Digital Security & Privacy. What is anonymity and why does it matter?

Transcript

1. Digital Security & Privacy What is anonymity and why does

   it matter? Arturo Filastò - WFP@Rome, 15th October 2019

2. Who am I? • 10+ years working in security, privacy

   & software development • Involved since early 2000s in the Italian hacker scene • Volunteering with the Tor Project since 2010 • One the creators of the GlobaLeaks whistleblowing platform in 2011 • Founded the Hermes Center for Digital Human Rights in 2012 and served as vice-president • Created OONI, the Open Observatory of Network Interference in 2012 and still working on this
3. None

4. Digital security 101 • It’s a process • One size

   doesn’t fit all • There will always be some tradeoffs
5. None

6. Threat Model • What do you have to keep private

   (Assets)? • Who has interest in compromising you and what can they do (Adversary Capabilities)? • What happens if you are compromised (Impact)?

7. Alice Bob Let’s meet in Piazza del Popolo at 11:00!

8. Alice Bob Let’s meet in Piazza del Popolo at 11:00!

   Eve

9. Alice Bob Let’s meet in Piazza del Popolo at 11:00!

   Eve

10. Alice Bob Let’s meet in Piazza del Popolo at 11:00!

    Eve

11. Alice Bob Eve Let’s meet in Piazza del Popolo at

    11:00! Encryption is about protecting the content of the communication

12. Alice Bob Eve Let’s meet in Piazza del Popolo at

    11:00!

13. Alice Bob Eve Let’s meet in Piazza del Popolo at

    11:00! love, Alice Authentication is about understanding who is who

14. https://myshadow.org/resources

15. • Data in motion is a means of communicating with

    other people or network devices • Data at rest is a means of communicating with yourself over time

16. “We kill people based on metadata” - Gen. Micheal Hayden

    Former head of the NSA
17. None

18. Evaluating tools • Is it open source or is it

    proprietary? • Does it have a threat model? • What is the business model of the company which owns the service? • What are the terms of service?

19. Privacy by design vs Privacy by policy

20. Alice Bob Eve Don’t tell anyone we are friends! Anonymity

21. Alice Bob Eve

22. Tor is private by design! • Public design document and

    specifications • Open Source free software • The network is run by volunteers • Attacks have been published and fixed • You don’t have to trust us!

23. Onion Services • It’s like Tor, but for services •

    Self authenticated • End-to-end encrypted
24. None
25. None
26. None

27. What next? Try out these apps! https://torproject.org Learn more! https://securityinabox.org

    https://ssd.eff.org Contact me arturo@filasto.net @hellais