Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Digital Privacy: Protecting Yourself and Your F...

Tazz
March 22, 2017

Digital Privacy: Protecting Yourself and Your Family

Everything is free/cheap as long as you don't mind having all your personal information, habits, behaviors etc. tracked, monitored, & sold. Do you really know what's being collected about you? Do you have any idea what that meta data says and who's getting it? This talk will help you identify "bad behaviors" and present some options for having safer digital habits that promote better privacy.

Tazz

March 22, 2017
Tweet

More Decks by Tazz

Other Decks in Technology

Transcript

  1. Planned Topics About Tazz Why This Talk What Did I

    Agree to? Terms of Satan’s Slavery Service (ToS) STOP THAT! (You’re Internetting the Wrong Way) What Can I Do Now? Summary Questions
  2. About Tazz Field Software (Breaker/Fixer) Engineer System Administrator of Chaos

    IA Hoodlum Compliance Sorceress Information Security Cat Herder Security Architect - Queen of No! IoC Monkey SOC Analyst - Excel Monkey Dashboard Stalker Threat Researcher - Splunk Slave Fire Fighter Fire Starter Alternative Facts Interpreter
  3. Why This Talk (cont) • site:facebook.com "my brother" (SEAL|S.E.A.L|Special Forces|Green

    Beret) • 173,000 RESULTS Most of these are talking about retired folks right???
  4. Why This Talk (cont) • Because the bad guys will

    say “IDGAF” • Because Open Source Intelligence (OSINT) • …is something pedophiles do • …is something stalkers do • …has How To books (in multiple languages) • …is free • …is easy • …only requires you to have bad OPSEC once to pay off for the bad guys
  5. OSINT is NOT… • …Open Source INTernet • …The Dark

    Web • …Conducted with a Magic Button • …Something that requires expensive tools • …Something only the Gov’t does
  6. Example Terms of (Service) Use [2/4] • Passwords & Account

    Access: The Account Owner's control is exercised through use of the Account Owner's password and therefore to maintain exclusive control, the Account Owner should not reveal the password to anyone. In addition, if the Account Owner wishes to prohibit others from contacting Netflix Customer Service and potentially altering the Account Owner's control, the Account Owner should not reveal the Payment Method details (e.g., last four digits of their credit or debit card, or their email address if they use PayPal) associated with their account.
  7. Who might your data be shared with? • 828 Institutional

    Holders of Netflix • Health Insurance Companies • Life Insurance Companies • Retirement Association/Funds • Mortgage Firms • Banks • Investment Firms • Foreign Investors - Asian, European, Middle Eastern • “Sketchy” Named Companies “Blackrock $Something”
  8. What does your data say about you? • How much

    TV do you watch? = healthy lifestyle? • What are you watching? = aggressive? funny? depressing? • Where are you? = hostile locations? vacations? • What does your browser logs and cookies say about you? • Voice Authentication • Speech patterns • Travel habits/locations/frequency • Operating systems & patch versions • Device types = does everyone over 8 have a cell phone? $$$$
  9. Bad Behavior [1/2] • The F word (s)....Feelings & Facebook

    (social media) • Giving all your legit info (BUT BUT REWARDS!!) • Documenting your children's every moment to the world • Checking in...for everything...even sleeping • Security….setting it and forgetting it • Getting all your mail at home
  10. Bad Behavior [2/2] • Open groups / Group Memberships •

    Pictures: Everything Everywhere • Define Friend • Obituaries listing the entire family tree by name (& rank) • Event Programs (CoC, Retirement, Awards etc) • Lazy / Federated Authentication • Passwords in Browser [KeePass / LastPass]
  11. ERMAGAHD! What do I do Now? Not to freak you

    out….but this is going to hurt a little
  12. Cleaning It Up - Supplies Inventory • PO Box or

    USPS Street Address for PO Box • Disposable Phone ~ $15 + min (Google Voice for advanced users) • GotFreeFax.com, FaxZero.com, MyFax.com, eFax.com • Disposable Email [email protected] • Cleared Temp Internet Files • Clean browser (Mozilla preferred) - uninstall/reinstall • Privacy Tools • Browser Plugins (ad blockers)
  13. Cleaning It Up - Information Gathering • Loyalty Programs -

    Stop giving out your real info • People/Phone/Address Search Sites • Social Media Sites • Consumer Tracking Databases • Credit Reports • Personal Reports
  14. Cleaning It Up - Prepared Forms • All should be

    in physical copy and digital, Word & PDF • Identity Verification Forms (notarized) • OptOut Forms (Basic, Advanced) • Redacted Photo ID • Utility Bill - current address • Consumer Database Record Request Forms
  15. Cleaning It Up - OPSEC Level Minimum • OpenDNS Home

    Internet Security • Software • Antivirus (VipreAntivirus.com) - Paid • ClamAV - Free • All Patches and Updates Installed • MalwareBytes • CCleaner install • FireFox -> Privacy: Tracking=No & History=Never Remember • FireFox Extensions: Ghostery & UBlock Origins (or AdBlock+) • Umatrix is by far the most detailed and granular, but only advanced users should try this one • ProtonMail.com (STOP FEEDING THE G-GOD YOUR DATA)
  16. Cleaning It Up - OPSEC Level Moderate • Minimum +

    the Following • Browser Add-ons • Umatrix / Ublock Origin • Blur • OPT OUTS - DO NOT DO THESE IN YOUR CLEAN BROWSER • Clean it when you’re done • google.com/ads/preferences • choice.microsoft.com/en-us/opt-out
  17. Cleaning It Up - OPSEC Level Advanced • Tor Browser

    • Tails Bootable USB/CD • Virtual Machine (VirtualBox VMWare Player) • VPN (Tiger VPN: mobile, tablet, laptop, desktop, Windows, MAC) • If you get a visionary account at ProtonMail check out their VPN as well • VPS: Digitalocean
  18. FAMILY OPSEC / Virtual Machines Use OPSEC Software Browser Daily

    Use - Surfing Basic Games, Entertainment DuckDuckGo or FF+Ghostery Work - Official Business Basic+ Office Productivity Only FireFox +Ghostery +UMatrix DuckDuckGo Daily Privacy - Email / Shopping/ Social Media Mod Cloud Docs/Office Mod Security Configs FireFox +UMatrix + NoScript/Ghostery OR DuckDuckGo Investigate (snapshot restore) Adv PenTesting Tools Adv Security Configs FireFox +Ghostery, UMatrix, +OSINT Add-ons Tor Total Privacy (snapshot restore) Adv Tails Tor