Presentation is loading. Please wait.

Presentation is loading. Please wait.

#watitis2014 watitis.uwaterloo.ca CAN YOUR WEB BROWSER KEEP A SECRET? Terry Labach.

Published byJonathan Glazier Modified over 9 years ago

Similar presentations

Presentation on theme: "#watitis2014 watitis.uwaterloo.ca CAN YOUR WEB BROWSER KEEP A SECRET? Terry Labach."— Presentation transcript:

1 #watitis2014 watitis.uwaterloo.ca CAN YOUR WEB BROWSER KEEP A SECRET? Terry Labach

2 #watitis2014 CAN YOUR WEB BROWSER KEEP A SECRET? NO Can Your Web Browser Keep a Secret? 2

3 #watitis2014 QUESTIONS? Can Your Web Browser Keep a Secret? 3

4 #watitis2014 YOU ARE BEING WATCHED Can Your Web Browser Keep a Secret? 4

5 #watitis2014 BROWSERS Desktop  Firefox (Windows, Macintosh, Linux)  Internet Explorer (Windows)  Safari (Macintosh)  Chrome (Windows, Macintosh, Linux)  Opera (Windows, Macintosh, Linux)  WhiteHat Aviator (Windows, Macintosh) WhiteHat Aviator Can Your Web Browser Keep a Secret? 5

6 #watitis2014 BROWSERS Mobile  Firefox (Android)  Dolphin (Android, iPhone)  Internet Explorer (Windows Phone)  Metro (Windows Phone)  Atomic (iPhone)  Chrome (Android, iPhone)  Safari (iPhone)  Opera (Android, iPhone, Windows Phone) Can Your Web Browser Keep a Secret? 6

7 #watitis2014 WHAT SCARES YOU? “My political philosophy is: anything smaller than me is cute; anything bigger than me is scary - elephants, the ocean, Microsoft, the IRS, the IRA, IBM, ICBMs, committees and other mobs, Rush Limbaugh.” - Michael Swaine, Dr. Dobb's Journal Can Your Web Browser Keep a Secret? 7

8 #watitis2014 THREATS TO YOUR PRIVACY Business Government Criminals Can Your Web Browser Keep a Secret? 8

9 #watitis2014 THREATS Business and government have not generally been thought of as threats We know better now Can Your Web Browser Keep a Secret? 9

10 #watitis2014 BUSINESS “We’re looking for a cookie alternative...this is well within the rules and regulations and laws and policies that we have.” - Rich Harris, chief executive of AddThis, on testing of new tracking techniques designed to be harder to avoid.AddThis “Your online profile is being sold on the web. It's kind of crazy and it's not harmless.” - Sharon Goott Nissim, Electronic Privacy Information CenterElectronic Privacy Information Center Can Your Web Browser Keep a Secret? 10

11 #watitis2014 YOU ARE THE PRODUCT Can Your Web Browser Keep a Secret? 11

12 #watitis2014 GOVERNMENT “If there were one thing that I would ask for discussion on is that there has to be some mechanism of accountability for you to sign on to an Internet account that makes it like a digital fingerprint that identifies it to you sitting behind the computer or something at that time. There are mechanisms to do it, but the Internet is so big and so vast at this point, and it’s worldwide, I’m not sure how that could happen, but that would certainly assist everybody.” - Scott Naylor of the Ontario Provincial Police testifying at a Canadian Senate committee in Nov. 2014 Can Your Web Browser Keep a Secret? 12

13 #watitis2014 GOVERNMENT “When conducting national security investigations, the U.S. Federal Bureau of Investigation can issue a National Security Letter (NSL) to obtain identifying information about a subscriber from telephone and Internet companies. The FBI has the authority to prohibit companies from talking about these requests. But we’ve been trying to find a way to provide more information about the NSLs we get—particularly as people have voiced concerns about the increase in their use since 9/11.” - Richard Salgado, Google Can Your Web Browser Keep a Secret? 13

14 #watitis2014 GOVERNMENT “We have the legal authority to intercept and access communications and information pursuant to court order, but we often lack the technical ability to do so.... if the challenges of real-time interception threaten to leave us in the dark, encryption threatens to lead all of us to a very dark place.” - James Comey, FBI Director, Oct. 2014 Can Your Web Browser Keep a Secret? 14

15 #watitis2014 YOU ARE THE TARGET Can Your Web Browser Keep a Secret? 15

16 #watitis2014 RISKS TO YOU Unintentional release of private information Businesses can target and manipulate you Financial loss Harassment from government and law enforcement Embarrassment Emotional distress Can Your Web Browser Keep a Secret? 16

17 #watitis2014 PRIVATE INFORMATION Google, Facebook, Yahoo!, etc. present ads that their analysis indicates might be of interest User could be inadvertently outed based on ads presented Can Your Web Browser Keep a Secret? 17

18 #watitis2014 EMBARRASSMENT Pop-up ad led to married Facebook user being given Zoosk.com account The dating site populated her new account with data from her Facebook profile Can Your Web Browser Keep a Secret? 18

19 #watitis2014 BIG DATA DOESN’T FORGET OfficeMax sent customer mail addressed to "Mike Seay, Daughter Killed in Car Crash.“  OfficeMax stated "is a result of a mailing list rented through a third-party provider“ Globe and Mail report on woman inundated with ads for baby and toddler products, based on Big Data  Woman had suffered two miscarriages, unable to stop ads Can Your Web Browser Keep a Secret? 19

20 #watitis2014 BIG DATA Collection of your data largely unregulated  Not like credit industry, where you can request and correct credit reports Some data brokers will let you request reports  This usually (and ironically) involves disclosing personal data to them so they match your record correctly Can Your Web Browser Keep a Secret? 20

21 #watitis2014 DIFFERENTIAL PRICING Price discrimination Price steering Retailers use information about you to alter pricing that you see. e.g. Orbitz showed costlier hotel rooms to Mac users after market research showed they tend to spend more money than PC users Can Your Web Browser Keep a Secret? 21

22 #watitis2014 THE TRACKERS Facebook Google Twitter Quantcast ComScore Clearspring Doubleclick Neilsen Yahoo AppNexus Can Your Web Browser Keep a Secret? 22

23 #watitis2014 SEARCH HISTORY LEAKAGE Amazon uses your browsing history to suggest itemsbrowsing history How?  Your previous Amazon searches  Similar searches and eventual purchases by other customers Sounds like metadata! Can Your Web Browser Keep a Secret? 23

24 #watitis2014 RECOMMENDED FOR YOU... Can Your Web Browser Keep a Secret? 24

25 #watitis2014 LEAKY BROWSERS Browsers provide information to remote web sites  IP address  Browser version  Computer information  Location information Reporting tools  https://panopticlick.eff.org/ https://panopticlick.eff.org/  http://www.whatismybrowser.com/ http://www.whatismybrowser.com/  http://www.whatbrowser.org/ http://www.whatbrowser.org/ Can Your Web Browser Keep a Secret? 25

26 #watitis2014 INFORMATION LEAKAGE Site with malware can use your browser type to craft an attack e.g. browsing with Internet Explorer identifies you as a Windows user Functionality might be compromised without cause if browser you use is not formally supported Can Your Web Browser Keep a Secret? 26

27 #watitis2014 USER AGENTS Passed to web server e.g. Windows / IE 11: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) User Agent Overrider  Firefox  transmits arbitrary User Agent values Can Your Web Browser Keep a Secret? 27

28 #watitis2014 GEOLOCATION Your geographical location can be inferred from your computer Not 100% reliable due to errors in records Can also be spoofed Can Your Web Browser Keep a Secret? 28

29 #watitis2014 PROXIES AND GEOLOCATION Route your network traffic through a proxy server Various reasons to use proxies Can be used to make geolocation believe you are located wherever the proxy server is TunnelBear is one popular proxy Can Your Web Browser Keep a Secret? 29

30 #watitis2014 USING A PROXY 1 Can Your Web Browser Keep a Secret? 30

31 #watitis2014 USING A PROXY 2 Can Your Web Browser Keep a Secret? 31

32 #watitis2014 TRACKING Using unique identifiers, businesses can track your web browsing By connecting your browsing habits among sites or comparing with other individuals, trends can be identified to assist the business Can Your Web Browser Keep a Secret? 32

33 #watitis2014 COOKIES Browsers can store files on behalf of a web site Each time that site is visited, the browser sends the cookie back to indicate previous activity  logged-in status  shopping cart Contents stipulated by remote site Could leak personal data Can be used to track your Web activity Can Your Web Browser Keep a Secret? 33

34 #watitis2014 BLOCKING & REMOVING COOKIES Many browsers offer ways to manage and delete cookies Many browsers allow you to prevent the storage of cookies from all or some web sites Can also use browser plug-ins for greater power and flexibility Can Your Web Browser Keep a Secret? 34

35 #watitis2014 OTHER TRACKING METHODS Tracking organizations responded to cookie blocking and to their desire to collect and collate more information Canvas fingerprinting Evercookies Cookie syncing Can Your Web Browser Keep a Secret? 35

36 #watitis2014 CANVAS FINGERPRINTING Instructs a Web browser to draw a hidden image Each computer draws the image slightly differently, so the images can be used to generate a code to uniquely identify each user’s device. Not covered by legislation on cookies You can see a visible example of a browser fingerprint fingerprint Can Your Web Browser Keep a Secret? 36

37 #watitis2014 EVERCOOKIES A site places cookies or cookie-like data in every location allowed by your browser If it finds some cookies missing on subsequent visits, it will recreate them using the cookies that survived  Standard HTTP cookies  Local Shared Objects (LSOs) (Flash cookies)  Silverlight Storage  Storing in RGB values of auto-generated images  Web history  Web cache  Internet Explorer storage  HTML5 Storage Can Your Web Browser Keep a Secret? 37

38 #watitis2014 COOKIE SYNCING Allows businesses to work together Invisible redirects and embedded URLS allow multiple businesses to give you cookies, which they link to be able to share your data Can Your Web Browser Keep a Secret? 38

39 #watitis2014 LIGHTBEAM (AKA COLLUSION) Records your browsing activity and the sites involved Creates graphic visualization of sites and connections Can Your Web Browser Keep a Secret? 39

40 #watitis2014 LIGHTBEAM EXAMPLE Can Your Web Browser Keep a Secret? 40

41 #watitis2014 DO NOT TRACK Browser feature  Firefox – Do Not Track  transmits a Do Not Track HTTP header  requires remote site to honour the request  IE – Tracking Protection  limits information sent to third party sites by referring to a user’s list of allowed sites  applies to entire websites, not individual pages  can create or download lists  Chrome – Incognito  won't leave browsing history and cookies on your computer Can Your Web Browser Keep a Secret? 41

42 #watitis2014 CAN YOU TRUST YOUR INTERNET PROVIDER? Some jurisdictions mandate Internet filtering Your internet service provider (ISP) may configure their network to prevent you from searching Google over an encrypted (https:) connection Used in schools and for public Wi-Fi Can Your Web Browser Keep a Secret? 42

43 #watitis2014 MAN IN THE MIDDLE (MITM) Rogers  injects content into web pages to send messages about monthly data usage  information cached for 30 days  for a while, injected ads into bodies of email messages Verizon advertising cookie  adds secret HTML header to web browsing done from mobile devices  likely other providers do the same Can Your Web Browser Keep a Secret? 43

44 #watitis2014 PRIVATE BROWSING Mozilla  Private Browsing allows you to browse the Internet without saving any information about which sites and pages you’ve visited. Internet Explorer  When you use InPrivate Browsing, info like passwords, search history, and page history is deleted once you close the tab. Can Your Web Browser Keep a Secret? 44

45 #watitis2014 SEARCHING Every Google search you've ever performed is stored Data is correlated to your search data from any other Google services you use. Even if you delete a search from your Google history, Google will keep it for their own purposes Can Your Web Browser Keep a Secret? 45

46 #watitis2014 GOOGLE Can Your Web Browser Keep a Secret? 46

47 #watitis2014 TOR The onion routing network Transmits your communications around a network run by volunteers all around the world Proxy servers hide your chain of connections Protects the transport of your data Visualization of features  https://www.eff.org/pages/tor-and-https https://www.eff.org/pages/tor-and-https Can Your Web Browser Keep a Secret? 47

48 #watitis2014 PROTECTING YOUR PRIVACY Don’t put personal information in on-line searches Don't login to your search engine or related tools Block cookies from your search engine Use web proxies and anonymizing software like Tor Configure browser to avoid tracking Can Your Web Browser Keep a Secret? 48

49 #watitis2014 PROTECTING YOUR SEARCHES Google users can view and manage their search history at https://www.google.com/history https://www.google.com/history Use alternative search engines like DuckDuckGo that do not have user logins and do not save your searches DuckDuckGo Authorities and business can’t get data on you that doesn’t exist Can Your Web Browser Keep a Secret? 49

50 #watitis2014 PROTECTING YOUR COMMUNICATIONS Web sites can use unencrypted (http:) or encrypted (https:) communications https: indicates that the transmission of data occurs using TLS (formerly SSL) encryption If a web site allows either, use encrypted communications Better if the web site only allows encrypted communications Can Your Web Browser Keep a Secret? 50

51 #watitis2014 HIDE YOUR IDENTITY Use different browsers Use different computers Use different IP addresses Use fake identities if possible Fake your browser identification Can Your Web Browser Keep a Secret? 51

52 #watitis2014 ENHANCING YOUR BROWSER Variety of additional software to add security and privacy support to browser  Adblock Plus  Ghostery  NoScript  Better Privacy  HTTPS Everywhere  Privacy Badger  Disconnect Can Your Web Browser Keep a Secret? 52

53 #watitis2014 RESOURCES Web  Electronic Frontier Foundation  https://www.eff.org/ https://www.eff.org/  MediaSmarts  http://mediasmarts.ca http://mediasmarts.ca  Disconnect  https://disconnect.me/ https://disconnect.me/  Edward Snowden’s security hints  https://firstlook.org/theintercept/2014/10/28/smuggling- snowden-secrets/ https://firstlook.org/theintercept/2014/10/28/smuggling- snowden-secrets/  Freedom of the Press Foundation  https://freedom.press https://freedom.press Can Your Web Browser Keep a Secret? 53

54 #watitis2014 RESOURCES Books  Dragnet Nation  Julia Angwin  The Smart Girl's Guide to Privacy  Violet Blue Television  United States of Secrets  http://www.pbs.org/wgbh/pages/frontline/united-states-of- secrets/ http://www.pbs.org/wgbh/pages/frontline/united-states-of- secrets/ Can Your Web Browser Keep a Secret? 54

55 #watitis2014 INFORMATION SECURITY SERVICES IST team We will provide custom computer security training to your team or department Contact Terry Labach to discuss your security education needs Can Your Web Browser Keep a Secret? 55

56 #watitis2014 TERRY LABACH terry.labach@uwaterloo.ca 519-888-4567 x45227 Can Your Web Browser Keep a Secret? 56

57 #watitis2014 QUESTIONS? Can Your Web Browser Keep a Secret? 57

Download ppt "#watitis2014 watitis.uwaterloo.ca CAN YOUR WEB BROWSER KEEP A SECRET? Terry Labach."

Similar presentations

The Internet and the Web

The Internet and the Web
 2008 Pearson Education, Inc. All rights reserved. 1 2 2 Web Browser Basics: Internet Explorer and Firefox.

 2008 Pearson Education, Inc. All rights reserved Web Browser Basics: Internet Explorer and Firefox.
Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.

Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Breaking Trust On The Internet

Breaking Trust On The Internet
Lesson 4: Web Browsing.

Lesson 4: Web Browsing.
Netiquette Rules.

Netiquette Rules.
CAN YOUR WEB BROWSER KEEP A SECRET? Terry Labach.

CAN YOUR WEB BROWSER KEEP A SECRET? Terry Labach.
Chapter 7: The Web and E-mail1 The Web and E-mail Chapter 7.

Chapter 7: The Web and 1 The Web and Chapter 7.
ADMINISTRATION Sources of Information REVISION – BLOCK 6.

ADMINISTRATION Sources of Information REVISION – BLOCK 6.
Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.

Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.
Safer Web Browsing Terry Labach Information Security Services IST.

Safer Web Browsing Terry Labach Information Security Services IST.
FIRST COURSE Computer Concepts Internet and Email Microsoft Office Get to Know Your Computer.

FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.

Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Mohammed Saiyeedur Rahman.  E-commerce is buying and selling goods over the internet. This could include selling/buying mobile phones, clothes or DVD’s.

Mohammed Saiyeedur Rahman.  E-commerce is buying and selling goods over the internet. This could include selling/buying mobile phones, clothes or DVD’s.
With Internet Explorer 9 Getting Started© 2013 Pearson Education, Inc. Publishing as Prentice Hall1 Exploring the World Wide Web with Internet Explorer.

With Internet Explorer 9 Getting Started© 2013 Pearson Education, Inc. Publishing as Prentice Hall1 Exploring the World Wide Web with Internet Explorer.
Computer Concepts 2014 Chapter 7 The Web and E-mail.

Computer Concepts 2014 Chapter 7 The Web and .
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.

Similar presentations

Ads by Google