Take Back Control in a Post-Snowden World

PUBLIC//NSI//ORNCON//YESFORN

By Ron Williams & Hyun Seo

TAKE BACK CONTROL INA POST-SNOWDEN WORLD


The content and tools mentioned in this workshop are for educational purposes only.

We do not endorse or promote any specific products or tools.

Any opinions expressed are our own and are not intended to reflect the views of our employer.


Ron WilliamsArchitect, IBM Security

Hyun SeoDesigner, IBM Security


Our mission...


SecurityBeing free from danger and/or threat.


AnonymityWithout any name acknowledged, as that of author, contributor, or the like.


PrivacyBeing free from unwanted or undue intrusion or disturbance in one’s life or affairs.


We are not deliberately hiding anything when we seek out private places for reflection or conversation. We keep private journals, sing in the privacy of the shower, and write letters to secret lovers and then burn them. Privacy is a basic human need.

“Bruce Schneier, Schneier on Security ”



Government, Personal,Commercial, Criminal.


Anytime you share information, you lose control over it.


Legitimate* and illegitimate surveillance.Employer, government (local, state, federal) agencies, criminals.

*Within the bounds of existing law.


Automated surveillance techniques are not perfect.Profiles (of employees, citizens) are developed from incomplete data.


GovernmentSurveillance


If I’m not doing anything wrong, why should I care about government surveillance?


December 7th, 1941


“NATIONAL SECURITY”



Lavabit


The government is constrained by law.


The government is constrained by law. Today.



CommercialSurveillance


If you’re not paying for the product, you’re the product.


CommercialSocial Media

Aggregation & Analysis of User Data

Monetization of Analysis

Product Services

User market data

Retail optimization

Who

What

Why


Employee

Browser activityInformation access and usage Compliance monitoringSocial Media usagePhone voice monitoring

Employee MonitoringWho

What

Why Business Security


Crime as a Service


BOT-NETOPERATOR

MALWAREAUTHORS

VULNERABILITYRESEARCHERS

BOT-NET

cCommercesales &

marketingservice catalog

advertisingfinance

counter-surveillance

Servicesddos

spambot-net C&C

malware deliverykey logging

surveillancecredential theft

espionage

CaaS CONSUMER


Reducing yourdigital footprint


Three can keep a secret, if two are dead.“Benjamin Franklin ”


AndroidEmail

Voice & SMS

IM

Mail Services

S/MIME, PGP

Signal

ChatSecure

ProtonMail, Tutanota, GhostMail


iOSEmail

Voice & SMS

IM

Mail Services

S/MIME

Facetime, iMessage, Signal

iMessage



Traditional PC’sText & Files

IM

Mail Services

S/MIME, PGP

Off-the-record XMPP Protocol



NetworkRouter

Software

VPN

Passphrase

DNS

Don’t rent your router

Install an open source firmware

OpenVPN

Strong passphrase, disable “WPS”

OpenNIC, FreeDNS


Digital Hygiene



AndroidDevice

Search

Browser

VPN

Other

Disable Backup, Turn off Location, Info Collection, and radios

DuckDuckGo, Disconnect.Me

ORFox & ORBot, Firefox

Anonymous VPN

Try to be “Google Play”-free


iOSDevice

Search

Browser

VPN

Disable iCloud Backup, Turn off Location, Info Collection, and radios


Safari, Firefox

Anonymous VPN


Traditional PC’sDevice

Search

Browser

VPN

Disable cloud backup, turn off location, Info Collection, and radios


Safari, Firefox, Chromium

Anonymous VPN


Citizenfour & No Place To Hide

privacytools.io


Thank you!

https://www.linkedin.com/in/rbwilliams https://www.linkedin.com/in/[email protected]@us.ibm.com


http://pastebin.com/byUPX6WmAdditional Information