Privacy in the Facebook era Pawel Krawczyk About me ● Information Security Consultant – Since 90’s – penetration testing, security engineering, software security architecture, DevOps – Creator of WebCookies.org As I’m talking, you can download some of the apps on http://ssb.webcookies.pub/ The Great Transformation From the Internet of Humans to the Internet of Commodities Stage #1 Diverse ecosystem of individual websites and blogs Shared through IRC, Usenet, RSS Decentralized ownership Federated identities Stage #2 Centralisation through content aggregators Centralisation of ownership through M&A FeedBurner, Google News, Facebook Algorithmic content selection, promotion and presentation Stage #3 Fully monetized content delivery Algorithmic delivery optimized for profit maximisation Platform for Cambridge Analytica scandal Have you ever had this feeling…? The Why? Source: WebCookies.org Source: ghostery.com Source: ghostery.com Source: Victor Zhou Real-Time Bidding Where Your Privacy is Being Traded in Real-Time Source: www.businessinsider.com Source: Olejnik, Minh-Dung, Castelluccia, “Selling Off Privacy at Auction”, 2013 Source: Olejnik, Minh-Dung, Castelluccia, “Selling Off Privacy at Auction”, 2013 Where this greed for data gets us? Source: Financial Times, Reuters Where this greed for data gets us? Source: Financial Times, Reuters Fighting back Firefox comes with powerful tracker blocking If you prefer Chrome engine: • Vivaldi https://vivaldi.com/ • Iridium https://iridiumbrowser.de/ • Brave https://brave.com/ Privacy Badger - blocks Intrusive trackers Limits fingerprinting Firefox Multi-Account Containers Each tab has a separate browsing context No cross-tracking between your Google tab and Facebook tab Mobile Tracking Source: /e/ Foundation Blokada.org – ad & tracker blocker for Android platform Privacy Guard – you control what information is provided to apps Including apps that require sensitive data F-Droid – distribution platform for open-source Android apps Open-source Deterministic builds Security and privacy checks Yalp Store – download apps from Google Play Store No Google account required (but can be used) No tracking All the usual closed-source apps MicroG – an open-source emulation of the GP Services Google vendor lock-down through Google Play Services MLS - community driven high-precision location service Based on GPS, Bluetooth and WiFi beacons Same as Google and Apple, just more private https://e.foundation/e-pre-installed-smartphones/ https://lineageos.org/ https://www.replicant.us/ https://grapheneos.org/ Pi-Hole – ad & tracker blocker for your home network Can run standalone on Raspberry Pi Or on your OpenWRT router Re-Federating the Internet Bringing back the Internet for Humans Federated Chat Protocols Source: Upcloud.com Source: the-federation.info Source: the-federation.info SSB (Secure Scuttlebutt) Encrypted, peer-to-peer protocol PatchWork chat application built on top Quite an usable attempt to replace centralised Facebook-like social media sharing with natural affinity of friend, topic and location circles https://www.scuttlebutt.nz/ dat:// dat:// Where to go next? https://nomoregoogle.com/ https://www.privacytools.io/ https://donottrack-doc.com/en/episodes/ Try it out! Join an experimental physical mesh network in Caversham (Yggdrasil over WiFi, BPL) ● @kravietz:matrix.org ● @[email protected] ● @kravietz (SSB & Twitter) ● https://ssb.webcookies.pub/ ● [email protected] .