CAN YOUR WEB BROWSER KEEP A SECRET? Terry Labach.

Slides:



Advertisements
Similar presentations
The Internet and the Web
Advertisements

How to protect yourself, your computer, and others on the internet
Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.
#watitis2014 watitis.uwaterloo.ca CAN YOUR WEB BROWSER KEEP A SECRET? Terry Labach.
Breaking Trust On The Internet
Netiquette Rules.
Chapter 7: The Web and 1 The Web and Chapter 7.
ADMINISTRATION Sources of Information REVISION – BLOCK 6.
Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.
Safer Web Browsing Terry Labach Information Security Services IST.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.
FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Mohammed Saiyeedur Rahman.  E-commerce is buying and selling goods over the internet. This could include selling/buying mobile phones, clothes or DVD’s.
How It Applies In A Virtual World
With Internet Explorer 9 Getting Started© 2013 Pearson Education, Inc. Publishing as Prentice Hall1 Exploring the World Wide Web with Internet Explorer.
March 14, Microsoft Microsoft officially announced the date and time that Internet Explorer 9 (IE9) will move away from a release candidate and.
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
Cyber Crimes.
Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.
Lesson 2 — The Internet and the World Wide Web
Staying Safe Online Keep your Information Secure.
Adapted from Computer Concepts, New Perspectives, Thompson Course Technology EDW 647: The Internet Dr. Roger Webster & Dr. Nazli Mollah 24 Cookies: What.
INTERNET PRIVACY Marketing companies The cookie leak security hole in the HTML messages The Web Bug Can we trust the privacy.
Web Browser Security Prepared By Mohammed EL-Batta Mohammed Soubih Supervised By Eng. Eman alajrami Explain Date 10. may University of Palestine.
Privacy & Security Online Ivy, Kris & Neil Privacy Threat - Ivy Is Big Brother Watching You? - Kris Identity Theft - Kris Medical Privacy - Neil Children’s.
Practising Safer Web Browsing Terry Labach Information Security Services IST February 17, 2012.
CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.
Protecting Students on the School Computer Network Enfield High School.
The Internet. 2 So what is the internet? The internet is global network that connects most of the world’s personal computers. The World Wide Web is a.
NETWORK HARDWARE AND SOFTWARE MR ROSS UNIT 3 IT APPLICATIONS.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP Headers Client IP Address HTTP User Login FAT URLs Cookies.
MODULE 3 Internet Basics © Paradigm Publishing, Inc.1.
XP Browser and Basics COM111 Introduction to Computer Applications.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
Protecting Your Computing Devices Antivirus, Anti-Spyware, Ad blocking, Antitheft and OS Maintenance.
Skill Area 214 Introduce World wide web(www)
Restoring Privacy, Cleaning Your Computer's Cookies and Beacons.
WHAT IS E-COMMERCE? E-COMMERCE is a online service that helps the seller/buyer complete their transaction through a secure server. Throughout the past.
Web Browsing *TAKE NOTES*. Millions of people browse the Web every day for research, shopping, job duties and entertainment. Installing a web browser.
ONLINE SAFETY AND SECURITY Computer Basics 1.5. INFAMOUS CYBER ATTACKS IN 2014 Sony Pictures: Attackers stole just about everything in the corporate network,
Lecture 16 Page 1 CS 236 Online Exploiting Statelessness HTTP is designed to be stateless But many useful web interactions are stateful Various tricks.
Digital Law -The Deep Web- Digital Law -The Deep Web- Liam Leppard Matthias Lee Russell Wong.
Microsoft Office 2008 for Mac – Illustrated Unit D: Getting Started with Safari.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
Computers Are Your Future Eleventh Edition Chapter 6: The Internet and the World Wide Web Copyright © 2011 Pearson Education, Inc. Publishing as Prentice.
COM: 111 Introduction to Computer Applications Department of Information & Communication Technology Panayiotis Christodoulou.
Computer Concepts 2014 Chapter 7 The Web and .
30 Apps for Librarians Sana Moulder & Bryson Kopf.
Internet Privacy Define PRIVACY? How important is internet privacy to you? What privacy settings do you utilize for your social media sites?
Protecting your search privacy A lesson plan created & presented by Maria Bernhey (MLS) Adjunct Information Literacy Instructor
Top Ten Ways to Protect Privacy Online -Abdul M. Look for privacy policies on Web Sites  Web sites can collect a lot of information about your visit.
Computer Security Keeping you and your computer safe in the digital world.
Windows Vista Configuration MCTS : Internet Explorer 7.0.
How to Make Yourself More Secure Using Public Computers and Free Public Wi-Fi.
The Hacking Suite For Governmental Interception. Which are todays challenges? Encryption Cloud Mobility.
Internet Basics 10/23/2012. What is the Internet? It’s a world-wide network of computer networks. It grows hourly and involves national governments, communities,
Intro to Digital Technology Review for Final Introduction to Digital Technology Finals Seniors Monday, 5/16 – 2 nd Tuesday 5/17 – 1 st,3 rd Underclassmen.
Facebook privacy policy
Hotspot Shield Protect Your Online Identity
Anonymous Communication
MICROSOFT OUTLOOK and Outlook service Provider
Privacy Online.
Resolve All Mozilla Firefox Errors with Best Mozilla Technical Support How to Fix Website Loading Issues after Updating Firefox?
yahoo mail technical support number
Internet Basics.
What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.
Anonymous Communication
Presentation transcript:

CAN YOUR WEB BROWSER KEEP A SECRET? Terry Labach

CAN YOUR WEB BROWSER KEEP A SECRET? NO Can Your Web Browser Keep a Secret? 2

QUESTIONS? Can Your Web Browser Keep a Secret? 3

YOU ARE BEING WATCHED Can Your Web Browser Keep a Secret? 4

BROWSERS Desktop  Firefox (Windows, Macintosh, Linux)  Internet Explorer (Windows)  Safari (Macintosh)  Chrome (Windows, Macintosh, Linux)  Opera (Windows, Macintosh, Linux)  WhiteHat Aviator (Windows, Macintosh) WhiteHat Aviator Can Your Web Browser Keep a Secret? 5

BROWSERS Mobile  Firefox (Android)  Dolphin (Android, iPhone)  Internet Explorer (Windows Phone)  Metro (Windows Phone)  Atomic (iPhone)  Chrome (Android, iPhone)  Safari (iPhone)  Opera (Android, iPhone, Windows Phone) Can Your Web Browser Keep a Secret? 6

WHAT SCARES YOU? “My political philosophy is: anything smaller than me is cute; anything bigger than me is scary - elephants, the ocean, Microsoft, the IRS, the IRA, IBM, ICBMs, committees and other mobs, Rush Limbaugh.” - Michael Swaine, Dr. Dobb's Journal Can Your Web Browser Keep a Secret? 7

THREATS TO YOUR PRIVACY Business Government Criminals Can Your Web Browser Keep a Secret? 8

THREATS Business and government have not generally been thought of as threats We know better now Can Your Web Browser Keep a Secret? 9

BUSINESS “We’re looking for a cookie alternative...this is well within the rules and regulations and laws and policies that we have.” - Rich Harris, chief executive of AddThis, on testing of new tracking techniques designed to be harder to avoid.AddThis “Your online profile is being sold on the web. It's kind of crazy and it's not harmless.” - Sharon Goott Nissim, Electronic Privacy Information CenterElectronic Privacy Information Center Can Your Web Browser Keep a Secret? 10

YOU ARE THE PRODUCT Can Your Web Browser Keep a Secret? 11

GOVERNMENT “If there were one thing that I would ask for discussion on is that there has to be some mechanism of accountability for you to sign on to an Internet account that makes it like a digital fingerprint that identifies it to you sitting behind the computer or something at that time. There are mechanisms to do it, but the Internet is so big and so vast at this point, and it’s worldwide, I’m not sure how that could happen, but that would certainly assist everybody.” - Scott Naylor of the Ontario Provincial Police testifying at a Canadian Senate committee in Nov Can Your Web Browser Keep a Secret? 12

GOVERNMENT “When conducting national security investigations, the U.S. Federal Bureau of Investigation can issue a National Security Letter (NSL) to obtain identifying information about a subscriber from telephone and Internet companies. The FBI has the authority to prohibit companies from talking about these requests. But we’ve been trying to find a way to provide more information about the NSLs we get—particularly as people have voiced concerns about the increase in their use since 9/11.” - Richard Salgado, Google Can Your Web Browser Keep a Secret? 13

GOVERNMENT “We have the legal authority to intercept and access communications and information pursuant to court order, but we often lack the technical ability to do so.... if the challenges of real-time interception threaten to leave us in the dark, encryption threatens to lead all of us to a very dark place.” - James Comey, FBI Director, Oct Can Your Web Browser Keep a Secret? 14

BILL C “anti-terrorism” bill Permits broad information sharing across government for wide range of purposes CSE included in departments allowed to share data Can Your Web Browser Keep a Secret? 15

LEVITATION Communications Security Establishment (CSE) analyzes records of up to 15 million downloads daily from popular websites By law, can’t target Canadians Data collected without ensuring “targets” are non-Canadian Can Your Web Browser Keep a Secret? 16

GOVERNMENT “...this is not "surveillance," it's "data collection." They say it is done to keep you safe. They're wrong. There is a huge difference between legal programs, legitimate spying, legitimate law enforcement -- where individuals are targeted based on a reasonable, individualized suspicion -- and these programs of dragnet mass surveillance that put entire populations under an all-seeing eye and save copies forever. These programs were never about terrorism: they're about economic spying, social control, and diplomatic manipulation. They're about power.” - Edward Snowden, December 2013 Can Your Web Browser Keep a Secret? 17

CITIZENFOUR Documentary on Edward Snowden, playing at Princess Cinema in Waterloo Sun, Feb 22, :00pm Tue, Feb 24, :45pm Wed, Feb 25, :15pm Can Your Web Browser Keep a Secret? 18

YOU ARE THE TARGET Can Your Web Browser Keep a Secret? 19

RISKS TO YOU Unintentional release of private information Businesses can target and manipulate you Financial loss Harassment from government and law enforcement Embarrassment Emotional distress Can Your Web Browser Keep a Secret? 20

PRIVATE INFORMATION Google, Facebook, Yahoo!, etc. present ads that their analysis indicates might be of interest User could be inadvertently outed based on ads presented Can Your Web Browser Keep a Secret? 21

IT’S LEGAL —Why did yeh ask abou’ Facebook? —Somethin’ Bertie told me, said Jimmy Sr.— Somethin’ he heard. —It’s illegal if it’s Bertie. —No, said Jimmy Sr.—It’s not. It’s f****** immoral but. - Roddy Doyle, from his novel The Guts Can Your Web Browser Keep a Secret? 22

EMBARRASSMENT Pop-up ad led to married Facebook user being given Zoosk.com account The dating site populated her new account with data from her Facebook profile Can Your Web Browser Keep a Secret? 23

BIG DATA DOESN’T FORGET OfficeMax sent customer mail addressed to "Mike Seay, Daughter Killed in Car Crash.“  OfficeMax stated "is a result of a mailing list rented through a third-party provider“ Globe and Mail report on woman inundated with ads for baby and toddler products, based on Big Data  Woman had suffered two miscarriages, unable to stop ads Can Your Web Browser Keep a Secret? 24

BIG DATA Collection of your data largely unregulated  Not like credit industry, where you can request and correct credit reports Some data brokers will let you request reports  This usually (and ironically) involves disclosing personal data to them so they match your record correctly Can Your Web Browser Keep a Secret? 25

DIFFERENTIAL PRICING Price discrimination Price steering Retailers use information about you to alter pricing that you see. e.g. Orbitz showed costlier hotel rooms to Mac users after market research showed they tend to spend more money than PC users Can Your Web Browser Keep a Secret? 26

THE TRACKERS Facebook Google Twitter Quantcast ComScore Clearspring Doubleclick Neilsen Yahoo AppNexus Can Your Web Browser Keep a Secret? 27

SEARCH HISTORY LEAKAGE Amazon uses your browsing history to suggest itemsbrowsing history How?  Your previous Amazon searches  Similar searches and eventual purchases by other customers Sounds like metadata! Can Your Web Browser Keep a Secret? 28

RECOMMENDED FOR YOU... Can Your Web Browser Keep a Secret? 29

LEAKY BROWSERS Browsers provide information to remote web sites  IP address  Browser version  Computer information  Location information Reporting tools    Can Your Web Browser Keep a Secret? 30

INFORMATION LEAKAGE Site with malware can use your browser type to craft an attack e.g. browsing with Internet Explorer identifies you as a Windows user Functionality might be compromised without cause if browser you use is not formally supported Can Your Web Browser Keep a Secret? 31

USER AGENTS Passed to web server e.g. Windows / IE 11: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) User Agent Overrider  Firefox  transmits arbitrary User Agent values Can Your Web Browser Keep a Secret? 32

GEOLOCATION Your geographical location can be inferred from your computer Not 100% reliable due to errors in records Can also be spoofed Can Your Web Browser Keep a Secret? 33

PROXIES AND GEOLOCATION Route your network traffic through a proxy server Various reasons to use proxies Can be used to make geolocation believe you are located wherever the proxy server is TunnelBear is one popular proxy Can Your Web Browser Keep a Secret? 34

USING A PROXY 1 Can Your Web Browser Keep a Secret? 35

USING A PROXY 2 Can Your Web Browser Keep a Secret? 36

TRACKING Using unique identifiers, businesses can track your web browsing By connecting your browsing habits among sites or comparing with other individuals, trends can be identified to assist the business Can Your Web Browser Keep a Secret? 37

COOKIES Browsers can store files on behalf of a web site Each time that site is visited, the browser sends the cookie back to indicate previous activity  logged-in status  shopping cart Contents stipulated by remote site Could leak personal data Can be used to track your Web activity Can Your Web Browser Keep a Secret? 38

BLOCKING & REMOVING COOKIES Many browsers offer ways to manage and delete cookies Many browsers allow you to prevent the storage of cookies from all or some web sites Can also use browser plug-ins for greater power and flexibility Can Your Web Browser Keep a Secret? 39

OTHER TRACKING METHODS Tracking organizations responded to cookie blocking and to their desire to collect and collate more information Canvas fingerprinting Evercookies Cookie syncing Can Your Web Browser Keep a Secret? 40

CANVAS FINGERPRINTING Instructs a Web browser to draw a hidden image Each computer draws the image slightly differently, so the images can be used to generate a code to uniquely identify each user’s device. Not covered by legislation on cookies You can see a visible example of a browser fingerprint fingerprint Can Your Web Browser Keep a Secret? 41

EVERCOOKIES A site places cookies or cookie-like data in every location allowed by your browser If it finds some cookies missing on subsequent visits, it will recreate them using the cookies that survived  Standard HTTP cookies  Local Shared Objects (LSOs) (Flash cookies)  Silverlight Storage  Storing in RGB values of auto-generated images  Web history  Web cache  Internet Explorer storage  HTML5 Storage Can Your Web Browser Keep a Secret? 42

COOKIE SYNCING Allows businesses to work together Invisible redirects and embedded URLS allow multiple businesses to give you cookies, which they link to be able to share your data Can Your Web Browser Keep a Secret? 43

LIGHTBEAM (AKA COLLUSION) Records your browsing activity and the sites involved Creates graphic visualization of sites and connections Can Your Web Browser Keep a Secret? 44

LIGHTBEAM EXAMPLE Can Your Web Browser Keep a Secret? 45

DO NOT TRACK Browser feature  Firefox – Do Not Track  transmits a Do Not Track HTTP header  requires remote site to honour the request  IE – Tracking Protection  limits information sent to third party sites by referring to a user’s list of allowed sites  applies to entire websites, not individual pages  can create or download lists  Chrome – Incognito  won't leave browsing history and cookies on your computer Can Your Web Browser Keep a Secret? 46

CAN YOU TRUST YOUR INTERNET PROVIDER? Some jurisdictions mandate Internet filtering Your internet service provider (ISP) may configure their network to prevent you from searching Google over an encrypted ( connection Used in schools and for public Wi-Fi Can Your Web Browser Keep a Secret? 47

MAN IN THE MIDDLE (MITM) Rogers  injects content into web pages to send messages about monthly data usage  information cached for 30 days  for a while, injected ads into bodies of messages Verizon advertising cookie  adds secret HTML header to web browsing done from mobile devices  likely other providers do the same Can Your Web Browser Keep a Secret? 48

CAN YOU TRUST YOUR COMPUTER MANUFACTURER? Computer companies may have partnerships with advertisers Can Your Web Browser Keep a Secret? 49

MAN IN THE MIDDLE (MITM) Lenovo  In 2015, discovered to have installed Superfish software on laptop computers sold  Injects third-party ads on Google searches and websites  Installs own self-signed security certificate authority, which could allow it to intercept user’s private web traffic Can Your Web Browser Keep a Secret? 50

PRIVATE BROWSING Mozilla  Private Browsing allows you to browse the Internet without saving any information about which sites and pages you’ve visited. Internet Explorer  When you use InPrivate Browsing, info like passwords, search history, and page history is deleted once you close the tab. Can Your Web Browser Keep a Secret? 51

SEARCHING Every Google search you've ever performed is stored Data is correlated to your search data from any other Google services you use. Even if you delete a search from your Google history, Google will keep it for their own purposes Can Your Web Browser Keep a Secret? 52

GOOGLE Can Your Web Browser Keep a Secret? 53

TOR The onion routing network Transmits your communications around a network run by volunteers all around the world Proxy servers hide your chain of connections Protects the transport of your data Visualization of features  Can Your Web Browser Keep a Secret? 54

PROTECTING YOUR PRIVACY Don’t put personal information in on-line searches Don't login to your search engine or related tools Block cookies from your search engine Use web proxies and anonymizing software like Tor Configure browser to avoid tracking Can Your Web Browser Keep a Secret? 55

PROTECTING YOUR SEARCHES Google users can view and manage their search history at Use alternative search engines like DuckDuckGo that do not have user logins and do not save your searches DuckDuckGo Authorities and business can’t get data on you that doesn’t exist Can Your Web Browser Keep a Secret? 56

PROTECTING YOUR COMMUNICATIONS Web sites can use unencrypted ( or encrypted ( communications https: indicates that the transmission of data occurs using TLS (formerly SSL) encryption If a web site allows either, use encrypted communications Better if the web site only allows encrypted communications Can Your Web Browser Keep a Secret? 57

HIDE YOUR IDENTITY Use different browsers Use different computers Use different IP addresses Use fake identities if possible Fake your browser identification Can Your Web Browser Keep a Secret? 58

ENHANCING YOUR BROWSER Variety of additional software to add security and privacy support to browser  Adblock Plus  Ghostery  NoScript  Better Privacy  HTTPS Everywhere  Privacy Badger  Disconnect Can Your Web Browser Keep a Secret? 59

RESOURCES Web  Electronic Frontier Foundation   MediaSmarts   Disconnect   Edward Snowden’s security hints  snowden-secrets/ snowden-secrets/  Freedom of the Press Foundation  Can Your Web Browser Keep a Secret? 60

RESOURCES Books  Dragnet Nation  Julia Angwin  The Smart Girl's Guide to Privacy  Violet Blue Television  United States of Secrets  secrets/ secrets/ Can Your Web Browser Keep a Secret? 61

INFORMATION SECURITY SERVICES IST team We will provide custom computer security training to your team or department Contact Terry Labach to discuss your security education needs Can Your Web Browser Keep a Secret? 62

TERRY LABACH x45227 Slides and resources available at Can Your Web Browser Keep a Secret? 63

QUESTIONS? Can Your Web Browser Keep a Secret? 64

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.