Digital Privacy: Protecting Yourself and Your Family

Transcript

1. Email: [email protected] Twitter: @divineintel Wickr: divineintel Phone: nope Skype: nope

2. Digital Privacy Protecting Yourself and Your Family Now You See

   Me Now You Don’t

3. Planned Topics About Tazz Why This Talk What Did I

   Agree to? Terms of Satan’s Slavery Service (ToS) STOP THAT! (You’re Internetting the Wrong Way) What Can I Do Now? Summary Questions

4. About Tazz Field Software (Breaker/Fixer) Engineer System Administrator of Chaos

   IA Hoodlum Compliance Sorceress Information Security Cat Herder Security Architect - Queen of No! IoC Monkey SOC Analyst - Excel Monkey Dashboard Stalker Threat Researcher - Splunk Slave Fire Fighter Fire Starter Alternative Facts Interpreter

5. Why This Talk

6. Why This Talk? Ignorance is Dangerous & Stupidity is Contagious

7. Your Life: is just this easy…. UserID Hobbies Official Data

   Social Media Photos Job/Family
8. None
9. None
10. None
11. None

12. Why This Talk (cont) • site:facebook.com "my husband returns" (Iraq|IQ|Afghanistan|Afg|Korea|deployment|overseas)

    • 3,350 RESULTS

13. Why This Talk (cont) • site:facebook.com "my brother" (SEAL|S.E.A.L|Special Forces|Green

    Beret) • 173,000 RESULTS Most of these are talking about retired folks right???

14. Why This Talk (cont) • site:facebook.com "my brother" (SEAL|S.E.A.L|Special Forces|Green

    Beret) -Retired • 140,000 RESULTS

15. Why This Talk (cont) • Because the bad guys will

    say “IDGAF” • Because Open Source Intelligence (OSINT) • …is something pedophiles do • …is something stalkers do • …has How To books (in multiple languages) • …is free • …is easy • …only requires you to have bad OPSEC once to pay off for the bad guys

16. OSINT is NOT… • …Open Source INTernet • …The Dark

    Web • …Conducted with a Magic Button • …Something that requires expensive tools • …Something only the Gov’t does
17. None

18. What Did I Agree to? Terms of Satan’s Slavery Service

    (ToS)

19. Example Terms of (Service) Use [1/4] • https://help.$Site.com/legal/termsofuse?locale=en&docType=termsofuse • https://help.$Site.com/legal/privacy?locale=en&docType=privacy

20. Example Terms of (Service) Use [2/4] • Passwords & Account

    Access: The Account Owner's control is exercised through use of the Account Owner's password and therefore to maintain exclusive control, the Account Owner should not reveal the password to anyone. In addition, if the Account Owner wishes to prohibit others from contacting Netflix Customer Service and potentially altering the Account Owner's control, the Account Owner should not reveal the Payment Method details (e.g., last four digits of their credit or debit card, or their email address if they use PayPal) associated with their account.

21. Example Terms of (Service) Use [3/4]

22. Example Terms of (Service) Use [4/4]

23. Who might your data be shared with? • 828 Institutional

    Holders of Netflix • Health Insurance Companies • Life Insurance Companies • Retirement Association/Funds • Mortgage Firms • Banks • Investment Firms • Foreign Investors - Asian, European, Middle Eastern • “Sketchy” Named Companies “Blackrock $Something”

24. What does your data say about you? • How much

    TV do you watch? = healthy lifestyle? • What are you watching? = aggressive? funny? depressing? • Where are you? = hostile locations? vacations? • What does your browser logs and cookies say about you? • Voice Authentication • Speech patterns • Travel habits/locations/frequency • Operating systems & patch versions • Device types = does everyone over 8 have a cell phone? $$$$

25. STOP THAT!

26. Bad Behavior [1/2] • The F word (s)....Feelings & Facebook

    (social media) • Giving all your legit info (BUT BUT REWARDS!!) • Documenting your children's every moment to the world • Checking in...for everything...even sleeping • Security….setting it and forgetting it • Getting all your mail at home

27. Bad Behavior [2/2] • Open groups / Group Memberships •

    Pictures: Everything Everywhere • Define Friend • Obituaries listing the entire family tree by name (& rank) • Event Programs (CoC, Retirement, Awards etc) • Lazy / Federated Authentication • Passwords in Browser [KeePass / LastPass]

28. ERMAGAHD! What do I do Now? Not to freak you

    out….but this is going to hurt a little

29. Cleaning It Up - Supplies Inventory • PO Box or

    USPS Street Address for PO Box • Disposable Phone ~ $15 + min (Google Voice for advanced users) • GotFreeFax.com, FaxZero.com, MyFax.com, eFax.com • Disposable Email [email protected] • Cleared Temp Internet Files • Clean browser (Mozilla preferred) - uninstall/reinstall • Privacy Tools • Browser Plugins (ad blockers)

30. Cleaning It Up - Information Gathering • Loyalty Programs -

    Stop giving out your real info • People/Phone/Address Search Sites • Social Media Sites • Consumer Tracking Databases • Credit Reports • Personal Reports

31. Cleaning It Up - Prepared Forms • All should be

    in physical copy and digital, Word & PDF • Identity Verification Forms (notarized) • OptOut Forms (Basic, Advanced) • Redacted Photo ID • Utility Bill - current address • Consumer Database Record Request Forms

32. Cleaning It Up - OPSEC Level Minimum • OpenDNS Home

    Internet Security • Software • Antivirus (VipreAntivirus.com) - Paid • ClamAV - Free • All Patches and Updates Installed • MalwareBytes • CCleaner install • FireFox -> Privacy: Tracking=No & History=Never Remember • FireFox Extensions: Ghostery & UBlock Origins (or AdBlock+) • Umatrix is by far the most detailed and granular, but only advanced users should try this one • ProtonMail.com (STOP FEEDING THE G-GOD YOUR DATA)

33. Cleaning It Up - OPSEC Level Moderate • Minimum +

    the Following • Browser Add-ons • Umatrix / Ublock Origin • Blur • OPT OUTS - DO NOT DO THESE IN YOUR CLEAN BROWSER • Clean it when you’re done • google.com/ads/preferences • choice.microsoft.com/en-us/opt-out

34. Cleaning It Up - OPSEC Level Advanced • Tor Browser

    • Tails Bootable USB/CD • Virtual Machine (VirtualBox VMWare Player) • VPN (Tiger VPN: mobile, tablet, laptop, desktop, Windows, MAC) • If you get a visionary account at ProtonMail check out their VPN as well • VPS: Digitalocean

35. FAMILY OPSEC / Virtual Machines Use OPSEC Software Browser Daily

    Use - Surfing Basic Games, Entertainment DuckDuckGo or FF+Ghostery Work - Official Business Basic+ Office Productivity Only FireFox +Ghostery +UMatrix DuckDuckGo Daily Privacy - Email / Shopping/ Social Media Mod Cloud Docs/Office Mod Security Configs FireFox +UMatrix + NoScript/Ghostery OR DuckDuckGo Investigate (snapshot restore) Adv PenTesting Tools Adv Security Configs FireFox +Ghostery, UMatrix, +OSINT Add-ons Tor Total Privacy (snapshot restore) Adv Tails Tor

36. Email: [email protected] Twitter: @divineintel Wickr: divineintel Phone: nope Skype: nope