DOCSLIB.ORG

Privacy in the Facebook Era

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Privacy in the Facebook Era Privacy in the Facebook era Pawel Krawczyk About me ● Information Security Consultant – Since 90’s – penetration testing, security engineering, software security architecture, DevOps – Creator of WebCookies.org As I’m talking, you can download some of the apps on http://ssb.webcookies.pub/ The Great Transformation From the Internet of Humans to the Internet of Commodities Stage #1 Diverse ecosystem of individual websites and blogs Shared through IRC, Usenet, RSS Decentralized ownership Federated identities Stage #2 Centralisation through content aggregators Centralisation of ownership through M&A FeedBurner, Google News, Facebook Algorithmic content selection, promotion and presentation Stage #3 Fully monetized content delivery Algorithmic delivery optimized for profit maximisation Platform for Cambridge Analytica scandal Have you ever had this feeling…? The Why? Source: WebCookies.org Source: ghostery.com Source: ghostery.com Source: Victor Zhou Real-Time Bidding Where Your Privacy is Being Traded in Real-Time Source: www.businessinsider.com Source: Olejnik, Minh-Dung, Castelluccia, “Selling Off Privacy at Auction”, 2013 Source: Olejnik, Minh-Dung, Castelluccia, “Selling Off Privacy at Auction”, 2013 Where this greed for data gets us? Source: Financial Times, Reuters Where this greed for data gets us? Source: Financial Times, Reuters Fighting back Firefox comes with powerful tracker blocking If you prefer Chrome engine: • Vivaldi https://vivaldi.com/ • Iridium https://iridiumbrowser.de/ • Brave https://brave.com/ Privacy Badger - blocks Intrusive trackers Limits fingerprinting Firefox Multi-Account Containers Each tab has a separate browsing context No cross-tracking between your Google tab and Facebook tab Mobile Tracking Source: /e/ Foundation Blokada.org – ad & tracker blocker for Android platform Privacy Guard – you control what information is provided to apps Including apps that require sensitive data F-Droid – distribution platform for open-source Android apps Open-source Deterministic builds Security and privacy checks Yalp Store – download apps from Google Play Store No Google account required (but can be used) No tracking All the usual closed-source apps MicroG – an open-source emulation of the GP Services Google vendor lock-down through Google Play Services MLS - community driven high-precision location service Based on GPS, Bluetooth and WiFi beacons Same as Google and Apple, just more private https://e.foundation/e-pre-installed-smartphones/ https://lineageos.org/ https://www.replicant.us/ https://grapheneos.org/ Pi-Hole – ad & tracker blocker for your home network Can run standalone on Raspberry Pi Or on your OpenWRT router Re-Federating the Internet Bringing back the Internet for Humans Federated Chat Protocols Source: Upcloud.com Source: the-federation.info Source: the-federation.info SSB (Secure Scuttlebutt) Encrypted, peer-to-peer protocol PatchWork chat application built on top Quite an usable attempt to replace centralised Facebook-like social media sharing with natural affinity of friend, topic and location circles https://www.scuttlebutt.nz/ dat:// dat:// Where to go next? https://nomoregoogle.com/ https://www.privacytools.io/ https://donottrack-doc.com/en/episodes/ Try it out! Join an experimental physical mesh network in Caversham (Yggdrasil over WiFi, BPL) ● @kravietz:matrix.org ● @[email protected] ● @kravietz (SSB & Twitter) ● https://ssb.webcookies.pub/ ● [email protected] .
Load more

Recommended publications
  • Borehole Gravity Meter Surveys at Thewaste Treatment Plant
    PNNL-16490 MGL-2007-001 Borehole Gravity Meter Surveys at the Waste Treatment Plant, Hanford, Washington J. D. MacQueen E. Mann March 2007 Prepared by Microg-LaCoste for the Pacific Northwest National Laboratory under Contract DE-AC05-76RL01830 with the U.S. Department of Energy Borehole Gravity Meter Surveys at the Waste Treatment Plant, Hanford, Washington Report MGL-2007-001 Jeffrey D. MacQueen Ethan Mann Microg-LaCoste March 30, 2007 DISCLAIMER This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor Battelle Memorial Institute, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof, or Battelle Memorial Institute. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof. PACIFIC NORTHWEST NATIONAL LABORATORY operated by BATTELLE for the UNITED STATES DEPARTMENT OF ENERGY under Contract DE-AC05-76RL01830 Printed in the United States of America Available to DOE and DOE contractors from the Office of Scientific and Technical Information, P.O. Box 62, Oak Ridge, TN 37831-0062; ph: (865) 576-8401 fax: (865) 576-5728 email: mailto:[email protected] Available to the public from the National Technical Information Service, U.S.
    [Show full text]
  • Statement of Defence Counterclaim Same Parties Form 18A
    Court File No. CV-20-00638823-0000 ONTARIO SUPERIOR COURT OF JUSTICE B E T W E E N: COPPERHEAD LIMITED Plaintiff (Defendant to the Counterclaim) and DANIEL MICAY Defendant (Plaintiff by Counterclaim) STATEMENT OF DEFENCE AND COUNTERCLAIM 1. Unless explicitly admitted herein, the defendant, Daniel Micay (“Micay”), denies the allegations contained in each paragraph of the Statement of Claim and puts the plaintiff to the strict proof thereof. Overview 2. “Open source” software development is the process through which source code is released publicly, and the public is encouraged to study, test, improve upon, and modify that code. Open source projects rely on communities of interested contributors, each of whom provides their code under the permissive, open source copyright license used by the project in question. The resulting software is often better and more secure as a result of this transparency and collaborative effort. Open source development is a critical feature of much modern software, especially in the realm of computer security. -2- 3. The plaintiff seeks to misappropriate the copyrights associated with an open source software project started by Micay. The code authored by Micay and the other contributors was created long before the plaintiff was incorporated. On the plaintiff’s own pleadings, no written assignment of any copyrights has ever taken place. 4. The plaintiff’s suit evinces a fundamental misunderstanding of copyright law, the principles of open source software development, and the factual record. Micay respectfully requests that the plaintiff’s suit be dismissed, with costs. Parties and Players 5. Micay is a 28-year-old computer programmer.
    [Show full text]
  • Download Android Os for Phone Open Source Mobile OS Alternatives to Android
    download android os for phone Open Source Mobile OS Alternatives To Android. It’s no exaggeration to say that open source operating systems rule the world of mobile devices. Android is still an open-source project, after all. But, due to the bundle of proprietary software that comes along with Android on consumer devices, many people don’t consider it an open source operating system. So, what are the alternatives to Android? iOS? Maybe, but I am primarily interested in open-source alternatives to Android. I am going to list not one, not two, but several alternatives, Linux-based mobile OSes . Top Open Source alternatives to Android (and iOS) Let’s see what open source mobile operating systems are available. Just to mention, the list is not in any hierarchical or chronological order . 1. Plasma Mobile. A few years back, KDE announced its open source mobile OS, Plasma Mobile. Plasma Mobile is the mobile version of the desktop Plasma user interface, and aims to provide convergence for KDE users. It is being actively developed, and you can even find PinePhone running on Manjaro ARM while using KDE Plasma Mobile UI if you want to get your hands on a smartphone. 2. postmarketOS. PostmarketOS (pmOS for short) is a touch-optimized, pre-configured Alpine Linux with its own packages, which can be installed on smartphones. The idea is to enable a 10-year life cycle for smartphones. You probably already know that, after a few years, Android and iOS stop providing updates for older smartphones. At the same time, you can run Linux on older computers easily.
    [Show full text]
  • Secure Smartphone for Secure Calls and Anonymous Surfing the Internet
    Secure smartphone for secure calls and anonymous surfing the Internet FEATURES SC.PHONE SMARTPHONE ENSURES THE MAXIMUM PROTECTION AND CONVENIENCE OF USE OPPORTUNITIES SC.PHONE Eliminates the tracking, surveillance, and espionage, carried out by phone manufacturers, mobile operators, Internet providers, advertising companies, !"#" $%&'() "&! *"+,'() does not scan data does not track does not collect information on the phone or in the cloud location about user interactions with applications 2 / 10 Own VPN Unlinked operating connection from Google system services Hidden Subscriber Identifiers Protection Data against encryption virus software on the phone VoIP account Hiding for encrypted calls geolocation data (GPS) 3 / 10 FEATURES SMARTPHONE 01 Own server 02 Built-in Firewall 03 MAC Address We use our own and VPN Randomization time servers and There are built-in Firewall We support randomization captive portal with and VPNs without the use of the MAC address the ability to disable them of proletarian applications of the device that protect you from snooping 04 Own 05 Secure 06 Anonymous application store interface surfing Before downloading Always the latest OS and Web browsing anonymously applications, you can look kernel security patches. in our private browser, with at the number of trackers The smartphone receives the ability to delete browsing and what rights the regular, automatic security data in 1 click application requires updates 07 HMA 08 Tracker Lock 09 MicroG Using the Hardened Blocking ad trackers Full MicroG support Memory
    [Show full text]
  • Install Lineageos on Channel
    Install LineageOS on channel keyboard_arrow_left​ Back to the overview ● Basic requirements ● Unlocking the bootloader ● Temporarily booting a custom recovery using fastboot​ ● Pre-install instructions ● Installing LineageOS from recovery ● Get assistance Basic requirements warning IMPORTANT: Please read through the instructions at least once before actually following them, so as to avoid any problems due to any missed steps! 1. Make sure your computer has adb​ and fastboot​ . Setup instructions can be found ​ ​ here​.​https://wiki.lineageos.org/adb_fastboot_guide.html 2. Enable ​USB debugging​ on your device ​(Internet search will help or go to settings, about phone, seven taps on the build number (at bottom), back to system, advance, select USB debugging) Unlocking the bootloader info_outline NOTE: The steps below only need to be run once per device. warning WARNING: Unlocking the bootloader will erase all data on your device! Before proceeding, ensure the data you would like to retain is backed up to your PC and/or your Google account, or equivalent. Please note that OEM backup solutions like Samsung and Motorola backup may not be accessible from LineageOS once installed. I find it easiest to setup a directory for adb platform tools, then place the Lineage files there or any other files you need to sideload. For Windows you can open the command prompt at that location by hitting control and right click inside that directory window, scroll down to find the console start or power shell start here. Then everything will work (no file not found, or command not found errors). Forget about messing with the path command, for simplicity, the sideloaded files needs to be this way anyway.
    [Show full text]
  • An Empirical Study Into the Absence of Consent to Third-Party Tracking in Android Apps
    A Fait Accompli? An Empirical Study into the Absence of Consent to Third-Party Tracking in Android Apps Konrad Kollnig, Reuben Binns, Pierre Dewitte*, Max Van Kleek, Ge Wang, Daniel Omeiza, Helena Webb, Nigel Shadbolt Department of Computer Science, University of Oxford, UK *Centre for IT and IP Law, KU Leuven, Belgium firstname.lastname@(cs.ox.ac.uk | kuleuven.be) Abstract trackers benefits app developers in several ways, notably by Third-party tracking allows companies to collect users’ be- providing analytics to improve user retention, and by enabling havioural data and track their activity across digital devices. the placement of personalised advertising within apps, which This can put deep insights into users’ private lives into the often translates into a vital source of revenue for them [32,62]. hands of strangers, and often happens without users’ aware- However, it also makes app developers dependent on privacy- ness or explicit consent. EU and UK data protection law, invasive data practices that involve the processing of large however, requires consent, both 1) to access and store infor- amounts of personal data [40, 48, 62], with little awareness mation on users’ devices and 2) to legitimate the processing from users and app developers [28,71,74,85]. Data protection of personal data as part of third-party tracking, as we analyse and privacy legislation such as the General Data Protection in this paper. Regulation (GDPR) [38] in the EU and the UK, and the Chil- This paper further investigates whether and to what extent dren’s Online Privacy Protection Act (COPPA) [79] in the US, consent is implemented in mobile apps.
    [Show full text]
  • Petchain: a Blockchain-Based Privacy Enhancing Technology
    Received February 5, 2021, accepted February 22, 2021, date of publication March 9, 2021, date of current version March 18, 2021. Digital Object Identifier 10.1109/ACCESS.2021.3064896 PETchain: A Blockchain-Based Privacy Enhancing Technology IBRAHIM TARIQ JAVED 1, FARES ALHARBI 2, TIZIANA MARGARIA 1, NOEL CRESPI 3, AND KASHIF NASEER QURESHI 4 1Lero—Science Foundation Ireland Research Centre for Software, University of Limerick, V94 T9PX Limerick, Ireland 2Computer Science Department, Shaqra University, Riyadh 11961, Saudi Arabia 3Institut Polytechnique de Paris, Telecom SudParis, 91011 Evry, France 4Department of Computer Science, Bahria University, Islamabad 44000, Pakistan Corresponding author: Ibrahim Tariq Javed ([email protected]) This work is partly supported with the financial support of the Science Foundation Ireland grant 13/RC/2094_P2 and partly funded from the European Union's Horizon 2020 research and innovation programme under the Marie Skªodowska-Curie grant agreement No 754489. ABSTRACT With the increasing use of smart devices and sensors, enormous amounts of data are being generated continuously. The data is commonly stored in centralized cloud platforms and consumed by different services. The data is indeed a valuable resource for many service providers who provide advanced features and utilities to their subscribers. However, user data include personal and sensitive information which can be misused in many ways. There is no way for a subscriber to confirm that their service provider is compliant with data privacy regulations. The existing privacy enhancing techniques such as anonymization and differential privacy substantially reduce data usability while ensuring privacy. Therefore, it remains essential to provide a feasible solution that allows service providers to take advantage of user data while guaranteeing their privacy.
    [Show full text]
  • Lineageos-Galaxy 101
    LineageOS-Galaxy 101 https://wiki.lineageos.org/devices/n2awifi https://www.getdroidtips.com/lineage-os-14-1-samsung-galaxy-tab-pro-10-1-wifi/ https://twrp.me/samsung/samsunggalaxytabpro101exynoswifi.html https://www.youtube.com/watch?v=CWtHQj35clk http://www.lineageosdownloads.com/download-galaxy-tab-pro-10-1-lineage-os/ https://download.exynos5420.com/LineageOS-14.1/n2awifi/ S4 https://forum.xda-developers.com/galaxy-s4/i9505-orig-develop/recovery-twrp-3-2-1-0-t3742880 https://forum.xda-developers.com/galaxy-s4/i9505-develop/rom-lineageos-15-1-t3816279 https://www.los-legacy.de/16.0/jfltexx https://twrp.me/samsung/samsunggalaxys4internationalqualcomm.html https://eu.dl.twrp.me/jfltexx/ S5 https://download.lineageos.org/klte https://twrp.me/samsung/samsunggalaxys5qualcomm.html https://forum.xda-developers.com/showthread.php?t=2727406 https://eu.dl.twrp.me/klte/ https://gathering.tweakers.net/forum/list_messages/1588883 https://download.lineage.microg.org/klte/ S5 Neo https://forum.xda-developers.com/galaxy-s5-neo/development/rom-lineageos-15-1-t3735451 https://twrp.me/samsung/samsunggalaxys5neoexynos.html https://lineage.stricted.net/s5neolte https://www.cyanogenmods.org/forums/topic/lineageos-15-1-for-galaxy-s5-neo-android-8-1-oreo- download/ S5+ https://forum.xda-developers.com/galaxy-s5/development/rom-lineage-os-samsung-galaxy-s5-lte- t3534283 S6 https://download.lineage.microg.org/zerofltexx/ https://forum.xda-developers.com/galaxy-s6/development/rom-universal-oreo-port-galaxy-s6- t3831621 https://forum.xda-developers.com/galaxy-s6/development/rom-lineageos-15-1-unofficial-galaxy-s6-
    [Show full text]
  • Device-Specific Linux Kernel Optimization for Android Smartphones
    2018 6th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering Device-Specific Linux Kernel Optimization for Android Smartphones Pengfei Yuan, Yao Guo, Xiangqun Chen, and Hong Mei Key Laboratory of High-Confidence Software Technologies (Ministry of Education) School of Electronics Engineering and Computer Science, Peking University, Beijing, China, 100871 Email: {yuanpf12, yaoguo, cherry, meih}@sei.pku.edu.cn Abstract—To make smartphones more powerful, researchers As the mobile operating system (OS) which has the have proposed many techniques to improve the performance highest market share, Android is based on the Linux kernel. of mobile systems and applications. As the most popular Since kernel performance is critical to the efficiency of the mobile operating system, Android is based on the Linux kernel. whole system, optimizing performance for the Linux kernel Therefore optimizing kernel performance can potentially can accelerate Android apps running on top of it. In this accelerate Android smartphones. paper, we adopt a compiler-based approach, namely profile- In this paper, we propose a compiler-based approach guided optimization (PGO), to construct device-specific to constructing device-specific optimized Linux kernels for optimized Linux kernels for Android mobile devices. Using Android smartphones. By utilizing runtime feedback from the optimized kernel, we can improve performance for the device, we can instruct the compiler to perform profile- critical Android system components such as multithreading guided optimization (PGO) and produce a Linux kernel image and task scheduling, Binder inter-process communication optimized specifically for the device, which can be shipped (IPC), and storage and file system. together with the device when it is manufactured, or released Our previous work [6] has demonstrated that using the later in an update of the whole system.
    [Show full text]
  • The Android Platform Security Model∗
    The Android Platform Security Model∗ RENÉ MAYRHOFER, Google and Johannes Kepler University Linz JEFFREY VANDER STOEP, Google CHAD BRUBAKER, Google NICK KRALEVICH, Google Android is the most widely deployed end-user focused operating system. With its growing set of use cases encompassing communication, navigation, media consumption, entertainment, finance, health, and access to sensors, actuators, cameras, or microphones, its underlying security model needs to address a host of practical threats in a wide variety of scenarios while being useful to non-security experts. The model needs to strike a difficult balance between security, privacy, and usability for end users, assurances for app developers, and system performance under tight hardware constraints. While many of the underlying design principles have implicitly informed the overall system architecture, access control mechanisms, and mitigation techniques, the Android security model has previously not been formally published. This paper aims to both document the abstract model and discuss its implications. Based on a definition of the threat model and Android ecosystem context in which it operates, we analyze how the different security measures in past and current Android implementations work together to mitigate these threats. There are some special cases in applying the security model, and we discuss such deliberate deviations from the abstract model. CCS Concepts: • Security and privacy → Software and application security; Domain-specific security and privacy architectures; Operating systems security; • Human-centered computing → Ubiquitous and mobile devices. Additional Key Words and Phrases: Android, security, operating system, informal model 1 INTRODUCTION Android is, at the time of this writing, the most widely deployed end-user operating system.
    [Show full text]
  • Automatic Detection of Android Device Security Properties
    Freie Universität Berlin Bachelorarbeit am Institut für Informatik der Freien Universität Berlin AG ID-Management Automatic Detection of Android Device Security Properties Janik Besendorf Matrikelnummer: xxx fvornameg.fnachnamegfatg f u − berlin.de Eingereicht bei: Prof. Dr. Marian Margraf Zweitgutachter: Prof. Dr. Jörn Eichler Berlin, May, 3, 2021 This work is licensed under CC BY-NC-SA cbea1 Abstract Smartphones are becoming more and more popular. As a result smartphone security is an increasingly important subject, especially with state actors discussing eIDs on smartphones. However, information about a smartphone’s specific security features is not readily available. There has been research to automatically gather smartphone security features, but the properties collected are not sufficient for evaluation of a smartphone’s compliance to eID regulations such as eIDAS. In our thesis we explore sources of such information and aggregate information from these sources using web scraping, and by gathering information with an Android app. We found that most of the information required for evaluation according to eIDAS is available to the public and suitable for automatic aggregation. However, since information on websites is sparse, usually an app on a smartphone is required to gather all information. Also, information about security certifications is not readily available. We conclude that the stakeholders in the smartphone market should make an effort to improve this situation by providing more information on public websites and by increasing machine-readability of this information. 1https://creativecommons.org/licenses/by-nc-sa/4.0 1 Eidesstattliche Erklärung Ich versichere hiermit an Eides Statt, dass diese Arbeit von niemand anderem als meiner Person verfasst worden ist.
    [Show full text]
  • Survey of Android Phones
    CAN UNCLASSIFIED Survey of Android Phones Chris Mckenzie 2 Keys Inc. Ryan Kennedy Sphyrna Security Inc. Prepared by: 2 Keys Inc. Sphyrna Security Inc. Ottawa, Ontario Canada PSPC Contract Number: W7714-156010 Technical Authority: Mazda Salmania, Defence Scientist Contractor's date of publication: March 2018 Defence Research and Development Canada Contract Report DRDC-RDDC-2018-C108 May 2018 CAN UNCLASSIFIED CAN UNCLASSIFIED IMPORTANT INFORMATIVE STATEMENTS This document was reviewed for Controlled Goods by Defence Research and Development Canada (DRDC) using the Schedule to the Defence Production Act. Disclaimer: This document is not published by the Editorial Office of Defence Research and Development Canada, an agency of the Department of National Defence of Canada but is to be catalogued in the Canadian Defence Information System (CANDIS), the national repository for Defence S&T documents. Her Majesty the Queen in Right of Canada (Department of National Defence) makes no representations or warranties, expressed or implied, of any kind whatsoever, and assumes no liability for the accuracy, reliability, completeness, currency or usefulness of any information, product, process or material included in this document. Nothing in this document should be interpreted as an endorsement for the specific use of any tool, technique or process examined in it. Any reliance on, or use of, any information, product, process or material included in this document is at the sole risk of the person so using it or relying on it. Canada does not assume any liability in respect of any damages or losses arising out of or in connection with the use of, or reliance on, any information, product, process or material included in this document.
    [Show full text]