Social Media Self-Defence and Privacy Workshop Ed Yuwono - CryptoAustralia Who am I? • Information Security strategist (by day) • Director of Strategy CryptoAustralia (by night) • Blue Team/Defensive background • Based in Europe • Perpetual Traveller Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 2 Disclaimer • Please, please, please don't use material from this workshop to violate moral, ethical & legal norms • Views presented within are my own Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 3 Agenda/Objectives • Social Media Privacy Basics • Threats to privacy • Defensive options in everyday life • Q & A Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 4 In case you missed it Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 5 What does Zuck have to say? • Source (April 10th 2018): https://www.washingtonpost.com/news/the- switch/wp/2018/04/10/transcript-of-mark-zuckerbergs-senate- hearing/ Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 6 Basic privacy tenets • Individual: your physical and non physical traits (eg: memories, emotions, secrets) • Privacy protects your traits • There is no 'undo‘, a disclosed secret is perpetually public • Privacy important enough for the EU to declare as a basic human right Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 7 Speaking of EU GDPR… • Apr 19th • https://www.theguardian.com/technology/2018/apr/19/facebook- moves-15bn-users-out-of-reach-of-new-european-privacy-law Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 8 No ‘one size fits all’ • Some of you: • would like to remain private • maintain a reputation in the workplace • require a public presence • Strike a balance between personal life and your public image • Protect your • Assets • Reputation • Right for privacy Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 9 Defending against levels of ‘adversary’ BAD GOOD • Curious minds • Bad software apps/Artificial Intelligence • Unethical/immoral practices • Declared Enemies • Illegal acts • Nation states Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 10 Your adversary's motives • Progressing to an age where wealth is: • No longer physical • eg: cash vs card vs crypto currencies • Generated from information ‘on tap’ • eg: online ‘everything’: research, trading, betting,… • Your personal worth • Tangible: financial • Intangible: knowledge, status, reputation • What happens to you if your adversary steals, disputes, manipulates, block access to your information? Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 11 Adversarial Success • Success=ability to execute to completion • Ability to execute=capability x resources x time • Attainable knowledge (capability) • Cheaper computing power & access to information (resources) • The side with the most motivation & time will win • However, if you can exhaust one or more of the three elements, life will be hard for your adversary Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 12 Knowledge is power • You can deduce someone's: • Social status • Personal, Social, Public • Reputation • Social, Public • Net worth, purchasing potential, risk appetite • Personal, Public, Location • Movement • Personal, Location Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 13 The Age of Social Networks • Provide opportunity for data enrichment • Open Source Intelligence (OSINT) is a discipline • Case study Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 14 Who is watching the watchers? • Apr 19th • https://www.bloomberg.com/features/2018-palantir- peter-thiel/ Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 15 I have nothing to hide • Apr 19th • https://www.bloomberg.com/features/2018-palantir- peter-thiel/ Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 16 Ground Rules • Don’t feed the system (use archives/takeouts) • Look for • Personally Identifiable Information (PII) • Name, phone, address, work, gov ID, financials • Passwords/password reset messages! • Expletives • ‘Not Safe For Work’ (NSFW) • Anything personal/incriminating • Tested with a browser, might work with a mobile app • Small pauses Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 17 Countermeasures: Prevention • Behaviour: If it’s something you can’t say on TV, don’t post it • Platform: Check and cover any holes you might expose Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 18 Triage • ‘Stop the bleeding’ • Revisit what you have posted • Remember, not one size fits all • Find your balance • Search & destroy: selective delete • Nuke: wipe everything (sometimes easier to delete account) Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 19 Remediation • Someone is using your information • Horse has bolted • Limit further damage • Legal • Procedural Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 20 LinkedIn: Prevention • This is your professional persona • Assume your work colleague is looking • Manage your passwords!!! • Got an account before 2012? • Have I been pwned • https://haveibeenpwned.com/ Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 21 LinkedIn: Prevention • Import your contacts – think twice • Web/Mobile app • Are you using a personal/BYOD phone or personal email address? • Avoid importing your email/phone contacts • Spammy, sends out invites to everyone it discovers! • Working in a sensitive role? • Stay off LinkedIn/all social media • Use an alias • Your employer may have policy or guidelines Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 22 LinkedIn: Prevention • Settings & Privacy-Account: • Removing email/phone numbers • Microsoft (Applications) • Permitted Services (Applications) • Settings & Privacy-Privacy: • Edit your public profile (Search engines) • Who can see your Email address • Who can see your Connections • Last name • Representing your organisation (company policy?) Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 23 LinkedIn: Prevention • Settings-Privacy (continued): • Profile visibility off LinkedIn • Manage Active Status • Discover from email/phone number (FB did this!) • Sync contacts • Others: • Profile • Contact Info-Date of Birth-Visible to: Only you Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 24 LinkedIn: Triage • Takeout • Interesting items • Ad Targeting • Connections • Comments • Imported Contacts • Logins • Messages • Receipts • Registration • Search Queries • Security Challenges • Job Applications Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 25 LinkedIn: Triage • Social Profiling • Connections • Name, Email, Company, Position, Connected date • Imported Contacts • From your email or phone contacts! • Name, Company, Title, Email, Phone, Created, IM handle, Address • Messages • From, To, Date, Subject, Content Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 26 LinkedIn: Triage • Public Profiling • References • Endorsements • Comments • Group comments • Group Posts • Likes • Shares • Articles Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 27 LinkedIn: Triage • Personal Profiling • Profile • Ad Targeting • Ads Clicked • Job Applications • Messages • Search Queries • Applications Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 28 LinkedIn: Triage • Location Profiling • Logins • Profile • Receipts • Registration • Security Challenges Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 29 LinkedIn: Triage • Imported Contacts • My Network-’See All’-Manage synced and imported contacts-Imported • https://www.linkedin.com/mynetwork/contacts/imported • Select All-Delete (This does not delete your connections, only information stored on LinkedIn) Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 30 LinkedIn: Triage – Search & Destroy • Posts/Comments/Likes • Me-Posts & Activity-Posts or All Activity • Messages • Search for person and delete thread • Deletes entire thread! • https://www.linkedin.com/help/linkedin/answer/4 20/deleting-a-conversation • Job Applications • Jobs-Applied Jobs-Delete Job Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 31 LinkedIn: Triage – Search & Destroy • Search History • Click in Search bar • Wait • Click on ‘Clear’ Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 32 LinkedIn: Triage - Nuke • Close your Linkedin Account • Me-Settings & Privacy-Account-Account Management-Closing your LinkedIn Account • https://www.linkedin.com/psettings/acco unt-management/close-action-needed • You must downgrade to the Basic plan first • If you paid, you lose your credits Social Media Self-Defence and Privacy Workshop | OIC Qld PAW May 2018 | Ed Yuwono 33 Facebook: Prevention • Your personal persona • Exception: people in the personal/lifestyle industry • eg: fitness, home, health, etc • A higher level of engagement is required