Upload
sensepost
View
3.829
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Presentation by Dominic White at the ITweb security summit 2010. This presentation is about online privacy. The presentation begins with a discussion on behavioral tracking, Ways to prevent tracking such as DNT, TPL,googleSharing and opt out are discussed. The presentation ends with a series of disclussions on evercookie and nevercookie.
Citation preview
A Brave New World
The Politics & Technology of Online Privacy
/whois singe
• Argumentative Catholic Hacker Geek• Consultant @ SensePost• Involved with ZaCon
• Love Building Security, breaking it still fun• TinFoil is in this Winter
• Blog at http://singe.za.net/• Tweet as @singe
A Brave New World
Source: acceleratingfuture.com
Agenda
• Behavioural Tracking Primer• Politics vs Tech– NAI Opt-Out– Do Not Track– Tracking Prevention Lists– GoogleSharing
• Next Level– EverCookie– Mobile Protections
Behavioural Tracking• Analyse user interactions to build a profile• Third parties do this across multiple sites• $21.7 billion industry in US $42.5 in 2015
(BAI/Kelsey U.S. Local Media Annual Forecast)
– Behavioural only 7% of this by 2014
• Popularised by Google, usurped by Facebook• The business model for online monetisation
Picture Source: foture.net
Problems
• People arrested• Data driven inferences could be wrong• Overcriminalisation• Profiles sold to third-parties• Employee abuse• Companies hacked
You have little to no control over this
If you don’t care, will you forever?
Does nobody have the right to care?
What about your kids? Activists?
Politics & Tech
Opt Out
• Advertisers realised they needed to do something to appease the growing noise
• Network Advertising Initiative’s Opt-Out• Sets an “Out-Out” cookie for each
participating third party• You still send data to the third party, just with
one less unique identifier
Opt-Out Problems
• Requires third-party cookies to be enabled• Only covers participating NAI members• Only un-sets one cookies (others remain)• The cookie still exists, some still with an UID• Only prevents targeting ads, data still stored• Only deals with todays problem• We only have the people we don’t trust’s
promise
Do Not Track
• Consumer, not advertiser driven (Stanford IETF draft)• Allows you to make a general statement to everyone• Sends a DNT=1 HTTP header, or sets DNT DOM flag• Requires receiving server to comply• A technical signal, not a technical protection• Backed by legislation• Currently only implemented by Associated Press
Analytics• Firefox 4, Internet Explorer 9 & Safari (no Chrome)
Legislation
• DNT submitted to FTC[Industry efforts to address privacy through self-regulation] “have been too slow, and up to now have failed to provide adequate and meaningful protection.”
• SB 761 California “Do Not Track” proposal at Appropriations Committee
• Do Not Track Act of 2011 introduced on Mon
Response• The trackers got mad:– “California Senate Bill 761 would create an
unnecessary, unenforceable and unconstitutional regulatory burden on Internet commerce.”
– “It would stop California’s information economy in its tracks”
– “The measure would negatively affect consumers who have come to expect rich content and free services through the Internet, and would make them more vulnerable to security threats.”
• Google, Facebook, Yahoo, TimeWarner,MPAA, NAI & many others
Do Not Track Problems
Problems:• Requires cooperation from trackers• Not as verifiable as they claim e.g. AP News• Limited granularity• DOM implementation could be hackedBenefits:• Law is a big, if slow, stick• Expresses preference to all• Works with other techniques
Tracking Protection Lists
• Microsoft driven (W3C draft)• Technically a DNT implementation• Extension of AdBlock Plus approach• Detailed list of domains, URLs & paths• Provides blocking & allow statements• Prevents blocked content from
loading• Multiple providers of lists– EasyList, PrivacyChoice, Abine, TRUSTe
TPL Pros/Cons
Problems:• Blacklist, enumerating badness• Only blocks third-parties• Needs legislation
Benefits• Granular• Transparent/Verifiable• Not a signal, an enforcement• Blocks active content, prevents further leaks
No Idea Very Bad
Enumerating Badness
GoogleSharing
• Built by the very smart Moxie Marlinspike
• Active Subversion & Unblockable• Pools identities, lets you use a
random one• Proxies requests, over SSL• No need to trust the proxy• Tools provided to run your own• This can be extended
Active Subversion
• Why must we accommodate trackers? Take back our privacy by force if we must
• Muddies trackers data sets– One user is many users– Looks like a NAT– Unblockable, undistinguishable
• Increases cost of tracking• Keeps you safe
– Network location is kept secret– No tracking
http://1984.za.net/
Next Level
Beyond Cookies
• Cookies are only one way to track• Flash Local Storage Objects have been used
for years, but that’s not all• Samy Kamkar came up with 13 methods in
total• Also, a way to use one method to restore the
othersThe Evercookie
Evercookie
• Normal Cookies• Flash LSO• Silverlight Isolated
Storage• WebHistory• Etags• WebCache• window.name cache
• HTML5 Session Storage• HTML5 Local Storage• HTML5 Global Storage• HTML5 Database
Storage• Internet Explorer
userData• Force cached PNG
http://samy.pl/evercookie/
NeverCookie
NeverCookie
• Deletes normal/HTML5/Flash/Silverlight “cookies”
• Can prevent setting of future Flash & Silverlight objects– Sets a binary Adobe Preferences Object– Touches a disabled.dat Silverlight file
• GUI written by Willem @ SensePost• OSX & Safari only currently, plan to extend
NeverCookie
Mobile EverCookie
• On Apple iOS, each application is in a sandbox• Every app allowing “surfing” is vulnerable to
the evercookie• There could be hundreds of evercookies!• Built-in settings only clear some of
MobileSafari’s cache
ResetSafari
• Jailbreak SBSettings application by Sea Comet• Based on my code release• Deletes all Cookies as
NeverCookie but for all apps• Nevercookie for Mobile
http://modmyi.com/cydia/package.php?id=32881
Proxy.Pac
• GoogleSharingif (shExpMatch(host,"*google.*")) { return proxy_GoogleSharing; }
• Ad & Tracking Block (simple) if ( shExpMatch(host,"*googlesyndication.*”)
|| shExpMatch(host,"*googleadservices.*")|| shExpMatch(host,"*google-analytics.*”)|| shExpMatch(url,"*facebook.com/plugins/like.php*”)) { return proxy_BlackHole; }
Blackhole Problem
• Blackholes are handled differently • WebKit fails to DIRECT• Need a blackhole proxy server• Implemented a simple Twisted HTTP server
than responds with HTTP 200 OK to everything
• Thanks Gert @ SensePost
Available At
http://1984.za.net/proxy.php?proxy=<> - sets default proxy
&port=<> - sets default proxy port&socks – makes it a SOCKS proxy
Don’t trust us
Enabling on iPhone
• Wifi network .pac can be configured normally• 3G doesn’t allow proxy settings via Interface• /Library/Preferences/SystemConfiguration/
preferences.plist<dict>
<key>HTTPEnable</key> <integer>0</integer> <key>HTTPProxyType</key> <integer>2</integer> <key>HTTPSEnable</key> <integer>0</integer> <key>ProxyAutoConfigEnable</key> <integer>1</integer> <key>ProxyAutoConfigURLString</key>
<string>http://1984.za.net/proxy.php</string> </dict>
Summary & Conclusion
• Behavioural Tracking is big business• We need control of our data• Opt-out is highly politicised, in-flux & requires
legistlation• Subversion should be built in the mean-time• Watch out for what’s coming next (or now)• These tools are easy to build, get started