Tips, techniques, and tools for protecting your online privacy & security. Pulled together from Mozilla, EFF, Wired, and Consumer Reports resources. First presented at Tulsa Library.
“Threat-model” • What do you want to protect? • From whom do you want to protect it? • How likely is it that you need to protect it? • How bad are the consequences of failure? • How much trouble are you willing to go thru to prevent those?
When you think about your online data, who are you most worried about gaining unauthorized access? https://qsurvey.mozilla.com/r/28049_5bca403f6bbd32.31628179
Average Consumer Profile • You want to protect Consumer PII: Bank Accounts, Passwords, Browsing History, Health Data, Search History, Location, etc. • You want to protect it from: hackers, bad websites, data brokers, and social networks • You are NOT a special target for any attackers • Total Identity Theft is your worst- case consequence • Risk Profile ~= Average Consumer
Can your device … ? • Do your online banking? (Personal & work) • See & use all your email? (Personal & work) • Use email to reset passwords? • Show all your photos & videos? • Show your home address and map searches? • Show all your contacts? • Do 2-Factor Authentication?
Average Consumer Protections • Install your updates • Train to beware of phishing • Lock your screens • Use HTTPS • Use Tracking Protection • Mind permissions • Use strong passwords (Password Manager) • Use 2-factor auth
Public Figure Profile • You need extra protection: Browsing & Search History, Online & Offline activity, location, etc. • You ARE a special target for some adversaries • Online harassment is a real risk for you, maybe offline “real-life” harassment or even detainment
Public Figure Profile • Privacy Screen • Cover webcams • Passcodes, not biometrics • Encrypt Disks • End-to-end Encrypted Messaging • Encrypted Email • Be careful on WiFi • Don’t use your real email address
IP, DNS, & HTTP threats • Hackers-in-the-middle • ISPs snooping on customers’ online activity • Governments censoring sites • Corporations scanning web logs for their competitors’ IP addresses • Criminal sites scanning web logs for law enforcement IP address
IP, DNS, & HTTP threats • Hackers-in-the-middle • ISPs snooping on customers’ online activity • Governments censoring sites • Corporations scanning web logs for their competitors’ IP addresses • Criminal sites scanning web logs for law enforcement IP address
Tor protection from DNS + HTTP internet threats • Hackers-in-the-middle • ISPs snooping on customers’ online activity • Governments censoring sites • Corporations scanning web logs for their competitors’ IP addresses • Criminal sites scanning web logs for law enforcement IP address
• What do you want to protect? • Emails? Messages? Files? • From whom do you want to protect it? • Boss? Government? Hackers? • How likely is it that you need to protect it? • E.g., unlikely: mobile phone carrier publishing your data online • How bad are the consequences of failure? • Risk ~= how likely * how bad Threat-modeling: Your Risk Profile
Changes in Risk Profiles • Graduating? • New job? (e.g., Journalist, Police Officer, Lawyer) • Moving to a new country? • Changes in company policies or laws?