Upgrade to Pro — share decks privately, control downloads, hide ads and more …

MSCC 2017 Jinformatique

MSCC 2017 Jinformatique

Talk I gave during MSCC Developers Conference 2017 Mauritius



April 01, 2017


  1. Is mass surveillance an issue? 1. Mass surveillance vs target

    surveillance 2. Open Source vs FLOSS 3. Email 4. HTTPS 5. SSH Keys 6. Cloud vs Self Hosting MSCC 2017 https://jinformatique.ovh/
  2. 1. Mass surveillance vs target surveillance If you don’t own

    your device, someone else is. OS participating in mass surveillance: • Apple (MacOS, iOS) • Windows (Win7,8,10, WP) • Android Own your OS: • Linux Distros / BSD / SlackWare • LineageOS (without GAPPS) or AOSP ROMS based
  3. Snowden’s revealed that data centralization makes mass surveillance economically possible

  4. None
  5. XKeyscore stores "full-take data", which are indexed by plug-ins that

    extract certain types of metadata (like phone numbers, e-mail addresses, log-ins, and user activity) and index them in metadata tables, which can be queried by analysts. Content data remain on the system for only 3-5 days, while metadata is stored for up to 30 days. "At some sites, the amount of data we receive per day (20+ terabytes) can only be stored for as little as 24 hours."
  6. None
  7. « mass surveillance creates a prison in the mind that

    is a much more subtle though much more effective means of fostering compliance with social norms or with social orthodoxy, much more effective than brute force could ever be » Glenn Greenwald « Why privacy matters » TED Talk, Oct. 2014
  8. When under surveillance, people tend to self-censor

  9. None
  10. 2. Open Source vs FLOSS The differences between Open Source

    and Free/Libre and Open Source Software
  11. Definition and the Four Freedoms 0 : Run the program

    for any purpose. 1 : Study how the program works, and change it to make it do what you wish. 2 : Redistribute and make copies so you can help your neighbor. 3 : Improve the program, and release your improvements (and modified versions in general) to the public, so that the whole community benefits.
  12. 3. Email Packet STARTTLS can be intercepted and dropped by

    Cisco routers
  13. Email with OpenPGP / GPG • Managing your keys pair

    is difficult • Key compromised => no forward secrecy Mailpile is an email client simplifying the encryption
  14. Instant Messaging apps with E2E Signal • FOSS Client/Server •

    Mobile num for login • iOS / Android • https://signal.org Wire • Client Open Source • Login/passwd • Smartphone, Desktop, Web • https://wire.com
  15. 4. HTTPS with Letsencrypt HTTP possible to replace content dynamically

    with Javascript injection • by malware • by ISP • by antivirus Letsencrypt : a "centralized" service to get a TLS certificate Configure your server to get A+ with SSL Labs and PFS (perfect forward secrecy) Forward secrecy protects past sessions against future compromises of secret keys or passwords.
  16. 5. SSH Keys Generating New More Secure SSH Keys ssh-keygen

    -t ed25519 -f id_ed25519 -o -a 500 ssh-keygen -t rsa -b 4096 -o -a 500 https://stribika.github.io/2015/01/04/secure- secure-shell.html http://blog.patshead.com/2013/09/generating-new- more-secure-ssh-keys.html
  17. 6. Cloud vs Self Hosting

  18. There is no cloud. Just someone else’s computer

  19. In « the Cloud »: 1 - data is centralized

    2 - no freedom for users 3 - no room for free software F G A A
  20. None
  21. Rebuilding a {new|Gnu} decentralized Internet instead of a centralized Internet

    owned by a handfull of corporations
  22. Personal Cloud solutions NextCloud CozyCloud Sandstorm Cloudron

  23. PRISM BREAK ⚡ Opt out of global data surveillance programs

    like PRISM, XKeyscore and Tempora. Help make mass surveillance of entire populations uneconomical! We all have a right to privacy, which you can exercise today by encrypting your communications and ending your reliance on proprietary services. https://prism-break.org/
  24. Redecentralize.org A collection of interesting new networks and tech aiming

    at decentralisation (in some form) https://redecentralize.github.io/alternative-internet/
  25. De-google-ify Internet An initiative of the Framasoft network for a

    Free, Decentralized, Ethical Internet built on Solidarity https://degooglisons-internet.org/
  26. Merci / Thank you! Questions ?