightning fast browser that doesn’t sell you out. Latest Firefox features. Picture-in-Picture. Pop a video out of the browser window so you can stream and multitask. Expanded Dark Mode. Take it easy on your eyes every time you go online. An extra layer of protection. DNS over HTTPS (DoH) helps keep internet service providers from selling your data. Do what you do online. Firefox Browser isn’t watching. How Firefox compares to other browsers. Get all the speed and tools with none of the invasions of privacy. Firefox Browser collects so little data about you, we don’t even require your email address to download.
    [Show full text]
  • Mozilla Apps Download Firefox Browser
    mozilla apps download Firefox Browser. No shady privacy policies or back doors for advertisers. Just a lightning fast browser that doesn’t sell you out. Latest Firefox features. Picture-in-Picture. Pop a video out of the browser window so you can stream and multitask. Expanded Dark Mode. Take it easy on your eyes every time you go online. An extra layer of protection. DNS over HTTPS (DoH) helps keep internet service providers from selling your data. Do what you do online. Firefox Browser isn’t watching. How Firefox compares to other browsers. Get all the speed and tools with none of the invasions of privacy. Firefox Browser collects so little data about you, we don’t even require your email address to download. That’s because unlike other browsers, we have no financial stake in following you around the web. Compare Firefox to: We block the ad trackers. You explore the internet faster. Ads are distracting and make web pages load slower while their trackers watch every move you make online. The Firefox Browser blocks most trackers automatically, so there’s no need to dig into your security settings. See your protection report. Firefox is for everyone. Available in over 90 languages, and compatible with Windows, Mac and Linux machines, Firefox works no matter what you’re using or where you are. Make sure your operating system is up to date for the best experience. Put Firefox on all your devices. Take your privacy with you everywhere. Firefox Browsers for iOS and Android have the same strong privacy settings to block trackers from following you around the web, no matter where you are.
    [Show full text]
  • Ftp Mozilla Firefox Download
    Ftp mozilla firefox download LINK TO DOWNLOAD Get Firefox, a free web browser backed by Mozilla, a non-profit dedicated to internet health and privacy. Available now on Windows, Mac, Linux, Android and iOS. 22 rows · Index of /pub/firefox/releases// Type Name Size Last Modified; Dir.. Dir: jsshell/ Dir: . Apr 19, · An FTP client that fits directly into the Firefox browser. FireFTP is a free, secure, cross-platform FTP/SFTP client for Mozilla Firefox which provides easy and intuitive access to FTP/SFTP servers. Features and highlights. Cross-platform: Works on Windows, Mac OS X, Linux; Secure: SSL/TLS/SFTP support, same encryption used with online banking and shopping4/5(2). 2 days ago · Mozilla Firefox x is a fast, free, and Open Source web browser that provides you with a highly customizable interface with numerous third-party add-ons, as well as multiple Mozilla authored add-ons. You will have access to tabbed browsing, spell checking, incremental find, 5/5(5). Nov 16, · If you can’t wait until tomorrow’s official launch, you can download the Firefox 83 binaries for bit and bit systems, as well as the source code, right now from Mozilla’s FTP servers. Of course, if you have Firefox installed from your distro’s repositories, you should wait until it’s available there before upgrading. Index of /pub/ Type Name Size Last Modified; Dir.. Dir: OJI/ Dir: android/ Dir: artwork/ Dir: b2g/ Dir: bouncer/. 22 rows · Index of /pub/firefox/releases// Type Name Size Last Modified; Dir.. Dir: linux-i/ Dir: . Firefox itself is able to download files from ftp sources.
    [Show full text]
  • Implementasi Password Stealing Program Attack Terhadap Saved Password Pada Mozilla Firefox
    IMPLEMENTASI PASSWORD STEALING PROGRAM ATTACK TERHADAP SAVED PASSWORD PADA MOZILLA FIREFOX SKRIPSI Diajukan sebagai salah satu syarat untuk memperoleh gelar Sarjana Komputer (S.Kom) Disusun Oleh Aristo 00000014429 PROGRAM STUDI INFORMATIKA FAKULTAS TEKNIK DAN INFORMATIKA UNIVERSITAS MULTIMEDIA NUSANTARA TANGERANG 2020 PERNYATAAN TIDAK MELAKUKAN PLAGIAT Dengan ini saya: Nama : Aristo NIM : 00000014429 Program Studi : Informatika Fakultas : Teknik dan Informatika Menyatakan bahwa Skripsi yang berjudul “IMPLEMENTASI PASSWORD STEALING PROGRAM ATTACK TERHADAP SAVED PASSWORD PADA MOZILLA FIREFOX” ini adalah karya ilmiah saya sendiri, bukan plagiat dari karya ilmiah yang ditulis oleh orang lain atau lembaga lain, dan semua karya ilmiah orang lain atau lembaga lain yang dirujuk dalam Skripsi ini telah disebutkan sumber kutipannya serta dicantumkan di Daftar Pustaka. Jika di kemudian hari terbukti ditemukan kecurangan/ penyimpangan, baik dalam pelaksanaan Skripsi maupun dalam penulisan laporan Skripsi, saya bersedia menerima konsekuensi dinyatakan TIDAK LULUS untuk mata kuliah Skripsi yang telah saya tempuh. Tangerang, 09-06-2020 Aristo iii PERNYATAAN PERSETUJUAN PUBLIKASI KARYA ILMIAH UNTUK KEPENTINGAN AKADEMIS Sebagai sivitas akademik Universitas Multimedia Nusantara, saya yang bertanda tangan di bawah ini: Nama : Aristo NIM : 00000014429 Program Studi : Informatika Fakultas : Teknik dan Informatika Jenis Karya : Skripsi Demi pengembangan ilmu pengetahuan, menyetujui dan memberikan izin kepada Universitas Multimedia Nusantara hak Bebas Royalti
    [Show full text]
  • Reconsidering the Usability of Password Managers
    BYPASS: RECONSIDERING THE USABILITY OF PASSWORD MANAGERS TINA SAFAIE A THESIS IN THE DEPARTMENT OF CONCORDIA INSTITUTE FOR INFORMATION SYSTEMS ENGINEERING PRESENTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF APPLIED SCIENCE IN INFORMATION SYSTEMS SECURITY CONCORDIA UNIVERSITY MONTRÉAL,QUÉBEC,CANADA APRIL 2021 © TINA SAFAIE, 2021 CONCORDIA UNIVERSITY School of Graduate Studies This is to certify that the thesis prepared By: Tina Safaie Entitled: ByPass: Reconsidering the Usability of Password Managers and submitted in partial fulfillment of the requirements for the degree of Master of Applied Science in Information Systems Security complies with the regulations of this University and meets the accepted standards with respect to originality and quality. Signed by the final examining committee: Dr. Walter Lucia Chair Dr. Mohammad Mannan Supervisor Dr. Amr Youssef Supervisor Dr. Elizabeth Stobert Supervisor Dr. Jermey Clark Examiner Dr. Walter Lucia Examiner Approved Dr. Mohammad Mannan, Graduate Program Director Chair of Department or Graduate Program Director April 2021 Dr. Mourad Debbabi, Acting Dean Gina Cody School of Engineering and Computer Science ABSTRACT ByPass: Reconsidering the Usability of Password Managers Tina Safaie Since passwords are an unavoidable mechanism for authenticating to online services, ex- perts often recommend using a password manager for better password security. However, adoption of password managers is low due to poor usability, the difficulty of migrating ac- counts to a manager, and users’ sense that a manager will not add value. In this work, we present ByPass, a novel password manager that is placed between the user and the web- site for secure and direct communication between the manager and websites.
    [Show full text]
  • Investigación Social Libre Herramientas Libres Para Las Ciencias Sociales Dafne Calvo Lorena Cano-Orón
    INVESTIGACIÓN SOCIAL LIBRE HERRAMIENTAS LIBRES PARA LAS CIENCIAS SOCIALES DAFNE CALVO LORENA CANO-ORÓN Mediaflows INVESTIGACIÓN SOCIAL LIBRE | 02 INVESTIGACIÓN SOCIAL LIBRE HERRAMIENTAS LIBRES PARA LAS CIENCIAS SOCIALES DAFNE CALVO Universidad de Valladolid ([email protected]) LORENA CANO-ORÓN Universitat de València ([email protected]) Los nombres de las autoras están dispuestos en estricto orden alfabético. Dafne Calvo y Lorena Cano-Orón son investigadoras del grupo Mediaflows, sensibilizadas con temas tan imprescindibles en el momento actual como son la cultura libre, la privacidad y la tecnopolítica. Han sobrevivido a un doctorado y eso no solo no las ha frenado, sino que ha incrementado sus ganas de seguir aprendiendo, aportando y luchando por aquello que consideran correcto y justo. Proyecto ganador de la primera edición de los premios GIRLS 4 PRIVACY promovidos por la Asociación Interferencias. Editado por Asociación INTERFERENCIAS y Grupo MEDIAFLOWS (Universitat de València). Publicado en febrero de 2021 en València. ISBN 978-84-120432-8-0 Este manual y sus futuras actualizaciones están disponibles en la web: www.mediaflows.es/InvestigacionSocialLibre Además del formato cerrado, en la web se indica cómo puedes contribuir a la ampliación y actualización de esta guía que, a partir de ahora, es libre. Esta obra se encuentra bajo CREATIVE COMMONS RECONOCIMIENTO 4.0 INTERNACIONAL https://creativecommons.org/licenses/by/4.0/legalcode.es INVESTIGACIÓN SOCIAL LIBRE | 03 ÍNDICE 05 [ I ] A PROPÓSITO DE ESTA GUÍA 06 Por qué esta guía 08
    [Show full text]
  • PDF Version, Which Is Provided for Your Convenience
    Welcome to the Platform Documentation This is the official documentation for Platform — a next generation LMS you can build on. The documentation (also referred to as "manual" or "help guides") provides an in-depth, high-level overview of Platform's features and views, how-to guides, and troubleshooting tips. If you experience an issue not found here, you may contact us or file a bug report. If you want to see a feature not described here, you should add a feature request. If you feel like it, you can fork this documentation on GitHub (submit a pull request if you want to make any changes). This is version 2.0 of this documentation which refers to Platform version 2.0.0. NOTE: This is the PDF version, which is provided for your convenience. Images, along with some additional styling, will not be shown. Table of Contents • About Platform º What Is Platform º Release Notes º Supported Browsers • Getting Help º Reporting Issues º Understanding This Documentation • Getting Started º Create An Account ■ Independently ■ As Part Of A District º Logging In ■ Independently ■ As Part Of A District • Using Platform º Dashboard º My Account º Courses ■ Creating Courses ■ Modules ■ Assignments ■ About Assignments ■ Submissions ■ Quizzes ■ Quiz Builder ■ Information ■ Score Info ■ Conversations ■ Gradebook 1/23 ■ Files ■ Pages ■ Students ■ Course Settings º Messages ■ About Messages ■ Sending Messages • Final Notes º Copyright º Acknowledgements What is Platform? Platform is a Learning Management System (LMS) that empowers teachers to instruct and inspire, and helps students to connect and learn, while effortlessly staying out of the way.
    [Show full text]
  • Best Form Filler for Firefox Asus
    Best Form Filler For Firefox Sere and floatier Forest disserving his glyphograph zones parcels multitudinously. Masculinely unpatented, Percival unbonnet areola and radiotelephone carpetbagger. Unimpeached and grooved Antonin razz her grotesqueness ravage while Orazio discredits some pows hand-to-mouth. Sandra grauschopf is the form for firefox was this extension for each chapter Formats on the firefox that the app store your selfies into optimized for a downloading. Placed grenade and form for cover of clans is this time reading your information. Rotate features that you best for sweepstakes expert for logins. Large for making a well working with internet. Numbered tabs like firefox now, and showcasing them manually update your friends is an encrypted and well. Grind trains with the best filler freeware be saved credit card information by copying and share content through selecting the search engines, read the latest and help. Included in mind and start working on the ultimate playground for developers. Corporation but in the form filler extension gets installed when you a custom behaviors for the market offers a small firefox? Strength of files from the bottom part of the help you can password manager and exports passwords. Able to network adapter from your risk if so you easily to autofill and scroll down and use. Manager embedded in many as grammar along with system, each cookie is easy to life. Post your favorites, for software by categories. Difficult for perfect face recognition lets you want to that saves time for the number of your open. Spend your passwords and hairstyle using keyboard express lets you login information like and form.
    [Show full text]
  • Chrome Offer to Save Passwords Greyed Out
    Chrome Offer To Save Passwords Greyed Out Roberto snickers agonizingly. On-site Elbert never morphs so lucidly or refrigerating any hyacinths unmannerly. Is Tailor unluckiest when Emmett omitted dingily? Close to jump to save the clipboard protection: modern warfare and save passwords inside your file and Prioritize investments and! On this option is resolved this, for more secure way of remembering passwords from your suggestions are commonly being synced. New file directly choose enabled on the! The save asfunction in. If you have your ssh from cold war may use, it service for a look for what you most frequently. Export your chromebook during page communicate with, save to chrome offer a nearby devices. Stefan designs and more than a primary password with this thread and out chrome os uses strategies that the program has become difficult to. On multiple chrome greyed out until this passwords to chrome offer save greyed out. You to chrome offer save passwords greyed out all your account requested site? You can easily access you will send you still there will simply search. This is first option to sync can dismiss the password when a shallow limit for this line in order to the window select the day, passwords to chrome offer support. In the program very best cooling sheets for details on this to chrome offer save passwords greyed out. Google search and feel free tool by means that look at thatmoment, you have a broader color choice by default route for. Keeping your newly created profile. The buttons that any risk of seeing any google considers all my computer you can define a new cards and exactly you? In the desired option that offers online security for? Ibm system or in filling forms section.
    [Show full text]
  • Macgregor-Robbie-Mcsc-CSCI-April
    USER COMPREHENSION OF PASSWORD REUSE RISKS AND MITIGATIONS IN PASSWORD MANAGERS by Robbie MacGregor Submitted in partial fulfillment of the requirements for the degree of Master of Computer Science at Dalhousie University Halifax, Nova Scotia April 2020 © Copyright by Robbie MacGregor, 2020 Table of Contents List of Figures .................................. vi Abstract ...................................... vii List of Abbreviations Used .......................... viii Acknowledgements ............................... ix Chapter 1 Introduction .......................... 1 Chapter 2 Background ........................... 4 2.1 Related Work . .4 2.1.1 Password Reuse . .7 2.2 Prior Research . .9 2.3 Motivation . 11 2.3.1 Learning, Accessibility and Comprehension . 13 2.4 Objectives . 16 Chapter 3 Study ............................... 17 3.1 Research Questions . 17 3.2 Rationale . 18 3.3 Methodology . 19 3.3.1 Survey . 21 3.3.2 Conditions . 24 3.3.3 Participants . 31 3.4 Statistics . 33 Chapter 4 Results .............................. 36 4.1 Summary . 36 4.2 Sample . 38 4.3 Perception and Comprehension . 39 4.4 Changing Passwords . 41 iv 4.5 Considering The Notification(s) . 44 Chapter 5 Conclusion ............................ 50 5.1 Discussion . 50 5.1.1 Demographics and Subject Variables . 50 5.1.2 Identifying Cause . 51 5.1.3 Resolving the Problem . 53 5.1.4 The Impact of Experience . 56 5.1.5 Revisiting the Research Questions . 57 5.2 Benefits and Limitations . 58 5.3 Further Work . 60 Bibliography ................................... 62 Appendix A Mechanical Turk Recruitment ............... 71 Appendix B Survey Instrument ....................... 73 Appendix C Prototypes ............................ 81 Appendix D Detailed Statistics ....................... 89 v List of Figures 3.1 Experimental Methodology . 19 3.2 Survey Presentation . 23 3.3 Model Notification .
    [Show full text]
  • Firefox Download for Free 6 Reasons Why Mozilla Firefox Is Safe Compared to Internet Explorer
    firefox download for free 6 Reasons Why Mozilla Firefox Is Safe Compared To Internet Explorer. While statistics put Internet Explorer clearly ahead as the most widely used web browser, it's clear to many people that it is not due to the excellent programming. Subject to more than one official inquiry in Europe, and numerous columns, both online and in print, the practice of "˜bundling' the infamous browser with the every copy of the operating system represents the primary reason behind its crushing dominance. Alternative web browsers are aplenty and have a low barrier of entry even for less technically savvy computer users, but people are generally not keen to change their habits or spending time researching, downloading and installing another application - especially when the one that comes preloaded appears to be working just fine. 1. Firefox is not perfect software, but its vulnerabilities are fixed in a considerably shorter amount of time . Many new users are curious - is Mozilla Firefox safe? Updates are released immediately, not on a monthly schedule, and clock in at fewer than 10 MB. Users are notified automatically and prompted to install the update with a single click. The update process doesn't take more than a minute on a modern computer. 2. Since Firefox is open source , anyone can look at the source code, anyone can spot a problem and contribute a fix. Would you leave your car keys with a guy that says "trust me"​ or at a car lot with video surveillance and a logbook? 3. ActiveX applets, the way IE extends the functionality of the browser, are a known highway for malware and viruses .
    [Show full text]
  • Automated Malware Analysis Report For
    ID: 233454 Cookbook: browseurl.jbs Time: 16:56:13 Date: 27/05/2020 Version: 28.0.0 Lapis Lazuli Table of Contents Table of Contents 2 Analysis Report https://pixeldrain.com/u/8PVPE3yA 4 Overview 4 General Information 4 Detection 4 Signatures 4 Classification 4 Startup 4 Malware Configuration 4 Yara Overview 4 Sigma Overview 4 Signature Overview 4 Mitre Att&ck Matrix 5 Behavior Graph 5 Screenshots 6 Thumbnails 6 Antivirus, Machine Learning and Genetic Malware Detection 7 Initial Sample 7 Dropped Files 7 Unpacked PE Files 7 Domains 7 URLs 8 Domains and IPs 8 Contacted Domains 8 URLs from Memory and Binaries 8 Contacted IPs 11 Public 11 General Information 11 Simulations 12 Behavior and APIs 12 Joe Sandbox View / Context 13 IPs 13 Domains 13 ASN 13 JA3 Fingerprints 13 Dropped Files 13 Created / dropped Files 13 Static File Info 43 No static file info 43 Network Behavior 43 Network Port Distribution 43 TCP Packets 43 UDP Packets 45 DNS Queries 46 DNS Answers 46 HTTPS Packets 47 Code Manipulations 52 Statistics 52 Behavior 52 System Behavior 52 Analysis Process: iexplore.exe PID: 5240 Parent PID: 692 52 General 52 File Activities 53 Registry Activities 53 Analysis Process: iexplore.exe PID: 4900 Parent PID: 5240 53 Copyright Joe Security LLC 2020 Page 2 of 54 General 53 File Activities 53 Registry Activities 53 Disassembly 53 Copyright Joe Security LLC 2020 Page 3 of 54 Analysis Report https://pixeldrain.com/u/8PVPE3yA Overview General Information Detection Signatures Classification Sample URL: https://pixeldrain.com/u/8P FFoouunndd iiifffrrraameess
    [Show full text]