IFF 2018 - Fireofx & Tor Improving Web Privacy

Transcript

1. Firefox & Tor Improving Web Privacy March 7, 2018 Internet

   Freedom Festival @ Valencia, Spain Ethan Tseng

2. Modern Browsers & Private Browsing The concept behind these modes

   is that the browsers will not store any temporary files, cookies, or history once the browser session is closed. Caveat: They cannot protect you from being tracked!

3. Top 3 Misconceptions about Private Browsing Source: https://duckduckgo.com/download/Private_Browsing.pdf • 41.0%:

   “Prevents websites from tracking me.” • 39.1%: “Prevents ads from tracking me. • 35.7%: “Prevents search engines from knowing my searches.”

4. Tor Project & Tor Browser

5. What is Tor? Like ‘Mozilla’, ‘Tor’ means many things. •

   A legal non-profit organization • A community • A networks of servers • Multiple pieces of software • Most of which includes ‘Tor’ in the name

6. How Tor Browser Protects Your Privacy and Identity Online Credit:

   https://www.youtube.com/watch?v=JWII85UlzKw

7. What is Tor Browser? Tor Browser = • Firefox +

   Patches • The Tor Proxy • Preference Changes • Permanent Private Browsing Mode • First Party Isolation • Anti-fingerprinting Features • Add-ons • Security Slider • HTTPS Everywhere • NoScript

8. Reasons to Use Tor • Hide your gift shopping from

   your spouse • Avoid advertisement tracking • Avoid the search bubble • Research topics without tracking • Bypass campus website blocking • Run an anonymous Facebook page • Avoid government censorship
9. None
10. None

11. Who Uses Tor • Journalists and their audience • Law

    enforcement officers • Activists & whistleblowers • Business executives • Bloggers • Militaries • IT professionals • Anyone who cares about privacy

12. Mozilla & Tor

13. Principle #4 of The Mozilla Manifesto “Individuals’ security and privacy

    on the Internet are fundamental and must not be treated as optional.”

14. “To advance human rights and freedoms by creating and deploying

    free and open anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.”

15. Mozilla & Tor Collaboration • Problems to Solve • Privacy

    threat on the Web • Individual privacy has been increasingly leaked on the Web without users’ awareness • Lack of protection • People do not have easy-to-use tools to protect their privacy • Mission alignment • Mozilla and Tor Project have the same vision • Solution • Bring the cutting-edge privacy defenses of Tor technology to Firefox • Value Propositions • Improve privacy on the Web • Effective tools for users to protect their privacy

16. Anti-tracking Protection Technology

17. “The ability for a user's activity on one site to

    be linked with their activity on another site without their knowledge or explicit consent.” - The design and Implementation of The Tor Browser What is Tracking?

18. Why Websites Want to Track Users? • To provide more

    convenient services on their websites • To deliver precise ads to users • To figure out your personal interests • To build highly detailed profiles of every person online • To shape public opinion and manipulate elections • To suppress dissenting views and censor embarrassing information

19. Tracking as Privacy Threats

20. Problem: Cross-Domain Tracking • First Party: news.com • Third Parties:

    • Facebook • Twitter • Google (ads from double-click) • Third Parties Know: • Who are • Exactly what webpage you visited, and when
21. None
22. None

23. Problem: Cross-Domain Tracking (Third Party Cookie Tracking)

24. Solution: First Party Isolation

25. Problem: Browser Fingerprinting An Increasing New Threat to Privacy •

    User fingerprinting is identifying a user from a combination of device attributes rather a direct identifier like a cookie.

26. Statistics on Fingerprinting Source: https://browser-fingerprint.cs.fau.de/

27. Problem: Fingerprinting Unique Fingerprints

28. Solution: Anti-fingerprinting Identical Fingerprints

29. Realistic Anti-fingerprinting N Fingerprints

30. Strategy for Fingerprinting Defenses Create an Anonymity Group Using Anti-fingerprinting

    Technology

31. Try Your Browser Fingerprinting https://panopticlick.eff.org/

32. How Does Anti-Fingerprinting Work Disable Value Spoofing Site Permissions Feature

    or Functionality Removal

33. Engage the Defenses in Firefox 1. Enter “about:config" in the

    URL bar 2. Change the values of the preferences • privacy.firstparty.isolate = true • privacy.resistFingerprinting = true

34. Fusion

35. Project Fusion • Firefox USIing ONions • Replicate ~Tor Browser

    functionality in Firefox

36. Value Proposition Facts: • People use Private Browsing • 40%

    of people use Private Browsing • 20% of people use Private Browsing weekly • And expect it to do more than it does Misconception: • 41%: “Prevents websites from tracking me.” • 40%: “Prevents ads from tracking me.” • 36%: “Prevents search engines from knowing my searches.” • 25%: “Protects my identity from websites.” • 25%: “Prevents IP from being seen.” • 25%: “Prevents from location from being known.” Source: https://duckduckgo.com/download/Private_Browsing.pdf

37. Value Proposition Source: https://duckduckgo.com/download/Private_Browsing.pdf

38. Value Proposition Source: https://duckduckgo.com/download/Private_Browsing.pdf

39. Value Proposition • No other browser: • Does First Party

    Isolation • Prevents fingerprinting-based tracking • Or even can do it in any configuration

40. The Plan of Fusion • We are aiming for feature

    parity with Tor Browser • We hope to expose the feature sets as a new type of Private Browsing mode • We think we could make it available as an on-demand download option if the user wants to try/use it • We are working with Tor to investigate any way to improve the privacy on the entire Web

41. Communication Channels • Project Wikis • https://wiki.mozilla.org/Security/Fusion • https://wiki.mozilla.org/Security/Tor_Uplift •

    https://wiki.mozilla.org/Security/Fingerprinting • Bugzilla: https://bugzilla.mozilla.org/ • Mailing list: [email protected]

42. Mozilla and Tor Project are collaborating to protect your privacy

    and build a more secure Web.