jetlib.sec » Tags » privacy-event

Authors: John Q. Newman
Tags: privacy
Event: DEFCON 7

Tags:  personal video privacy john-q.-newman john-q-newman privacy-event personal-privacy  

Authors: John Q. Newman
Tags: privacy
Event: DEFCON 7

Tags:  personal audio privacy john-q.-newman john-q-newman privacy-event personal-privacy  

Authors: Ian Goldberg
Tags: privacy
Event: DEFCON 7

Tags:  internet video pseudonymously ian-goldberg privacy-event goldberg  

Authors: Ian Goldberg
Tags: privacy
Event: DEFCON 7

Tags:  internet audio pseudonymously ian-goldberg privacy-event goldberg  

Authors: John Q. Newman
Tags: privacy
Event: DEFCON 6

Tags:  audio lastest paper john-q.-newman john-q-newman privacy-event false-identity  

Authors: Austin Hill Ian Goldberg
Tags: privacy
Event: DEFCON 6

Tags:  audio zero privacy ian-goldberg austin-hill internet-privacy-utility zero-knowledge-systems privacy-event  

Authors: Emmanuel Goldstein
Tags: privacy
Event: DEFCON 4

Tags:  eff hackers audio emmanuel-goldstein privacy-event  

Authors: John Q. Newman
Tags: privacy
Event: DEFCON 4

Tags:  audio privacy identity john-q.-newman john-q-newman privacy-event  

Tags: privacy
Event: DEFCON 2

Tags:  audio privacy anonymity anonymity-on-the-internet privacy-event  

Authors: Gail Thackeray
Tags: privacy
Event: DEFCON 2

Tags:  audio privacy rights gail-thackeray privacy-event thackeray privacy-rights  

Tags: privacy
Event: Chaos Communication Congress 21th (21C3) 2004
Abstract: The talk describes some of the current practices of Instant Messaging providers, and go over what makes some of the design choices better or worse, describing possible and known attacks against messaging protocols and suggest possible solutions to those problems. If possible a live demonstration of exploitation of AOLs Instant Messenger will be shown though a simple attack on DNS. Instant messaging has become one of the most common methods of communication in the Internet age, just about every person who has an Internet connection has one or more instant messaging accounts with one or more of the big providers (AOL, MSN, Yahoo, etc.). The problem with current messaging providers is that each and every instant messaging protocol designed so far has made security and privacy an after-thought. With simple blunders like non-cryptographicly mangled passwords, clear text conversations, the use of format strings in server-client communications. And in some cases, just plain dumb protocol implementations. Another topic I will attempt to cover is the suppression of securing technologies by the American (and other) governments by law, for example the US's use of the ITAR to suppress the use and distribution of such simple technologies as virus scanners, SSL and how even the act of assisting someone in implementing these can land a person in jail.. my intent is to color the talk with personal stories, news articles, and textual examples from the laws themselves.

Tags:  use instant messaging chaos-communication-congress privacy-event virus-scanners  

Tags: privacy
Event: Chaos Communication Congress 21th (21C3) 2004
Abstract: The talk describes some of the current practices of Instant Messaging providers, and go over what makes some of the design choices better or worse, describing possible and known attacks against messaging protocols and suggest possible solutions to those problems. If possible a live demonstration of exploitation of AOLs Instant Messenger will be shown though a simple attack on DNS. Instant messaging has become one of the most common methods of communication in the Internet age, just about every person who has an Internet connection has one or more instant messaging accounts with one or more of the big providers (AOL, MSN, Yahoo, etc.). The problem with current messaging providers is that each and every instant messaging protocol designed so far has made security and privacy an after-thought. With simple blunders like non-cryptographicly mangled passwords, clear text conversations, the use of format strings in server-client communications. And in some cases, just plain dumb protocol implementations. Another topic I will attempt to cover is the suppression of securing technologies by the American (and other) governments by law, for example the US's use of the ITAR to suppress the use and distribution of such simple technologies as virus scanners, SSL and how even the act of assisting someone in implementing these can land a person in jail.. my intent is to color the talk with personal stories, news articles, and textual examples from the laws themselves.

Tags:  use instant messaging chaos-communication-congress privacy-event virus-scanners  

Tags: privacy
Event: Chaos Communication Congress 21th (21C3) 2004
Abstract: The talk describes some of the current practices of Instant Messaging providers, and go over what makes some of the design choices better or worse, describing possible and known attacks against messaging protocols and suggest possible solutions to those problems. If possible a live demonstration of exploitation of AOLs Instant Messenger will be shown though a simple attack on DNS. Instant messaging has become one of the most common methods of communication in the Internet age, just about every person who has an Internet connection has one or more instant messaging accounts with one or more of the big providers (AOL, MSN, Yahoo, etc.). The problem with current messaging providers is that each and every instant messaging protocol designed so far has made security and privacy an after-thought. With simple blunders like non-cryptographicly mangled passwords, clear text conversations, the use of format strings in server-client communications. And in some cases, just plain dumb protocol implementations. Another topic I will attempt to cover is the suppression of securing technologies by the American (and other) governments by law, for example the US's use of the ITAR to suppress the use and distribution of such simple technologies as virus scanners, SSL and how even the act of assisting someone in implementing these can land a person in jail.. my intent is to color the talk with personal stories, news articles, and textual examples from the laws themselves.

Tags:  chaos-communication-congress privacy-event virus-scanners  

Authors: Donatella Della Ratta
Tags: privacy
Event: Chaos Communication Congress 21th (21C3) 2004
Abstract: The lecture will deal about freedom of expression in the Arab world after the spreading of new private satellite channels opposing the traditional state monopoly and censorship in TV broadcasting. It will focus on the case study of Al Jazeera being the first Arab TV station to build its editorial policy around “the opinion and the counter-opinion” and the public expression of different points of view, from the very conservative to the ones that are traditionally banned because of their violent opposition to Arab regimes. The lecture will also analyse to what extent this editorial policy of the Qatari TV station – which has caused many problems for the state of Qatar, including the breaking of diplomatic relationships with different Arab nations, and has caused heavy financial loss to Al Jazeera, due to the boycott of Saudi Arabia rich ad investors - has contributed to the spread of freedom of expression and helped the creation of a public opinion in the Arab world. Meanwhile, it will underline some profound differences between the Western concept of freedom of expression and the Arab idea of respect of cultural background which sometime has to limit the flow of ideas and information. Last point which will be discussed is the position of the nation-states due to the spreading of this satellite channels and their attempt to control this phenomena opening the Media Free Zones (there are 3 now in the Middle East): a legal and economic model which allows liberalization and privatization of broadcast giving, on the other side, a limited amount of freedom of expression which remains firmly managed and controlled by the government.

Tags:  freedom lecture expression al-jazeera donatella-della-ratta middle-east saudi-arabia qatar chaos-communication-congress privacy-event  

Authors: Donatella Della Ratta
Tags: privacy
Event: Chaos Communication Congress 21th (21C3) 2004
Abstract: The lecture will deal about freedom of expression in the Arab world after the spreading of new private satellite channels opposing the traditional state monopoly and censorship in TV broadcasting. It will focus on the case study of Al Jazeera being the first Arab TV station to build its editorial policy around “the opinion and the counter-opinion” and the public expression of different points of view, from the very conservative to the ones that are traditionally banned because of their violent opposition to Arab regimes. The lecture will also analyse to what extent this editorial policy of the Qatari TV station – which has caused many problems for the state of Qatar, including the breaking of diplomatic relationships with different Arab nations, and has caused heavy financial loss to Al Jazeera, due to the boycott of Saudi Arabia rich ad investors - has contributed to the spread of freedom of expression and helped the creation of a public opinion in the Arab world. Meanwhile, it will underline some profound differences between the Western concept of freedom of expression and the Arab idea of respect of cultural background which sometime has to limit the flow of ideas and information. Last point which will be discussed is the position of the nation-states due to the spreading of this satellite channels and their attempt to control this phenomena opening the Media Free Zones (there are 3 now in the Middle East): a legal and economic model which allows liberalization and privatization of broadcast giving, on the other side, a limited amount of freedom of expression which remains firmly managed and controlled by the government.

Tags:  freedom lecture expression al-jazeera donatella-della-ratta middle-east saudi-arabia qatar chaos-communication-congress privacy-event  

Authors: George Danezis
Tags: privacy
Event: Chaos Communication Congress 21th (21C3) 2004
Abstract: We will present the state of the art in deployed anonymous communication systems, and in particular Mixminion, for anonymous email, and Tor, for anonymous web browsing. We will focus on the concrete future challenges to deploy and strengthen theses systems. In the last few years there has been a renewed interest in anonymous communications, both in terms of accademic work but most importantly in terms of implemented and deployed systems. This talk will be geared towards those at the cross section of practice and reaserch that are interested in developing or strengthening applications that provide some anonymity protection. We will describe two systems that are based on solid theoretical work, and should provide a high degree of security: Mixminion, is a high latency remailer, that can be used to anonymise email, while Tor is a low latency Onion Router, supporting the transport of any TCP stream. The two architectures are complementary, and provide very different security properties. While deployed, for testing, they Mixminion and Tor are both works in progress, and many practical as well as research challenges need to be resolved before they become widely used. The talk will first give an overview of Mixminion and Tor, highlight their architectural similarities and differences. Some attention will be paid to the threat models that they try to protect against and the features that they provide. The key attack techniques will be presented, but without going into the mathematical details. Pointers for further reading will be provided for those who are keen. Then we shall focus on the issues that remain to be resolved to widely deploy these systems, and further strengthen them. These issues are both research questions or concern the practical implemetation of anonymous infrastructure and services. On the one hand there is a need to build more services merely to support anonymous communications: from the implementation of pseudonym servers, directory services, or integration into client applications to research on DoS prevention and flooding. On the other hand the communication infrastructure is only there to be used by higher level applications. Therefore there is a need to understand which applications can be used without modifications over anonymous communications, and which will require to be modified not to compromise identity information. As a result of this talk participants should feel confortable with the basic design of anonymity systems, and know where to find additional information to use or build on these systems. If they choose to further look into the subject they will know what the main issues are where more work is required, and know the venues where this work can be presented, used, and appreciated.

Tags:  mixminion communication work george-danezis tor chaos-communication-congress onion-router privacy-event  

Authors: George Danezis
Tags: privacy
Event: Chaos Communication Congress 21th (21C3) 2004
Abstract: We will present the state of the art in deployed anonymous communication systems, and in particular Mixminion, for anonymous email, and Tor, for anonymous web browsing. We will focus on the concrete future challenges to deploy and strengthen theses systems. In the last few years there has been a renewed interest in anonymous communications, both in terms of accademic work but most importantly in terms of implemented and deployed systems. This talk will be geared towards those at the cross section of practice and reaserch that are interested in developing or strengthening applications that provide some anonymity protection. We will describe two systems that are based on solid theoretical work, and should provide a high degree of security: Mixminion, is a high latency remailer, that can be used to anonymise email, while Tor is a low latency Onion Router, supporting the transport of any TCP stream. The two architectures are complementary, and provide very different security properties. While deployed, for testing, they Mixminion and Tor are both works in progress, and many practical as well as research challenges need to be resolved before they become widely used. The talk will first give an overview of Mixminion and Tor, highlight their architectural similarities and differences. Some attention will be paid to the threat models that they try to protect against and the features that they provide. The key attack techniques will be presented, but without going into the mathematical details. Pointers for further reading will be provided for those who are keen. Then we shall focus on the issues that remain to be resolved to widely deploy these systems, and further strengthen them. These issues are both research questions or concern the practical implemetation of anonymous infrastructure and services. On the one hand there is a need to build more services merely to support anonymous communications: from the implementation of pseudonym servers, directory services, or integration into client applications to research on DoS prevention and flooding. On the other hand the communication infrastructure is only there to be used by higher level applications. Therefore there is a need to understand which applications can be used without modifications over anonymous communications, and which will require to be modified not to compromise identity information. As a result of this talk participants should feel confortable with the basic design of anonymity systems, and know where to find additional information to use or build on these systems. If they choose to further look into the subject they will know what the main issues are where more work is required, and know the venues where this work can be presented, used, and appreciated.

Tags:  mixminion communication work george-danezis tor chaos-communication-congress onion-router privacy-event  

Authors: George Dafermos
Tags: privacy
Event: Chaos Communication Congress 21th (21C3) 2004
Abstract: A lecture on how digital media prosthetics, institutionalisation (in particular the manifestations of copyright and patent law which lurk behind vested interests in controlling the transition to a vastly powerful new world), and the imperatives of corporate planning have come into a conflict so fierce that shared lived experience, increasingly, is forced to undergo a rapid process of commodification. I'd like to propose a lecture on how digital media prosthetics, institutionalisation (in particular the manifestations of copyright and patent law which lurk behind vested interests in controlling the transition to a vastly powerful new world), and the imperatives of corporate planning have come into a conflict so fierce that shared lived experience, increasingly, is forced to undergo a rapid process of commodification. This struggle, which can no longer be defined through the lens of geography or class alone, in turn, points to a not that distant future in which commons-based peer production/consumption is exploited within a context of intense social taylorism and digital fordism with the ultimate goal to turn culture into a paid-for experience, and hence moving the terrain of struggle away from the surplus value of labour to the "legitimacy" of knowledge sharing and pervasive networking, and how the latter can be monetised and controlled in accordance with anarcho-capitalist agendas. Obviously, the question which we ought to pose to ourselves is how the revolutionary demands of hacking can be guided, assembled, and reproduced so that this process of commodification is consciously resisted by technology developers and users alike, artists, and all those whose creativity and desire for socially-conscious technological innovation and emergent social cooperation have been enhanced by the digital condition we're increasinly in the centre of.

Tags:  experience commodification process george-dafermos chaos-communication-congress pervasive-networking privacy-event  

Authors: George Dafermos
Tags: privacy
Event: Chaos Communication Congress 21th (21C3) 2004
Abstract: A lecture on how digital media prosthetics, institutionalisation (in particular the manifestations of copyright and patent law which lurk behind vested interests in controlling the transition to a vastly powerful new world), and the imperatives of corporate planning have come into a conflict so fierce that shared lived experience, increasingly, is forced to undergo a rapid process of commodification. I'd like to propose a lecture on how digital media prosthetics, institutionalisation (in particular the manifestations of copyright and patent law which lurk behind vested interests in controlling the transition to a vastly powerful new world), and the imperatives of corporate planning have come into a conflict so fierce that shared lived experience, increasingly, is forced to undergo a rapid process of commodification. This struggle, which can no longer be defined through the lens of geography or class alone, in turn, points to a not that distant future in which commons-based peer production/consumption is exploited within a context of intense social taylorism and digital fordism with the ultimate goal to turn culture into a paid-for experience, and hence moving the terrain of struggle away from the surplus value of labour to the "legitimacy" of knowledge sharing and pervasive networking, and how the latter can be monetised and controlled in accordance with anarcho-capitalist agendas. Obviously, the question which we ought to pose to ourselves is how the revolutionary demands of hacking can be guided, assembled, and reproduced so that this process of commodification is consciously resisted by technology developers and users alike, artists, and all those whose creativity and desire for socially-conscious technological innovation and emergent social cooperation have been enhanced by the digital condition we're increasinly in the centre of.

Tags:  experience commodification process george-dafermos chaos-communication-congress pervasive-networking privacy-event  

Authors: George Dafermos
Tags: privacy
Event: Chaos Communication Congress 21th (21C3) 2004
Abstract: A lecture on how digital media prosthetics, institutionalisation (in particular the manifestations of copyright and patent law which lurk behind vested interests in controlling the transition to a vastly powerful new world), and the imperatives of corporate planning have come into a conflict so fierce that shared lived experience, increasingly, is forced to undergo a rapid process of commodification. I'd like to propose a lecture on how digital media prosthetics, institutionalisation (in particular the manifestations of copyright and patent law which lurk behind vested interests in controlling the transition to a vastly powerful new world), and the imperatives of corporate planning have come into a conflict so fierce that shared lived experience, increasingly, is forced to undergo a rapid process of commodification. This struggle, which can no longer be defined through the lens of geography or class alone, in turn, points to a not that distant future in which commons-based peer production/consumption is exploited within a context of intense social taylorism and digital fordism with the ultimate goal to turn culture into a paid-for experience, and hence moving the terrain of struggle away from the surplus value of labour to the "legitimacy" of knowledge sharing and pervasive networking, and how the latter can be monetised and controlled in accordance with anarcho-capitalist agendas. Obviously, the question which we ought to pose to ourselves is how the revolutionary demands of hacking can be guided, assembled, and reproduced so that this process of commodification is consciously resisted by technology developers and users alike, artists, and all those whose creativity and desire for socially-conscious technological innovation and emergent social cooperation have been enhanced by the digital condition we're increasinly in the centre of.

Tags:  experience commodification process george-dafermos chaos-communication-congress pervasive-networking privacy-event  

Authors: George Dafermos
Tags: privacy
Event: Chaos Communication Congress 21th (21C3) 2004
Abstract: A lecture on how digital media prosthetics, institutionalisation (in particular the manifestations of copyright and patent law which lurk behind vested interests in controlling the transition to a vastly powerful new world), and the imperatives of corporate planning have come into a conflict so fierce that shared lived experience, increasingly, is forced to undergo a rapid process of commodification. I'd like to propose a lecture on how digital media prosthetics, institutionalisation (in particular the manifestations of copyright and patent law which lurk behind vested interests in controlling the transition to a vastly powerful new world), and the imperatives of corporate planning have come into a conflict so fierce that shared lived experience, increasingly, is forced to undergo a rapid process of commodification. This struggle, which can no longer be defined through the lens of geography or class alone, in turn, points to a not that distant future in which commons-based peer production/consumption is exploited within a context of intense social taylorism and digital fordism with the ultimate goal to turn culture into a paid-for experience, and hence moving the terrain of struggle away from the surplus value of labour to the "legitimacy" of knowledge sharing and pervasive networking, and how the latter can be monetised and controlled in accordance with anarcho-capitalist agendas. Obviously, the question which we ought to pose to ourselves is how the revolutionary demands of hacking can be guided, assembled, and reproduced so that this process of commodification is consciously resisted by technology developers and users alike, artists, and all those whose creativity and desire for socially-conscious technological innovation and emergent social cooperation have been enhanced by the digital condition we're increasinly in the centre of.

Tags:  chaos-communication-congress pervasive-networking privacy-event  

Authors: Ian Clarke Oskar Sandberg
Tags: covert channel privacy
Event: Chaos Communication Congress 22th (22C3) 2005
Abstract: At Defcon 13, we presented our ideas for creating scalable networks where only trusted friends speak directly to each other. In this talk, we will elaborate on this, discussing further experiments and results, as well as our attempts to build such a network for real. We believe that such networks, because they are covert and difficult to detect, are the only viable future for peer-to-peer communication in a time when it is under attack from all sides. The problem with such "dark" networks, or Darknets, is that peers in general are connected only through sequences of friends knowing friends. In order to create a network that still allows global communication, one must find a way of searching efficiently for such paths between hosts. This is where we have focused our attention: if one can efficiently find such paths, then one can use the known techniques of distributed hashtables to make a working, searchable, network. We have now begun our plan towards actually deploying a version of Freenet based on these principles: a file sharing network where only once trusted friends will know that one is even participating. Since it is to be the next version of Freenet, we also intend for it to offer anonymity and replication to protect against censorship. In this talk, we will further elaborate on the ideas and the issues we are facing. We will discuss further experiments and results, as well as our initial experiences of attempting to create such a network for the real world. As before, we will present both the theoretical aspects of our research, which has its roots in deep mathematical results, and the practical aspects of what we are trying to achieve.

Tags:  version communication network ian-clarke-oskar-sandberg chaos-communication-congress defcon-13 privacy-event  

Authors: Ian Clarke Oskar Sandberg
Tags: covert channel privacy
Event: Chaos Communication Congress 22th (22C3) 2005
Abstract: At Defcon 13, we presented our ideas for creating scalable networks where only trusted friends speak directly to each other. In this talk, we will elaborate on this, discussing further experiments and results, as well as our attempts to build such a network for real. We believe that such networks, because they are covert and difficult to detect, are the only viable future for peer-to-peer communication in a time when it is under attack from all sides. The problem with such "dark" networks, or Darknets, is that peers in general are connected only through sequences of friends knowing friends. In order to create a network that still allows global communication, one must find a way of searching efficiently for such paths between hosts. This is where we have focused our attention: if one can efficiently find such paths, then one can use the known techniques of distributed hashtables to make a working, searchable, network. We have now begun our plan towards actually deploying a version of Freenet based on these principles: a file sharing network where only once trusted friends will know that one is even participating. Since it is to be the next version of Freenet, we also intend for it to offer anonymity and replication to protect against censorship. In this talk, we will further elaborate on the ideas and the issues we are facing. We will discuss further experiments and results, as well as our initial experiences of attempting to create such a network for the real world. As before, we will present both the theoretical aspects of our research, which has its roots in deep mathematical results, and the practical aspects of what we are trying to achieve.

Tags:  version communication network ian-clarke-oskar-sandberg chaos-communication-congress defcon-13 privacy-event  

Authors: Ian Clarke Oskar Sandberg
Tags: covert channel privacy
Event: Chaos Communication Congress 22th (22C3) 2005
Abstract: At Defcon 13, we presented our ideas for creating scalable networks where only trusted friends speak directly to each other. In this talk, we will elaborate on this, discussing further experiments and results, as well as our attempts to build such a network for real. We believe that such networks, because they are covert and difficult to detect, are the only viable future for peer-to-peer communication in a time when it is under attack from all sides. The problem with such "dark" networks, or Darknets, is that peers in general are connected only through sequences of friends knowing friends. In order to create a network that still allows global communication, one must find a way of searching efficiently for such paths between hosts. This is where we have focused our attention: if one can efficiently find such paths, then one can use the known techniques of distributed hashtables to make a working, searchable, network. We have now begun our plan towards actually deploying a version of Freenet based on these principles: a file sharing network where only once trusted friends will know that one is even participating. Since it is to be the next version of Freenet, we also intend for it to offer anonymity and replication to protect against censorship. In this talk, we will further elaborate on the ideas and the issues we are facing. We will discuss further experiments and results, as well as our initial experiences of attempting to create such a network for the real world. As before, we will present both the theoretical aspects of our research, which has its roots in deep mathematical results, and the practical aspects of what we are trying to achieve.

Tags:  version communication network ian-clarke-oskar-sandberg chaos-communication-congress defcon-13 privacy-event  

Authors: Caspar Bowden
Tags: privacy
Event: Chaos Communication Congress 23th (23C3) 2006
Abstract: Microsoft has proposed architectural principles ("7 Laws of Identity") to support convergence towards an inter-operable, secure, and privacy-enhancing plurality of identity systems - an "Identity Metasystem". This new concept presupposes that a single monolithic identity system for the Internet is neither practicable nor desirable.

Tags:  video privacy identity laws caspar-bowden chaos-communication-congress privacy-event  

Authors: Caspar Bowden
Tags: privacy
Event: Chaos Communication Congress 23th (23C3) 2006
Abstract: Microsoft has proposed architectural principles ("7 Laws of Identity") to support convergence towards an inter-operable, secure, and privacy-enhancing plurality of identity systems - an "Identity Metasystem". This new concept presupposes that a single monolithic identity system for the Internet is neither practicable nor desirable.

Tags:  audio privacy identity laws caspar-bowden chaos-communication-congress privacy-event  

Authors: Jan Schallaböck Ralf Bendrath Udo Neitzel
Tags: privacy
Event: Chaos Communication Congress 23th (23C3) 2006
Abstract: The presentation will show the hidden privacy implications of some web2.0 and identity2.0 services, standards and applications and discuss the underlying trend here. Web2.0 has created a new rush towards social networking and collaborative applications. This enables new possibilities, but also is a threat to users' privacy and data. On the surface, many people seem to like giving away their data to others in exchange for building communities or getting their 15 seconds of fame. But below it lie less obvious privacy implications. Some of them are accidential, like publicly marking someone as a "friend" without asking that person before or putting personal data under a creative commons license. But some are more fundamental, as they are based on voluntary surveillance of the users. On the extreme end of the spectrum, the trend towards "identity 2.0" services - from microformats like OpenID and adressing systems like XDI to infrastructures like Cardspace and Higgins - will have far-reaching impacts on the future of privacy and anonymity on the web. The presentation will show the hidden privacy implications of some web2.0 and identity2.0 services, standards and applications and discuss the underlying trend here.

Tags:  privacy identity web jan-schallabck ralf-bendrath udo-neitzel chaos-communication-congress web2-0 privacy-event  

Authors: Jan Schallaböck Ralf Bendrath Udo Neitzel
Tags: privacy
Event: Chaos Communication Congress 23th (23C3) 2006
Abstract: The presentation will show the hidden privacy implications of some web2.0 and identity2.0 services, standards and applications and discuss the underlying trend here. Web2.0 has created a new rush towards social networking and collaborative applications. This enables new possibilities, but also is a threat to users' privacy and data. On the surface, many people seem to like giving away their data to others in exchange for building communities or getting their 15 seconds of fame. But below it lie less obvious privacy implications. Some of them are accidential, like publicly marking someone as a "friend" without asking that person before or putting personal data under a creative commons license. But some are more fundamental, as they are based on voluntary surveillance of the users. On the extreme end of the spectrum, the trend towards "identity 2.0" services - from microformats like OpenID and adressing systems like XDI to infrastructures like Cardspace and Higgins - will have far-reaching impacts on the future of privacy and anonymity on the web. The presentation will show the hidden privacy implications of some web2.0 and identity2.0 services, standards and applications and discuss the underlying trend here.

Tags:  privacy identity web jan-schallabck ralf-bendrath udo-neitzel chaos-communication-congress web2-0 privacy-event  

Authors: Andreas Krisch
Tags: RFID privacy
Event: Chaos Communication Congress 24th (24C3) 2007
Abstract: Following the public consultation on Radio Frequency Identification (RFID) carried out in 2006 the European Commission set up an RFID Expert Group in July 2007, focussing on Privacy and Security. One of the groups tasks is to provide advice to the Commission on the content of a Recommendation to the member states, which shall set out the principles that public authorities and other stakeholders should apply in respect of RFID usage. European Digital Rights (EDRi) participates in this task as a member of the Expert Group. This session will provide an overview of the EU policy activities regarding RFID and Privacy in 2007 and give an outlook to activities planned for 2008. EDRi's positions on RFID and Privacy will be presented and, when published by the Commission before the event, the contents of the Recommendation to the member states will be presented and discussed in detail.

Tags:  privacy commission rfid andreas-krisch chaos-communication-congress radio-frequency-identification privacy-event  

Authors: Andreas Krisch
Tags: RFID privacy
Event: Chaos Communication Congress 24th (24C3) 2007
Abstract: Following the public consultation on Radio Frequency Identification (RFID) carried out in 2006 the European Commission set up an RFID Expert Group in July 2007, focussing on Privacy and Security. One of the groups tasks is to provide advice to the Commission on the content of a Recommendation to the member states, which shall set out the principles that public authorities and other stakeholders should apply in respect of RFID usage. European Digital Rights (EDRi) participates in this task as a member of the Expert Group. This session will provide an overview of the EU policy activities regarding RFID and Privacy in 2007 and give an outlook to activities planned for 2008. EDRi's positions on RFID and Privacy will be presented and, when published by the Commission before the event, the contents of the Recommendation to the member states will be presented and discussed in detail.

Tags:  privacy commission rfid andreas-krisch chaos-communication-congress radio-frequency-identification privacy-event  

Authors: Andreas Krisch
Tags: RFID privacy
Event: Chaos Communication Congress 24th (24C3) 2007
Abstract: Following the public consultation on Radio Frequency Identification (RFID) carried out in 2006 the European Commission set up an RFID Expert Group in July 2007, focussing on Privacy and Security. One of the groups tasks is to provide advice to the Commission on the content of a Recommendation to the member states, which shall set out the principles that public authorities and other stakeholders should apply in respect of RFID usage. European Digital Rights (EDRi) participates in this task as a member of the Expert Group. This session will provide an overview of the EU policy activities regarding RFID and Privacy in 2007 and give an outlook to activities planned for 2008. EDRi's positions on RFID and Privacy will be presented and, when published by the Commission before the event, the contents of the Recommendation to the member states will be presented and discussed in detail.

Tags:  privacy commission rfid andreas-krisch chaos-communication-congress radio-frequency-identification privacy-event  

Tags: privacy
Event: Chaos Communication Congress 24th (24C3) 2007
Abstract: A presentation of a few successful campaigns in France lead by libre software activists for defending freedom in a digital world: bringing awareness of the politicians about the dangers of the EUCD transposition and DRM, and their economical, social and political impact and influencing the candidates at a presidential election to talk about Libre Software, software patents, DRM, etc. How did we do that? What have we learned? Maybe for political action too, sharing is a way of just doing it better.

Tags:  libre freedom Software france chaos-communication-congress privacy-event software-patents  

Tags: privacy
Event: Chaos Communication Congress 24th (24C3) 2007
Abstract: A presentation of a few successful campaigns in France lead by libre software activists for defending freedom in a digital world: bringing awareness of the politicians about the dangers of the EUCD transposition and DRM, and their economical, social and political impact and influencing the candidates at a presidential election to talk about Libre Software, software patents, DRM, etc. How did we do that? What have we learned? Maybe for political action too, sharing is a way of just doing it better.

Tags:  libre freedom Software france chaos-communication-congress privacy-event software-patents  

Authors: Erik Josefsson Ricardo Cristof Remmert-Fontes
Tags: privacy
Event: Chaos Communication Congress 24th (24C3) 2007
Abstract: New EU legislation emphasises and in some cases creates new crimes of consumer infringement of intellectual property laws. Consumer Warnings about consumers' requirements to respect copyright could become mandatory; worse, such infringement cases could move from civil cases to criminal ones across the EU. But nowhere is there legislation either clarifying or defending consumers' rights under IP law, in our changing digital environment.

Tags:  infringement consumer legislation erik-josefsson ricardo-cristof chaos-communication-congress privacy-event infringement-cases  

Authors: Erik Josefsson Ricardo Cristof Remmert-Fontes
Tags: privacy
Event: Chaos Communication Congress 24th (24C3) 2007
Abstract: New EU legislation emphasises and in some cases creates new crimes of consumer infringement of intellectual property laws. Consumer Warnings about consumers' requirements to respect copyright could become mandatory; worse, such infringement cases could move from civil cases to criminal ones across the EU. But nowhere is there legislation either clarifying or defending consumers' rights under IP law, in our changing digital environment.

Tags:  chaos-communication-congress privacy-event infringement-cases  

Authors: Sandro Gaycken
Tags: privacy
Event: Chaos Communication Congress 25th (25C3) 2008
Abstract: In many social situations, people start to adjust their behaviour due to surveillance. Inspired by more and more cases of breaches of data protection regulations, an erosion of trust into these regulations and those who forfeit them can be seen. The consequences of this are grim. Either we abolish surveillance technologies or the idea of "informational self-determination".

Tags:  audio surveillance trust chaos-communication-congress privacy-event surveillance-technologies  

Authors: Juergen Pabel
Tags: cryptography privacy
Event: Chaos Communication Congress 25th (25C3) 2008
Abstract: This is not a hacking presentation, no vulnerabilities are presented. It's a crash-course in full-disk-encryption ("FDE") concepts, products and implementation aspects. An overview of both commercial and open-source offerings for Windows, Linux, and MacOSX is given. A (programmer's) look at the open-source solutions concludes the presentation.

Tags:  audio full presentation chaos-communication-congress open-source-solutions privacy-event  

Authors: Christian Heller
Tags: privacy
Event: Chaos Communication Congress 25th (25C3) 2008
Abstract: The breaking away of privacy in the digital world is often understood as something dangerous, and for good reasons. But could there be opportunities in it, too? Do the current cultural and technological trends only dissolve the protected area of privacy, or could they dissolve as well the pressures that privacy is supposed to liberate us from? What if we witness a transformation of civilization so profound that terms like "private" and "public" lose their meaning altogether? Maybe we won't need "privacy" at all in the future because we will value other, new liberties more strongly?

Tags:  audio embracing privacy christian-heller chaos-communication-congress privacy-event technological-trends  

Authors: Bernhard Fischer Daniel Haslinger
Tags: VPN Tor privacy
Event: Chaos Communication Congress 25th (25C3) 2008
Abstract: OnionCat manages to build a complete IP transparent VPN based on Tor's hidden services, provides a simple well-known interface and has the potential to create an anonymous global network which could evolve to a feature- and information-rich network like we know the plain Internet today.

Tags:  network onioncat vpn daniel-haslinger tor-based-anonymous bernhard-fischer tor chaos-communication-congress privacy-event  

Authors: Roger Dingledine
Tags: vulnerability Tor privacy
Event: Chaos Communication Congress 25th (25C3) 2008
Abstract: There have been a number of exciting bugs and design flaws in Tor over the years, with effects ranging from complete anonymity compromise to remote code execution. Some of them are our fault, and some are the fault of components (libraries, browsers, operating systems) that we trusted. Further, the academic research community has been coming up with increasingly esoteric – and increasingly effective! – attacks against all anonymity designs, including Tor.

Tags:  audio fault anonymity tor authors roger-dingledine chaos-communication-congress academic-research-community privacy-event  

Authors: Jan Torben
Tags: privacy
Event: Chaos Communication Congress 25th (25C3) 2008
Abstract: In the last years the static web has moved towards an interactive web – often referred to as the web2.0. People collaboratively write articles in online encyclopedias like Wikipedia or self-portray themselves with profiles in social networks like Myspace. Delicious allows people to tag their bookmarks and share them with friends. Twitter is a short status message service to tell friends what you're doing right now. The diversity of applications attracts a huge amount of users and the application can be used from any computer.

Tags:  audio web privacy jan-torben chaos-communication-congress online-encyclopedias privacy-event  

Authors: Christoph Brüning Kai Schubert
Tags: privacy
Event: Chaos Communication Congress 25th (25C3) 2008
Abstract: The lecture intends to give an overview of the Privacy Workshop project started in Siegen (NRW, Germany) and to animate listeners to participate in the project. Update 2008-12-30: we finally put the slides online, but there are still some cc-license tags that need to be fixed for the last pictures. The flickr-links are ok though, so please don't moan and stay tuned.

Tags:  workshop project privacy christoph-brning germany chaos-communication-congress privacy-event privacy-workshop  

Tags: privacy
Event: Chaos Communication Congress 25th (25C3) 2008
Abstract: La Quadrature du Net (Squaring the Net) is a citizen group informing about legislative projects menacing civil liberties as well as economic and social development in the digital age. Supported by international NGOs (EFF, OSI, ORG, Internautas, Netzwerk Freies Wissen, April, etc.), it aims at providing infrastructure for pan-European activism about such topics as network neutrality, privacy, "graduated response", etc.

Tags:  audio quadrature privacy chaos-communication-congress privacy-event international-ngos  

Tags: privacy
Event: Chaos Communication Camp 2011
Abstract: This talk will introduce the next phase of the OpenLeaks project. We will present a more detailed insight into the project and take you on a tour around the different OL subprojects. We will also announce the activities we are planning for this years camp. This talk will introduce the next phase of the OpenLeaks project. Where last years congress was still too early, we would like to take the chance to present a more detailed insight into the project and its technicalities, and take you on a tour around the different subprojects OL is comprised of. We will also announce the activities we are planning for this years camp, including some workshops and a special surprise.

Tags:  chaos-communication-camp privacy-event technicalities  

Authors: Daniel Domscheit-Berg
Tags: information operation privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: Due to popular demand, the talk will give an introduction to the OpenLeaks system and the idea behind it.

Tags:  video openleaks authors daniel-domscheit- chaos-communication-congress privacy-event information-operation  

Authors: Daniel Domscheit-Berg
Tags: information operation privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: Due to popular demand, the talk will give an introduction to the OpenLeaks system and the idea behind it.

Tags:  openleaks audio authors daniel-domscheit- chaos-communication-congress privacy-event information-operation  

Authors: Daniel Domscheit-Berg
Tags: privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: The talk will give an update on the status of the Icelandic Modern Media Initiative. If we put IMMI into the context of the bus Rop talked about in the keynote, then IMMI is the quality rubber for the tires that can ride that road safely. It is part of what our bus should look like, ride like, feel like. The talk will also try to define some more of that bus, and elaborate on what else we need apart from the best rubber we can get. The talk will hence deal with some of the latest developments in respect to freedom of speech, specifically that of the press, and political pressure being excersized on it, roles and responsibilities, and the role of responsibility. The talk will give an update on the status of the Icelandic Modern Media Initiative. If we put IMMI into the context of the bus Rop talked about in the keynote, then IMMI is the quality rubber for the tires that can ride that road safely. It is part of what our bus should look like, ride like, feel like. The talk will also try to define some more of that bus, and elaborate on what else we need apart from the best rubber we can get. The talk will hence deal with some of the latest developments in respect to freedom of speech, specifically that of the press, and political pressure being excersized on it, roles and responsibilities, and the role of responsibility.

Tags:  chaos-communication-congress privacy-event media-initiative  

Authors: Daniel Domscheit-Berg
Tags: privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: The talk will give an update on the status of the Icelandic Modern Media Initiative. If we put IMMI into the context of the bus Rop talked about in the keynote, then IMMI is the quality rubber for the tires that can ride that road safely. It is part of what our bus should look like, ride like, feel like. The talk will also try to define some more of that bus, and elaborate on what else we need apart from the best rubber we can get. The talk will hence deal with some of the latest developments in respect to freedom of speech, specifically that of the press, and political pressure being excersized on it, roles and responsibilities, and the role of responsibility. The talk will give an update on the status of the Icelandic Modern Media Initiative. If we put IMMI into the context of the bus Rop talked about in the keynote, then IMMI is the quality rubber for the tires that can ride that road safely. It is part of what our bus should look like, ride like, feel like. The talk will also try to define some more of that bus, and elaborate on what else we need apart from the best rubber we can get. The talk will hence deal with some of the latest developments in respect to freedom of speech, specifically that of the press, and political pressure being excersized on it, roles and responsibilities, and the role of responsibility.

Tags:  chaos-communication-congress privacy-event media-initiative  

Tags: privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: The objective of the session is to provide a critical overview of "privacy research" within computer science. The mechanisms proposed in the last ten year include mechanisms for anonymous communications, censorship resistance, selective disclosure credentials (and their integration in identity management systems), as well as privacy in databases. All of these system are meant to shield the user from different aspects of on-line surveillance either through allowing a user to keep some of her data "confidential" or by allowing her to assert "control" over her data. We will illustrate using concrete examples, why some paradigms came to dominate the field, their advantages, but also their blind spots, and unfulfilled promises given the conditions of our surveillance societies. Since 2000 there has been a renewed interest amongst computer scientists in the field of ”privacy technology”. This includes mechanisms for “anonymous” communications, censorship resistance, selective disclosure credentials, as well as privacy in databases - all of which are meant to shield the user from some aspects of on-line surveillance. Beyond the lab, some of those systems have been deployed and are widely used today. Yet, the type of surveillance against which privacy technologies are supposed to offer protection is often ill-defined, and widely varying between works: from an individual who wishes “to hide an occasional purchase from his spouse”, to “groups coordinating political dissent under totalitarian regimes”. While privacy is seen as the key unifying theme of these works only one aspect of it is systematically represented, namely ”confidentiality”. Privacy as self-definition, informational self-determination or as a public good that needs to be negotiated is often neglected. Further, the increasing omni-presence of surveillance technologies, the informatisation of every day life, as well as active resistance to on-line surveillance are used as justifying departure points for privacy technologies but they have so far not been explored in depth in the privacy research field. In this talk, we explore the development of contemporary privacy technologies, its key results and methodologies. At its heart our argument is that the field of privacy technology was seeded by computer security and cryptography experts that rushed to apply their tools to new problems, yielding mixed results. Additional pressures from different stakeholders to devise technology that will make large IT systems acceptable to the public has led to further confusion about the goals and methods most appropriate to embed privacy friendly values into computer systems. Further, the recent trend has been to replace the confidentiality paradigm with what can be called the "control" paradigm. Using concrete examples, we seek to explain why some paradigms came to dominate the field, their advantages, but also their blind spots, and unfulfilled promises.

Tags:  chaos-communication-congress selective-disclosure privacy-event  

Tags: privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: The objective of the session is to provide a critical overview of "privacy research" within computer science. The mechanisms proposed in the last ten year include mechanisms for anonymous communications, censorship resistance, selective disclosure credentials (and their integration in identity management systems), as well as privacy in databases. All of these system are meant to shield the user from different aspects of on-line surveillance either through allowing a user to keep some of her data "confidential" or by allowing her to assert "control" over her data. We will illustrate using concrete examples, why some paradigms came to dominate the field, their advantages, but also their blind spots, and unfulfilled promises given the conditions of our surveillance societies. Since 2000 there has been a renewed interest amongst computer scientists in the field of ”privacy technology”. This includes mechanisms for “anonymous” communications, censorship resistance, selective disclosure credentials, as well as privacy in databases - all of which are meant to shield the user from some aspects of on-line surveillance. Beyond the lab, some of those systems have been deployed and are widely used today. Yet, the type of surveillance against which privacy technologies are supposed to offer protection is often ill-defined, and widely varying between works: from an individual who wishes “to hide an occasional purchase from his spouse”, to “groups coordinating political dissent under totalitarian regimes”. While privacy is seen as the key unifying theme of these works only one aspect of it is systematically represented, namely ”confidentiality”. Privacy as self-definition, informational self-determination or as a public good that needs to be negotiated is often neglected. Further, the increasing omni-presence of surveillance technologies, the informatisation of every day life, as well as active resistance to on-line surveillance are used as justifying departure points for privacy technologies but they have so far not been explored in depth in the privacy research field. In this talk, we explore the development of contemporary privacy technologies, its key results and methodologies. At its heart our argument is that the field of privacy technology was seeded by computer security and cryptography experts that rushed to apply their tools to new problems, yielding mixed results. Additional pressures from different stakeholders to devise technology that will make large IT systems acceptable to the public has led to further confusion about the goals and methods most appropriate to embed privacy friendly values into computer systems. Further, the recent trend has been to replace the confidentiality paradigm with what can be called the "control" paradigm. Using concrete examples, we seek to explain why some paradigms came to dominate the field, their advantages, but also their blind spots, and unfulfilled promises.

Tags:  chaos-communication-congress selective-disclosure privacy-event  

Tags: privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: The objective of the session is to provide a critical overview of "privacy research" within computer science. The mechanisms proposed in the last ten year include mechanisms for anonymous communications, censorship resistance, selective disclosure credentials (and their integration in identity management systems), as well as privacy in databases. All of these system are meant to shield the user from different aspects of on-line surveillance either through allowing a user to keep some of her data "confidential" or by allowing her to assert "control" over her data. We will illustrate using concrete examples, why some paradigms came to dominate the field, their advantages, but also their blind spots, and unfulfilled promises given the conditions of our surveillance societies. Since 2000 there has been a renewed interest amongst computer scientists in the field of ”privacy technology”. This includes mechanisms for “anonymous” communications, censorship resistance, selective disclosure credentials, as well as privacy in databases - all of which are meant to shield the user from some aspects of on-line surveillance. Beyond the lab, some of those systems have been deployed and are widely used today. Yet, the type of surveillance against which privacy technologies are supposed to offer protection is often ill-defined, and widely varying between works: from an individual who wishes “to hide an occasional purchase from his spouse”, to “groups coordinating political dissent under totalitarian regimes”. While privacy is seen as the key unifying theme of these works only one aspect of it is systematically represented, namely ”confidentiality”. Privacy as self-definition, informational self-determination or as a public good that needs to be negotiated is often neglected. Further, the increasing omni-presence of surveillance technologies, the informatisation of every day life, as well as active resistance to on-line surveillance are used as justifying departure points for privacy technologies but they have so far not been explored in depth in the privacy research field. In this talk, we explore the development of contemporary privacy technologies, its key results and methodologies. At its heart our argument is that the field of privacy technology was seeded by computer security and cryptography experts that rushed to apply their tools to new problems, yielding mixed results. Additional pressures from different stakeholders to devise technology that will make large IT systems acceptable to the public has led to further confusion about the goals and methods most appropriate to embed privacy friendly values into computer systems. Further, the recent trend has been to replace the confidentiality paradigm with what can be called the "control" paradigm. Using concrete examples, we seek to explain why some paradigms came to dominate the field, their advantages, but also their blind spots, and unfulfilled promises.

Tags:  eld privacy surveillance chaos-communication-congress selective-disclosure privacy-event  

Authors: Dominik Herrmann
Tags: web application profiling privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: This talk will provide a summary of recently discovered methods which allow to break the Internet's privacy and anonymity. We will show, amongst others: ways of distinguishing bots from humans. We use this technique to provide crawlers with false data or lure them into tar pits. Other than CAPTCHAs we introduce methods that profile the holistic behaviour within a single web session to distinguish users or bots within a longer timeframe based on subtle charactistics in most bots' implementations. breaking filtering of JavaScript in web-based proxies. While next to all web proxies advertise the capability of filtering JavaScript, the ubiqity of XSS and CSRF attacks have proven that correct filtering of arbitrary HTML is extremly difficult. track and re-identifying users based upon their web-profile. We show how a third-party observer (e. g. proxy server or DNS server) can create a long-term profile of roaming web users using only statistical patterns mined from their web traffic. These patterns are used to track users by linking multiple surfing sessions. Our attack does not rely on cookies or other unique identifiers, but exploits chatacteristic patterns of frequently accessed hosts. We demonstrate that such statistical attacks are practicable and we will also look into basic defense strategies. traffic analysis and fingerprinting attacks on users of anonymizing networks. Even if anonymizeres like Tor are used, a local adversary can measure the volume of transfered data and timing characteristics to e. g. determine the retrieved websites. We will shortly sketch the current state of the art in traffic analysis, which has been improved significantly within the last year

Tags:  privacy web traffic dominik-herrmann tor chaos-communication-congress web-proxies privacy-event  

Authors: Dominik Herrmann
Tags: web application profiling privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: This talk will provide a summary of recently discovered methods which allow to break the Internet's privacy and anonymity. We will show, amongst others: ways of distinguishing bots from humans. We use this technique to provide crawlers with false data or lure them into tar pits. Other than CAPTCHAs we introduce methods that profile the holistic behaviour within a single web session to distinguish users or bots within a longer timeframe based on subtle charactistics in most bots' implementations. breaking filtering of JavaScript in web-based proxies. While next to all web proxies advertise the capability of filtering JavaScript, the ubiqity of XSS and CSRF attacks have proven that correct filtering of arbitrary HTML is extremly difficult. track and re-identifying users based upon their web-profile. We show how a third-party observer (e. g. proxy server or DNS server) can create a long-term profile of roaming web users using only statistical patterns mined from their web traffic. These patterns are used to track users by linking multiple surfing sessions. Our attack does not rely on cookies or other unique identifiers, but exploits chatacteristic patterns of frequently accessed hosts. We demonstrate that such statistical attacks are practicable and we will also look into basic defense strategies. traffic analysis and fingerprinting attacks on users of anonymizing networks. Even if anonymizeres like Tor are used, a local adversary can measure the volume of transfered data and timing characteristics to e. g. determine the retrieved websites. We will shortly sketch the current state of the art in traffic analysis, which has been improved significantly within the last year

Tags:  privacy web traffic dominik-herrmann tor chaos-communication-congress web-proxies privacy-event  

Authors: Brenno De Winter
Tags: privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: Meet the Netherlands: a nation filled with techno-optimists protecting our freedom by puting in place restrictions on what you can do, reducing our privacy and have technology as a solution for anything and everything. When you make a trip we store your details for two years, your airplane meal selection from two years earlier is good data to test with and when migrating the government website we keep the old website running in an unmaintained state. If you have nothing to hide nothing can go wrong and there is nothing you can do. Well not quite. What would happen if you play the system? If you would take the train and hack the card? What if you were to pick up the resistance you face and use it in your advantage. No matter what the costs would carry on? If you would take some data and show the failures? Not just once but a full month long and call that month Leaktober. What if you would publicly call the failures with our personal data? Ultimately you make a difference. You change the law, you changes the rules of the game and you really can raise the question if storing all that data is really needed. Ultimately people really start to doubt if this is the right way to go. This is a strategic and tactical story on how you can regain some privacy and data protection. Even though for a journalist this should be normal work, thanks to some people these things become very personal. It ends in criminal prosecution, legal threats, insults, a successful counter hack and ultimately a lot of benefits. But standing up for a cause does work as long as you focus on the stories you want to bring. My story is about hacking the system from the inside, overcoming fear and showing bureaucrats that hackers are people too. The talk is a lessons learnt how a few people can change a nation with hacker beliefs if they really want to. A guideline on how to make a difference by hacking the system you want to change. Where you can even make huge mistakes, but with some luck you can win a world. How you can make your critical voice be heard. Zillions of lessons learnt.

Tags:  nothing privacy system winter-tags the-netherlands chaos-communication-congress privacy-event overcoming-fear  

Authors: Brenno De Winter
Tags: privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: Meet the Netherlands: a nation filled with techno-optimists protecting our freedom by puting in place restrictions on what you can do, reducing our privacy and have technology as a solution for anything and everything. When you make a trip we store your details for two years, your airplane meal selection from two years earlier is good data to test with and when migrating the government website we keep the old website running in an unmaintained state. If you have nothing to hide nothing can go wrong and there is nothing you can do. Well not quite. What would happen if you play the system? If you would take the train and hack the card? What if you were to pick up the resistance you face and use it in your advantage. No matter what the costs would carry on? If you would take some data and show the failures? Not just once but a full month long and call that month Leaktober. What if you would publicly call the failures with our personal data? Ultimately you make a difference. You change the law, you changes the rules of the game and you really can raise the question if storing all that data is really needed. Ultimately people really start to doubt if this is the right way to go. This is a strategic and tactical story on how you can regain some privacy and data protection. Even though for a journalist this should be normal work, thanks to some people these things become very personal. It ends in criminal prosecution, legal threats, insults, a successful counter hack and ultimately a lot of benefits. But standing up for a cause does work as long as you focus on the stories you want to bring. My story is about hacking the system from the inside, overcoming fear and showing bureaucrats that hackers are people too. The talk is a lessons learnt how a few people can change a nation with hacker beliefs if they really want to. A guideline on how to make a difference by hacking the system you want to change. Where you can even make huge mistakes, but with some luck you can win a world. How you can make your critical voice be heard. Zillions of lessons learnt.

Tags:  nothing privacy system winter-tags the-netherlands chaos-communication-congress privacy-event overcoming-fear  

Tags: law privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: The idea of Dining Cryptographers-Networks (DC) offers a much better anonymity compared to MIX-Networks: Defined anonymity sets, no need to trust in a central service, no possible attack for data retention. In this talk you will learn about DC-Networks, advanced key generation methods (resulting in a DC+-Network) and a library to make DC-Networks available to your programs.

Tags:  chaos-communication-congress privacy-event dc-network  

Tags: law privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: The idea of Dining Cryptographers-Networks (DC) offers a much better anonymity compared to MIX-Networks: Defined anonymity sets, no need to trust in a central service, no possible attack for data retention. In this talk you will learn about DC-Networks, advanced key generation methods (resulting in a DC+-Network) and a library to make DC-Networks available to your programs.

Tags:  chaos-communication-congress privacy-event dc-network  

Tags: privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: This talk is about: Information freedom and the issues for the citizens RWB ressources: a “human network” RWB needs: Get involved! ** Freedom of information and citizen issues Why defend media freedom, journalists and bloggers? Because without a free press, no cause can make its voice heard, no human rights violation can be reported. Specific examples of information vital to the public (links below): - the tainted baby formula scandal in China exposed by the netizen Zhao Lianhai, who was arrested as a result - Organized crime denounced by netizens, some of whom have been killed. Rascatripas, the moderator of the Nuevo Laredo en Vivo website, murdered on 9 November 2011 - RWB sees how the media and methods of spreading news and information are evolving, and is adapting to the changes - RWB helps all kinds of “information producers” including professional journalists and bloggers and takes positions on the problems specific to new media WikiLeaks hounded - Capacity building and e-advocacy: RWB provides bloggers, cyber-dissidents and journalists with the means to continue reporting and circulating information. Provision of censorship circumvention tools (including VPN) and online security training, circulation of viral campaigns, awareness campaigns, information about online risks. ** RWB’s resources: a “human network” A human network: 150 correspondents worldwide + informal contacts Strong lobbying capacity (European Parliament and Washington) A legal committee Handbook for Bloggers and Handbook for Journalists during Elections Training (in Thailand, in Paris in February, in China and elsewhere in the future) Virtual Shelter project: Creation of electronic safe and website for hosting censored content ** RWB’s needs: Get involved! Need for people whose technical skills can help us to evaluate a country’s Internet, by carrying out tests to determine the filters used, the presence of Deep Packet Inspection and so on. Need for technicians who can tell us about the safety of the various communications methods used. Which governments monitor Skype, IRC, BBM, and Google Talk? Which email service or VoIP to use? Need for the help of experts in viral marketing, search engine marketing and information monitoring. Need for contacts in companies that cooperate with Internet censorship (or former employees) Need for the help of jurists in different countries to analyze the growing number of laws that regulate the Internet

Tags:  chaos-communication-congress citizen-issues privacy-event  

Tags: privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: This talk is about: Information freedom and the issues for the citizens RWB ressources: a “human network” RWB needs: Get involved! ** Freedom of information and citizen issues Why defend media freedom, journalists and bloggers? Because without a free press, no cause can make its voice heard, no human rights violation can be reported. Specific examples of information vital to the public (links below): - the tainted baby formula scandal in China exposed by the netizen Zhao Lianhai, who was arrested as a result - Organized crime denounced by netizens, some of whom have been killed. Rascatripas, the moderator of the Nuevo Laredo en Vivo website, murdered on 9 November 2011 - RWB sees how the media and methods of spreading news and information are evolving, and is adapting to the changes - RWB helps all kinds of “information producers” including professional journalists and bloggers and takes positions on the problems specific to new media WikiLeaks hounded - Capacity building and e-advocacy: RWB provides bloggers, cyber-dissidents and journalists with the means to continue reporting and circulating information. Provision of censorship circumvention tools (including VPN) and online security training, circulation of viral campaigns, awareness campaigns, information about online risks. ** RWB’s resources: a “human network” A human network: 150 correspondents worldwide + informal contacts Strong lobbying capacity (European Parliament and Washington) A legal committee Handbook for Bloggers and Handbook for Journalists during Elections Training (in Thailand, in Paris in February, in China and elsewhere in the future) Virtual Shelter project: Creation of electronic safe and website for hosting censored content ** RWB’s needs: Get involved! Need for people whose technical skills can help us to evaluate a country’s Internet, by carrying out tests to determine the filters used, the presence of Deep Packet Inspection and so on. Need for technicians who can tell us about the safety of the various communications methods used. Which governments monitor Skype, IRC, BBM, and Google Talk? Which email service or VoIP to use? Need for the help of experts in viral marketing, search engine marketing and information monitoring. Need for contacts in companies that cooperate with Internet censorship (or former employees) Need for the help of jurists in different countries to analyze the growing number of laws that regulate the Internet

Tags:  chaos-communication-congress citizen-issues privacy-event  

Authors: Conrad Lee
Tags: privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: A practical discussion of how potentially revolutionary, yet ethically questionable data---such as that from facebook---is currently being handled in academia. With every day that passes, the users of social media websites are providing scientists with ever-richer, larger datasets on human behavior. At the same time, machine-learning techniques allow us to exploit this data to accurately predict who these users are and how they will behave in the future. I begin this talk by outlining the need for public datasets containing rich information on individuals and their social relations. I then show how in practice, distribution and use of such datasets by academics is awkward and confused. I conclude with some consideration of how "enhancing" datasets by, for example, inferring missing or hidden data using machine learning classifiers, creates yet another ethical grey-zone.

Tags:  science invasion privacy conrad-lee-tags chaos-communication-congress public-datasets privacy-event  

Tags: privacy
Event: Chaos Communication Congress 28th (28C3) 2011
Abstract: We are members of Alternatif Bilişim Derneği (Alternative Informatics Association)**, one of many organizations that oppose the ongoing efforts for state-controlled Internet in Turkey. We see that the problems with media control in Turkey and in Europe are increasingly becoming part of a global problem. The governments are working on their own view of a 'secure' Internet, and we have to articulate and suggest an alternative. In our talk we want to give an account of our anti-censorship movement and the challenges we face in Turkey. We will first provide an overview of the political events; sanctions, censorship regulations and attempts of resistance in the country. Then, we will point out the main problems we face in making use of laws and technology against state control. We would also like to use our presentation as an opportunity to meet people at the CCC with similar affinities and to learn from their experience. We see a great need to create global networks and communities to articulate an alternative message; the Internet as the peoples’ media. Ali Rıza Keleş* arkeles@alternatifbilisim.org Ayşe Kaymak aysakaymak@gmail.com Işık Barış Fidaner fidaner@gmail.com Seda Gürses sguerses@esat.kuleuven.be We are members of Alternatif Bilişim Derneği (Alternative Informatics Association)**, one of many organizations that oppose the ongoing efforts for state-controlled Internet in Turkey. We see that the problems with media control in Turkey and in Europe are increasingly becoming part of a global problem. The governments are working on their own view of a 'secure' Internet, and we have to articulate and suggest an alternative. In our talk we want to give an account of our anti-censorship movement and the challenges we face in Turkey. We will first provide an overview of the political events; sanctions, censorship regulations and attempts of resistance in the country. Then, we will point out the main problems we face in making use of laws and technology against state control. We would also like to use our presentation as an opportunity to meet people at the CCC with similar affinities and to learn from their experience. We see a great need to create global networks and communities to articulate an alternative message; the Internet as the peoples’ media. A short history Despite its growing economy, democracy and fundamental rights have always been disputed in Turkey, where the shadow of the 1980 coup and still unresolved Kurdish problem is strongly felt, with the state persistently denying Kurdish citizens’ rights and repressing real political opposition to canalize the people’s consent to the authorized ‘official’ parties in the parliament. The coup in 1980 was mainly used to implement liberal policies, and this process is near completion: most state enterprises have been privatized in the last decade, including Türk Telekom, the phone company and the single ISP that owns the ADSL infrastructure in Turkey. In the same decade, the Internet use became widespread. Yet, the increasing popularity of the Internet has been accompanied by attempts to control it through criminal sanctions. Until 2007, tens of thousands of websites had been blocked by courts as ‘precaution’, including sites like Wordpress and YouTube. After the Law 5651 in 2007, even more websites were censored directly by government administration. As a response to this law, Sansüre Karşı Platform (Platform Against Censorship) was organized. In the first anti-censorship rally in 17 July 2010, nearly 3000 people participated, including Internet youth, political parties, trade unions, etc. Not long after the events in Tunisia and Egypt; the state institution for telecommunication, Bilgi Teknolojileri ve İletişim Kurumu (BTK) made a decision to force ISPs to provide unpaid Internet filters under the headings 'children', 'family' etc. This move created an enormous reaction, the culmination of which led to a nationwide Internet freedom rally in 15 May 2011 that took place in tens of cities. Alone in Istanbul 60 thousand people marched against the imposed censorship measures. What followed was a smearing campaign by controlled media (including state TV) against the protesters, and a pseudo-governance meeting with NGOs by BTK. After the general elections in June, the war with PKK escalated, suppressing the BTK decision out of media attention. Currently, DNS or IP blocking is used mostly for 'obscene' and in some cases for political websites. National security has always functioned as an excuse for the Turkish state to introduce exceptions to a rule or to make the exception the rule itself. An example is 'Ulusal Kripto Yönetmeliği' (National Crypto By-law) that was put in order in 2010. This by-law necessitates ‘official authorization’ for any encrypted communication by any citizen, and also requires the citizens to give away their encryption mechanisms and private keys to BTK for ‘storage’. In conclusion, we have reasons to believe that the government is currently developing infrastructure to utilize methods like deep packet inspection (DPI) as weapons in a 'cyberwar', possibly against its own people. These methods will include monitoring and labeling of Internet users as well as blocking communication. We made use of our 'right to information' to inquire about the plans for employing DPI, but were ‘informed’ that this is 'beyond the limits our right to information'. Problems in using laws & technology against state control The greatest problems with respect to guaranteeing fundamental rights in technology deployment and use currently are with how laws are made and how they are enforced. The lawmaking process is exclusionist, only including a few NGOs that can better be called QUANGOs (quasi-autonomous non-governmental organizations). There are several political parties and trade unions, but even their peaceful protests are occasionally declared ‘unauthorized’ and considered illegal. People in general do not trust the judiciary system, but are simply unorganized and do not believe in their power. The regime bases its legitimacy on ideology and not on lawful justice. Türk Telekom (TT), privatized in 2005, monopolizes the ADSL infrastructure, making Internet services expensive and prone to state control. In 2007, a workers' strike in TT had triggered debates on this monopoly being protected by the government. The company also acts as a service provider in several domains, creating questions about net neutrality. Another problem is with the limitation of how people can relate to technology. Computers, cellphones and other gadgets are aggressively marketed and widely used throughout the country, but the marketed forms of use mostly remain superficial, e.g., these gadgets are depicted as entertainment or as status symbols. We argue that the hegemony of these consumerist cultural connotations do hamper diverse uses of these products for a variety of motivations. A small community of Linux promoters have emerged around universities. These groups could promote alternative approaches to technology. However, under the usual political fears, they only articulate their positions professionally. Their statements usually target Microsoft or other big proprietary software companies. This position is compatible with the officially accepted national pride and national security positions in Turkey, and hence is limited to politics of technology only (see Pardus project). Leftist and Kurdish political organizations are in a position to benefit most from digital communication technologies. However, they still lack the capacity and enthusiasm to use it effectively. Alternative political media initiatives online exist, but they are mostly limited to standard uses and their technical quality reflect the lack of developers in the political community. In Turkey, engineering education is praised and supported by families. Families make up for the lack of a financially strong social system. The society in general also praises technical knowledge. However, a strong barrier separates the 'educated people' who are supposed to know it, from 'regular people' who are only supposed to consume it. Under economic pressure and feeling indebted to their families, most white collar workers dedicate themselves to their work in private companies. There is some space in some universities for shared work and creativity, but such spaces are getting smaller as most universities are being turned into technical schools. Ali Rıza Keleş, Işık Barış Fidaner are software developers, Ayşe Kaymak is a lawyer from Istanbul. Seda Gürses is an Internet researcher from Brussels. ** Alternatif Bilişim is a social network that includes users, developers and researchers of digital technologies, studying and practicing alternative uses of technology. Ultimately, our objective is to diminish the alienation of people to technical knowledge.

Tags:  chaos-communication-congress censorship-regulations privacy-event  

Authors: Lasse Øverlier Paul Syverson
Tags: Tor privacy
Event: Black Hat Federal 2006

Tags:  server authors network paul-syverson tor-anonymity hide tor seek privacy-event black-hat  

Authors: Amanda Hubbard Bryan Cunningham
Tags: law privacy
Event: Black Hat EU 2006

Tags:  law separated privacy amanda-hubbard-bryan-cunningham information-security-and-privacy privacy-event privacy-law  

Authors: Sarah Gordon
Tags: privacy
Event: Black Hat USA 2004

Tags:  authors privacy event sarah-gordon-tags usa privacy-event sarah-gordon black-hat  

Authors: Roger Dingledine
Tags: VPN privacy
Event: Black Hat USA 2004

Tags:  authors vpn tags roger-dingledine usa privacy-event dingledine black-hat  

Authors: Len Sassaman
Tags: forensic privacy
Event: Black Hat USA 2002

Tags:  dead authors forensic len-sassaman usa privacy-event sassaman black-hat  

Authors: Roger Dingledine
Tags: privacy
Event: Black Hat USA 2002

Tags:  authors hard anonymity roger-dingledine usa privacy-event dingledine black-hat  

Authors: Adam Shostack
Tags: privacy
Event: Black Hat EU 2003

Tags:  adam-shostack privacy-event black-hat  

Authors: Len Sassaman
Tags: privacy
Event: Black Hat EU 2003

Tags:  privacy useful designing len-sassaman privacy-event sassaman black-hat  

Authors: Simple Nomad
Tags: privacy
Event: Black Hat USA 2003

Tags:  authors covering tracks usa privacy-event black-hat slides  

Authors: Len Sassaman Roger Dingledine
Tags: Tor privacy
Event: Black Hat USA 2003

Tags:  practice authors anonymity len-sassaman roger-dingledine tor usa privacy-event sassaman dingledine  

Authors: Len Sassaman Roger Dingledine
Tags: Tor privacy
Event: Black Hat USA 2003

Tags:  theory authors anonymity len-sassaman roger-dingledine tor usa privacy-event sassaman dingledine  

Authors: Len Sassaman
Tags: privacy
Event: Black Hat USA 2007

Tags:  discontents anonymity paper len-sassaman usa privacy-event sassaman black-hat  

Authors: Andrew Lindell
Tags: privacy
Event: Black Hat USA 2007

Tags:  privacy anonymous paper andrew-lindell usa anonymous-authentication privacy-event black-hat  

Authors: Andrew Lindell
Tags: privacy
Event: Black Hat USA 2007

Tags:  authentication privacy anonymous andrew-lindell usa anonymous-authentication privacy-event black-hat  

Authors: Adrian Crenshaw
Tags: privacy
Event: Black Hat DC 2011
Abstract: This paper will present research into services hosted internally on the I2P anonymity network, especially I2P hosted websites known as eepSites, and how the true identity of the Internet host providing the service may be identified via information leaks on the application layer. By knowing the identity of the Internet host providing the service, the anonymity set of the person or group that administrates the service can be greatly reduced. The core aim of this paper will be to test the anonymity provided by I2P for hosting eepSites, focusing primarily on the application layer and mistakes administrators and developers may make that could expose a service provider’s identity or reduce the anonymity set they are part of. We will show attacks based on the intersection of I2P users hosting eepSites on public IPs with virtual hosting, the use of common web application vulnerabilities to reveal the IP of an eepSite, as well as general information that can be collected concerning the nodes participating in the I2P anonymity network.

Tags:  anonymity service identity information-leaks core-aim privacy-event  

Authors: Andrew Case
Tags: Tor privacy
Event: Black Hat DC 2011
Abstract: Traditional digital forensics encompasses the examination of data from an offline or “dead” source such as a disk image. Since the filesystem is intact on these images, a number of forensics techniques are available for analysis such as file and metadata examination, timelining, deleted file recovery, indexing, and searching. Live CDs present a large problem for this forensics model though as they run solely in RAM and do not interact with the local disk. This removes the ability to perform an orderly examination since the filesystem is no longer readily available and putting random pages of data into context can be very difficult for in-depth investigations. In order to solve this problem, we present a number of techniques that allow for complete recovery of a live CD’s in-memory filesystem and partial recovery of its previously deleted contents. We also present memory analysis of the popular Tor application as it is used by a number of live CDs in an attempt to keep network communications encrypted and anonymous.

Tags:  filesystem analysis examination andrew-case tor privacy-event memory-analysis physical-memory  

Authors: Andrew Case
Tags: Tor privacy
Event: Black Hat DC 2011
Abstract: Traditional digital forensics encompasses the examination of data from an offline or “dead” source such as a disk image. Since the filesystem is intact on these images, a number of forensics techniques are available for analysis such as file and metadata examination, timelining, deleted file recovery, indexing, and searching. Live CDs present a large problem for this forensics model though as they run solely in RAM and do not interact with the local disk. This removes the ability to perform an orderly examination since the filesystem is no longer readily available and putting random pages of data into context can be very difficult for in-depth investigations. In order to solve this problem, we present a number of techniques that allow for complete recovery of a live CD’s in-memory filesystem and partial recovery of its previously deleted contents. We also present memory analysis of the popular Tor application as it is used by a number of live CDs in an attempt to keep network communications encrypted and anonymous.

Tags:  filesystem analysis examination andrew-case tor privacy-event memory-analysis physical-memory  

Tags: privacy
Event: DEFCON 18

Tags:  video meet privacy privacy-event cyber-war deterrence  

Tags: privacy
Event: DEFCON 18

Tags:  audio meet privacy privacy-event cyber-war deterrence  

Tags: privacy
Event: DEFCON 18

Tags:  eff video meet privacy-event  

Tags: privacy
Event: DEFCON 18

Tags:  eff audio meet privacy-event  

Authors: Christopher Soghoian
Tags: privacy
Event: DEFCON 18

Tags:  audio isp government christopher-soghoian privacy-event best-friends  

Authors: Eric Rachner Jim Rennie
Tags: law privacy
Event: DEFCON 18

Tags:  video search seizure jim-rennie eric-rachner privacy-event video-search  

Authors: Kevin Bankston Nicole Ozer
Tags: privacy
Event: DEFCON 18

Tags:  video big brother kevin-bankston nicole-ozer video-big-brother privacy-event ozer  

Authors: Kevin Bankston Nicole Ozer
Tags: privacy
Event: DEFCON 18

Tags:  audio big brother kevin-bankston nicole-ozer privacy-event ozer fact-fiction  

Authors: Sho Ho
Tags: privacy
Event: DEFCON 18

Tags:  video foe feed privacy-event  

Authors: Marcia Hofmann
Tags: privacy
Event: DEFCON 18

Tags:  audio file fbi marcia-hofmann privacy-event hofmann  

Authors: Marcia Hofmann
Tags: privacy
Event: DEFCON 18

Tags:  video file fbi marcia-hofmann privacy-event hofmann  

Authors: Sho Ho
Tags: privacy
Event: DEFCON 18

Tags:  foe feed Release privacy-event slides  

Authors: Peter Eckersley
Tags: fingerprinting browser privacy
Event: DEFCON 18

Tags:  audio unique browser peter-eckersley privacy-event eckersley  

Authors: Peter Eckersley
Tags: fingerprinting browser privacy
Event: DEFCON 18

Tags:  video unique browser peter-eckersley privacy-event eckersley  

Authors: Peter Eckersley
Tags: fingerprinting browser privacy
Event: DEFCON 18

Tags:  authors unique browser peter-eckersley privacy-event eckersley slides  

Tags: network sniffer privacy
Event: DEFCON 18

Tags:  internet video exploiting internet-surveillance-systems privacy-event  

Tags: network sniffer privacy
Event: DEFCON 18

Tags:  internet audio exploiting internet-surveillance-systems privacy-event  

Tags: network sniffer privacy
Event: DEFCON 18

Tags:  surveillance internet exploiting internet-surveillance-systems privacy-event slides  

Authors: Greg Conti
Tags: privacy
Event: DEFCON 18

Tags:  authors instrumented sensors greg-conti privacy-event  

Authors: Greg Conti
Tags: privacy
Event: DEFCON 18

Tags:  audio instrumented sensors greg-conti privacy-event  

Authors: Greg Conti
Tags: privacy
Event: DEFCON 18

Tags:  video instrumented sensors greg-conti privacy-event  

Authors: Chema Alonso Jose Palazon
Tags: network privacy
Event: DEFCON 18

Tags:  video authors foca alonso-jose-palazon privacy-event network-privacy  

Authors: Chema Alonso Jose Palazon
Tags: network privacy
Event: DEFCON 18

Tags:  audio authors foca alonso-jose-palazon privacy-event network-privacy  

Authors: Tracy Ann Kosa
Tags: security privacy
Event: SecTor 2010

Tags:  video security privacy tracy-ann-kosa privacy-event security-authors kosa  

Authors: Tracy Ann Kosa
Tags: security privacy
Event: SecTor 2010

Tags:  keynote security privacy tracy-ann-kosa privacy-event security-authors kosa  

Tags: privacy
Event: LayerOne 2006

Tags:  video tags anonymos privacy-event  

Tags: privacy
Event: LayerOne 2006

Tags:  slides tags anonymos privacy-event  

Authors: Jacob Appelbaum
Tags: Tor privacy
Event: Confidence 2010 Krakow

Tags:  audio privacy anonymity jacob-appelbaum tor krakow anonymity-privacy privacy-event  

Authors: Jacob Appelbaum
Tags: Tor privacy
Event: Confidence 2010 Krakow

Tags:  video privacy anonymity jacob-appelbaum tor krakow anonymity-privacy privacy-event  

Authors: Xinwen Fu
Tags: vulnerability Tor privacy
Event: Black Hat DC 2009

Tags:  video break cell tor privacy-event black-hat anonymity  

Authors: Xinwen Fu
Tags: vulnerability Tor privacy
Event: Black Hat DC 2009

Tags:  break anonymity cell tor privacy-event black-hat  

Authors: Xinwen Fu
Tags: vulnerability Tor privacy
Event: Black Hat DC 2009

Tags:  audio break cell tor privacy-event black-hat anonymity  

Authors: Jeroen van Beek
Tags: privacy
Event: Black Hat USA 2008

Tags:  audio authors reloaded usa privacy-event epassports van-beek  

Authors: Jeroen van Beek
Tags: privacy
Event: Black Hat USA 2008

Tags:  authors reloaded jeroen usa privacy-event van-beek black-hat  

Authors: Jeroen van Beek
Tags: privacy
Event: Black Hat USA 2008

Tags:  video authors reloaded usa privacy-event epassports van-beek  

Authors: Tadayoshi Kohno Kevin Fu
Tags: privacy
Event: Black Hat USA 2008

Tags:  audio new privacy kevin-fu usa privacy-event black-hat implantable  

Authors: Tadayoshi Kohno Kevin Fu
Tags: privacy
Event: Black Hat USA 2008

Tags:  video new privacy privacy-event black-hat implantable  

Authors: Moxie Marlinspike
Tags: privacy
Event: Black Hat EU 2010
Abstract: We won the war for strong cryptography, anonymous darknets exist in the wild today, and decentralized communication networks have emerged to become reality. These strategies for communicating online were conceived of in anticipation of a dystopian future, but somehow these original efforts have fallen short of delivering us from the most pernicious threats to privacy that we're now facing. Rather than a centralized state-based database of all our communication and movements, modern threats to privacy have become something much more subtle, and perhaps all the more sinister. This talk will explore these evolving trends and discuss some interesting solutions in the works.

Tags:  video privacy communication privacy-event google interesting-solutions  

Authors: Jacob Appelbaum
Tags: Tor privacy
Event: Source Conference Boston 2010

Tags:  circumvention privacy anonymity jacob-appelbaum tor boston anonymity-privacy privacy-event  

Tags: privacy
Event: DEFCON 17

Tags:  video meet feds privacy-event  

Tags: privacy
Event: DEFCON 17

Tags:  audio meet feds privacy-event  

Tags: privacy
Event: DEFCON 17

Tags:  privacy-event civil-liberties  

Tags: privacy
Event: DEFCON 17

Tags:  privacy-event civil-liberties  

Authors: Tyler Pitchford
Tags: law privacy
Event: DEFCON 17

Tags:  audio search seizure tyler privacy-event search-and-seizure audio-search  

Authors: Tyler Pitchford
Tags: law privacy
Event: DEFCON 17

Tags:  explained search seizure tyler privacy-event search-and-seizure pitchford  

Authors: Tyler Pitchford
Tags: law privacy
Event: DEFCON 17

Tags:  video search seizure tyler privacy-event search-and-seizure pitchford  

Tags: privacy
Event: DEFCON 17

Tags:  video foe feeding using-proxy-servers privacy-event  

Tags: privacy
Event: DEFCON 17

Tags:  foe controversial feeding using-proxy-servers privacy-event  

Tags: privacy
Event: DEFCON 17

Tags:  audio foe feeding using-proxy-servers privacy-event  

Authors: Gregory Fleischer
Tags: Tor privacy
Event: DEFCON 17

Tags:  video attacking application tor gregory-fleischer privacy-event application-layer fleischer  

Authors: Gregory Fleischer
Tags: Tor privacy
Event: DEFCON 17

Tags:  attacking application layer tor gregory-fleischer privacy-event application-layer fleischer  

Authors: Gregory Fleischer
Tags: Tor privacy
Event: DEFCON 17

Tags:  attacking audio application tor gregory-fleischer privacy-event application-layer fleischer  

Authors: Dan Kaminsky Tiffany Rad
Tags: DNS privacy
Event: DEFCON 17

Tags:  video hostname name tiffany-rad dan-kaminsky privacy-event tiffany  

Authors: Dan Kaminsky Tiffany Rad
Tags: DNS privacy
Event: DEFCON 17

Tags:  audio hostname name tiffany-rad dan-kaminsky privacy-event tiffany  

Authors: Roger Dingledine
Tags: Tor privacy
Event: DEFCON 17

Tags:  video authors slow roger-dingledine tor privacy-event dingledine  

Authors: Roger Dingledine
Tags: Tor privacy
Event: DEFCON 17

Tags:  authors slow paper roger-dingledine tor privacy-event dingledine  

Authors: Roger Dingledine
Tags: Tor privacy
Event: DEFCON 17

Tags:  audio authors slow roger-dingledine tor privacy-event dingledine  

Tags: privacy
Event: DEFCON 17

Tags:  personal audio def con privacy-event personal-account  

Tags: privacy
Event: DEFCON 17

Tags:  personal video def con privacy-event personal-account  

Tags: privacy
Event: DEFCON 17

Tags:  use unfair video privacy-event speculations piracy  

Authors: Sherri Davidoff
Tags: privacy
Event: DEFCON 17

Tags:  audio anonymous death sherri-davidoff privacy-event travel-authors  

Authors: Sherri Davidoff
Tags: privacy
Event: DEFCON 17

Tags:  video anonymous death sherri-davidoff privacy-event travel-authors video-death  

Tags: privacy
Event: DEFCON 17

Tags:  use unfair audio privacy-event speculations piracy  

Authors: Robert 'Rsnake' Hansen Joshua 'Jabra' Abraham
Tags: web tracing privacy
Event: DEFCON 17

Tags:  video authors unmasking abraham-tags joshua robert privacy-event jabra hansen  

Authors: Robert 'Rsnake' Hansen Joshua 'Jabra' Abraham
Tags: web tracing privacy
Event: DEFCON 17

Tags:  audio authors unmasking abraham-tags joshua robert privacy-event jabra  

Authors: Robert 'Rsnake' Hansen Joshua 'Jabra' Abraham
Tags: web tracing privacy
Event: DEFCON 17

Tags:  rsnake authors unmasking abraham-tags joshua robert privacy-event jabra hansen  

Authors: Jacob Appelbaum
Tags: Tor privacy
Event: Confidence 2009 Krakow

Tags:  video keynote authors jacob-appelbaum tor-network tor krakow privacy-event  

Authors: Jacob Appelbaum
Tags: Tor privacy
Event: Confidence 2009 Krakow

Tags:  keynote audio authors jacob-appelbaum tor-network tor krakow privacy-event  

Tags: privacy
Event: Chaos Communication Congress 26th (26C3) 2009
Abstract: This will be a stream of the Fnord-Jahresrückblick 2009, as it will be too crowded in Saal 1. We try to get a translation, but there is no guarantee yet, so a German version might be possible, too.

Tags:  video jahresrckblick stream chaos-communication-congress privacy-event fnord  

Authors: Mike Brennan
Tags: authorship privacy
Event: Chaos Communication Congress 26th (26C3) 2009
Abstract: Authorship recognition based on linguistics (known as Stylometry) has contributed to literary and historical breakthroughs. These successes have led to the use of these techniques in criminal investigations and prosecutions. Stylometry, however, can also be used to infringe upon the privacy of individuals who wish to publish documents anonymously. Our research demonstrates how various types of attacks can reduce the effectiveness of stylometric techniques down to the level of random guessing and worse. These results are made more significant by the fact that the experimental subjects were unfamiliar with stylometric techniques, without specialized knowledge in linguistics, and spent little time on the attacks. This talk will also examine the ways in which authorship recognition can be used to thwart privacy and anonymity and how these attacks can be used to mitigate this threat. It will also cover our current progress in establishing a large corpus of writing samples and attack data and the creation of a tool which can aid authors in preserving their privacy when publishing anonymously. This research was originally motivated by the idea of using stylometry, which is the study of authorship recognition based on linguistic style, to increase security. Could stylometry be used as an aid for verifying the identity of a user? The first step was to see how stylometry held up against adversarial attacks. We developed two attacks and found that they were devastatingly effective against various methods of stylometry. This turned our goal for the research from looking at how stylometry could increase security by verifying an identity to how attacking stylometry can increase security by helping anonymous authors maintain their privacy and protect their identity. This research presents a framework for adversarial attacks including obfuscation attacks, where a subject attempts to hide their identity and imitation attacks, where a subject attempts to frame another subject by imitating their writing style. The major contribution of this research is that it demonstrates that both attacks work very well. The obfuscation attack reduces the effectiveness of the techniques to the level of random guessing and the imitation attack succeeds with 68-91% probability depending on the stylometric technique used. This research also provides another significant contribution to the field in using human subjects to empirically validate the claim of high accuracy for current techniques (without attacks) by reproducing results for three representative stylometric methods. The talk examines the threat that stylometry can pose to anonymity, and what can be done about it. Advice is offered on how to obfuscate your writing style based on what was learned from the subjects in this study. The talk will also discuss current work to create a tool that helps authors hide their writing style. This tool will use a large corpus of existing writing and attack passages in multiple languages along with a variety of stylometric techniques based on different features and machine learning methods. A call for help is also put out to the listeners and readers of this research to participate in the creation of this corpus in multiple languages so the tool can be helpful to as many authors as possible.

Tags:  research stylometry privacy mike-brennan chaos-communication-congress privacy-event  

Authors: Roger Dingledine
Tags: Tor privacy
Event: Chaos Communication Congress 26th (26C3) 2009
Abstract: Tor was originally designed as a civil liberties tool for people in the West. But if governments can block connections *to* the Tor network, who cares that it provides great anonymity? A few years ago we started adapting Tor to be more robust in countries like China. We streamlined its network communications to look more like ordinary SSL, and we introduced "bridge relays" that are harder for an attacker to find and block than Tor's public relays. In the aftermath of the Iranian elections in June, and then the late September blockings in China, we've learned a lot about how circumvention tools work in reality for activists in tough situations. I'll give an overview of the Tor architecture, and summarize the variety of people who use it and what security it provides. Then we'll focus on the use of tools like Tor in countries like Iran and China: why anonymity is important for circumvention, why transparency in design and operation is critical for trust, the role of popular media in helping – and harming – the effectiveness of the tools, and tradeoffs between usability and security. After describing Tor's strategy for secure circumvention (what we thought would work), I'll talk about how the arms race actually seems to be going in practice.

Tags:  network anonymity circumvention roger-dingledine tor china iran chaos-communication-congress privacy-event iranian-elections  

Authors: Roger Dingledine
Tags: Tor privacy
Event: Chaos Communication Congress 26th (26C3) 2009
Abstract: Tor was originally designed as a civil liberties tool for people in the West. But if governments can block connections *to* the Tor network, who cares that it provides great anonymity? A few years ago we started adapting Tor to be more robust in countries like China. We streamlined its network communications to look more like ordinary SSL, and we introduced "bridge relays" that are harder for an attacker to find and block than Tor's public relays. In the aftermath of the Iranian elections in June, and then the late September blockings in China, we've learned a lot about how circumvention tools work in reality for activists in tough situations. I'll give an overview of the Tor architecture, and summarize the variety of people who use it and what security it provides. Then we'll focus on the use of tools like Tor in countries like Iran and China: why anonymity is important for circumvention, why transparency in design and operation is critical for trust, the role of popular media in helping – and harming – the effectiveness of the tools, and tradeoffs between usability and security. After describing Tor's strategy for secure circumvention (what we thought would work), I'll talk about how the arms race actually seems to be going in practice.

Tags:  network anonymity circumvention roger-dingledine tor china iran chaos-communication-congress privacy-event iranian-elections  

Tags: privacy
Event: Chaos Communication Congress 26th (26C3) 2009

Tags:  wikileaks video Release chaos-communication-congress privacy-event release-1  

Authors: Linton Wells
Tags: information operation privacy
Event: DEFCON 14

Tags:  video unclassified information wells privacy-event linton-wells information-operation  

Authors: Linton Wells
Tags: information operation privacy
Event: DEFCON 14

Tags:  audio unclassified information wells privacy-event linton-wells information-operation  

Tags: cryptography privacy
Event: DEFCON 14

Tags:  video plausible deniability privacy-event plausible-deniability  

Tags: cryptography privacy
Event: DEFCON 14

Tags:  audio plausible deniability privacy-event plausible-deniability