Before we start (what my friend who is lawyer insists I

say)

• This presentation mentions several companies regarding data analysis and privacy in comparison to business

• There are many more companies performing the same services and activities, and the mentioned few are only used as very prominent examples of the process of data storage and data analysis of user data

• This presentation does not intend to present any of those companies in a negative light nor make any implicit or explicit claim that any of those companies are performing any illegal or damaging activities

Person(s) of interestUnderstanding the shift of personal privacy in a world of too much public information

Bozhidar Spirovskispirovski.b@clearmorning.netspirovski.b@gmail.com

The brave new world• zetabytes of data exist in the digital universe today• Walmart handles more than customer

transactions every hour, which is imported into databases estimated to contain more than petabytes of data.

• In Google was processing a daily data volume of terabytes

• terabytes of data uploaded daily to Facebook• Facebook stores, accesses, and analyzes more than

Petabytes of user generated data. • Akamai analyzes million events per day to better

target advertisements. Source Wikibon Big Data Stats

2.71,000,000

20,000

100 30

75

2008 2.5

Welcome to Your Not-So Private Parts

• Target computers conclude that a teenage girl is pregnant and sent coupons for baby clothes which were found by a very surprised father (NY Times, 2012)

• A social experiment in Gmail resulted in allergy medicine commercials after 3 exchanged mails mentioning illness to a doctor’s mail (Shortinfosec , 2009)

• Unverified – a woman is denied health insurance by her carrier because of high probability of cancer based on social analytics data bought from a social network

What is out there about us?• Location and travelling • IP address whois lookup• Photo tagging• Location sharing

• Personal habits • Site categories visited• Book/movie categorie most browsed• logon times• linger times on sites

• Shopping preferences and interests• Search engine product searches• Online purchases purchases and browsing

What is out there about us?• Personal Data• Facial recognition data (high res images on pinterest,

facebook, google+, twitter…)• Voice recognition data (youtube, vimeo)• Relationship data (social networks first connections,

tags on photos…)• Professional and personal interests (crawling of forum

and discussion group archives)

We have placed cookies on your computer to help make this website better. You can change your cookie settings at any time. Otherwise, we'll assume you're OK to continue.

What is out there about us?

• VERY personal preferences

The nemesis of privacy

2010 2011 2012 2013 (first half)

050

100150200250300

Twitter Revenue Breakdown (million of

$ US)

Advertising Data Licensing

•Sources: Worldstream Internet Marketing (2012), Splatf (2012), San Jose Mercury News (2013)

The nemesis of privacy

If you aren’t buyingand you aren’t selling

YOU ARE THE PRODUCT

Who will be able to (ab)use all this?

• Data collectors and brokers (social network

companies, Infochimps)• Retailers and vendors (Amazon, Target,

Wallmart…)

• Prospective employers and headhunters• Disgruntled employees • Ex girl/boy friends• Social Engineers (Con Men / Hackers …)

Maltego OSINT data search/correlation

Privacy protection ideas?• Regulatory initiatives• Take forever to move off the ground• Prone to huge influence by lobbyists (big money)• Limited to one country/region• Obsolete by the time all legal loops are passed

• Intelligence agencies• Business moves at light speed compared to intelligence• People volunteer information to business• Intelligence agencies are actually using business

gathered data for their own use

Privacy protection ideas?• Non-profit initiatives• Don’t get enough momentum unless there is an actual

publicly known incident. • Even if influence is sufficient, the initiative targets one

specific issue of that incident• By the way…• All data mentioned above is given and published by the

end user, and the service that is provided by the businesses is never ever charged to the use

• There is no such thing as free lunch

Opportunities for someone

• A business (malicious) opportunity• The old model attacks• Bandwidth• Compute resources• Data (financial, corp)

• The new model attacks• Reputation of people• Social networks • Forums• Doctored photos• Donations

MINTRUE1984

The brave new world

What to do• We are living another paradigm shift • the industrial revolution ???• Regulation will occur, but when?

• Young generations embrace and accept it • Understand it• Adjust• Educate early, educate a lot. • Learn from the younger generation• Prepare for reputation defense • The next phase is just around the corner

Custom commercials

?

Thank you

Bozhidar Spirovskispirovski.b@clearmorning.netspirovski.b@gmail.com