Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Anonymization

Tools for preserving anonymity and privacy
by

Peter Fekete

on 25 June 2016

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Anonymization

Anonymization
"If privacy is outlawed, only outlaws will have privacy. "
Phil Zimmermann

Agenda:
human behavior
devices
tools/services

assess what type of privacy you need
remove your information from public databases
keep your social public profile transparent to avoid over-sharing (false feeling of privacy)
change online habits (don't give up personal info)
create alternative aliases/ID's
use anonymous payment systems
use disposable/fake phone number and secure voice chat
acquire & use separate business address for deliveries
use separate/ disposable emails
(one special for pass recovery that is never used for communication)
shred your trash (use eraser on devices)
learn to use encryption tools & services
use stronger & better passwords
keep everything up2date

What type of
ANONYMITY
you need?
stop your ISP (or Work or School) from monitoring you
buy something anonymously with a credit card
visit blocked/censored websites
download Torrents anonymously
use an entire anonymous operating system
communicate anonymously with client or source (for Lawyers or Journalists)
Behavior
PRISM break (incl. TEMPORA, MUSCULAR, ECHELON etc.)
browse web anonymously
“All human beings have three lives: public, private, and secret.”
Gabriel Garcí­a Márquez
3 Players in this game:
Users
Adversaries
Systems
/services
Passive Adversaries:
Byzantine Adversaries
-mark or otherwise modify traffic
Realistic with limited/unlimited network reach
-analyze traffic
-intercept entrance/exit
Active Adversaries:
Sybil
Coercive
-focus on system-level vulnerabilities (a lot of malicious client exploits)
-security vulnerabilities of particular network nodes
- seeking system compromise,
- go after system operators,
- employing social engineering,
- phishing attacks,
- physical attacks,
- political or legal authority
Questions?
Thank you for your attention!
Guidelines for anonymization
There seems to be
no
law restricting cryptography.
Plausible Deniability
Use in computer
networks
: denying that file comes from specific computer, due to relay mis-identification
Freenet
file-sharing
: knowledge where data comes from and where it is stored
Use in
cryptography
: adversary cannot prove that an encrypted message exists."
fully undetectable
" (FUD)
ENCRYPTION
and
ANONYMITY
allow
plausible deniability
Authorities work to restrict access to Web sites containing information that violates the law:
Internet censorship and surveillance in Austria
There are
no
government restrictions on access to the Internet
Not only the immediate perpetrator commits a criminal action, but also anyone who appoints someone to carry it out, or anyone who otherwise contributes to the completion of said criminal action.)
§12 StGB (penal code)
§13 E-Commerce Law

a service provider is not responsible for the transmitted content
European
Data retention law
was invalidated and repealed
Austrian and other European telecommunications and Internet providers are required by the EU’s Data Retention Directive to retain traffic and location data as well as related data necessary to identify the user. This is done in order to help law enforcement fight organized crime and terrorism.
scope of the Directive :
all persons
all means of electronic communication
all traffic data without any differentiation, limitation or exception


the court also criticized following
issues
:

length of the retention period,
access by law enforcement authorities to data did not depend on prior approval by a judge,
service providers were not required to offer a "high level of protection and security" for the retained data.
no assurance of "irreversible destruction" of the data at the end of the retention period.
Saving communication data preventively was unconstitutional.
in Austria June 30th,2014
Austrian
TOR case
tor-exit node provider found guilty of providing the tools for criminal action and sentenced to
3 years probation
the sentence was about offering services to host child pornography and recommending to use TOR for this purpose.
(He incriminated himself in chat)
Austrian Law
“YOU NEVER APPRECIATE YOUR ANONYMITY
UNTIL YOU DON'T HAVE IT ANYMORE.”
JASON PRIESTLEY (aka Brandon Walsh)
Devices
Air-gaped computer
that has never been online, for handling of sensitive data
unregistered rooted wifi tablet with no accounts - online only on hot spots
secure phone: BLACK PHONE
accessories:
Anti signal, Anti tracking, GPS-blocking protection case that shields from location tracking
designed to safeguard data, keeps information secure without taking drastic measures.
Anonymization
Gray Tools
Search Engines
Email
encrypted
disposable
Anonymous Web surfing
Cloud Storage
Instant Messaging
Password Manager
Stop tracking
Full disk encryption
Private Operating Systems
Virtual Machines
Permanent File Eraser/Shredder
Phone
disposable SMS/Phone
virtual phone
anonymous Payment Systems
anonymous credit cards
bitcoin/ darkcoin/ zerocoin
neo-Nazi
sites
child pornography
sites
copyright offenses
.
search engines
DuckDuckGo

The search engine that doesn't track you

Disconnect Search
engine that allows you to search privately

Startpage
removes identifiers from your google search
sanitize browser fingerprint, cookies, caching
use
private
browsing &
incognito
mode
block active client-side applets (Javascript, .Net, Flash, Silverlight)
Secure web browsing
Stop websites from

tracking
Firefox + addons
HTTPs everywhere
adblock plus
privacy badger
PirateBrowser

bundle package of
the Tor client (Vidalia)
FireFox Portable browser
with foxyproxy addon
anonymous payment options
zero Knowledge Software
open source code base
key attributes of the tools
Virtual Private Network (VPN)
TOR Project
Express VpN (paid service)
Private Internet Access
OpenVPN (opensource VPN client)
Freevpn.me (free service)
Mixbased anonymity 42 servers
onion routing
adhoc bridges
JonDonym
free software and open network
for anonymous browsing
Email
GuerrillaMail (Selfdestructing mail)
BLUR (masks your mail, phone, creditcard)
encrypted
FastMail (Australia)
Tuttanota (Germany)
CounterMail (Sweden)
Protonmail (Swiss)
Mykolab.com (swiss)
Runbox.com (Norway)
disposable
anonymous without registration
Mailinator
Harakirimail
many more
Virtual Private Networks
Younited (Finland 5GB)
Boxcryptor (for Dropbox)
Seafile (0-Knowledge 1GB)
SpiderOak (2GB free)
Owncloud (Self hosted)
BittorentSync (no cloud)
Cloud Storage
VeraCrypt (WIN, MAC, Linux)
Full disk encryption
RetroShare (cross-platform)
Bitmessage (Win/OSX/Linux)
Jabber/ssl (XMPP network)
ChatSecure (Android/IOS)
Wickr (Android/IOS)
Cryptocut (IOS)
OffTheRecord (OTR-Software)
Threema (Android/IOS)
Textsecure (android)
Instant Messaging
Pretty Good Privacy (PGP)
Password Manager
Maskme
LastPASS
KeyPASS
PasswdSafe
Private Operating Systems
TAILS (Snowden used it)
Ninjastick (Portable)
Privatix live system (portable)
PoliPPX
Ubuntu PRivacy Remix (UPR)
Liberte (lightweight distro)
WHOIX
(IP&DNS leaks are inpossible)
Virtual Machines
Oracle VM VirtualBox
Eraser
Handybits file shredder
Freeraser
Permanent File Eraser
Redphone (Android)
Jitsi (Open Source VIDEO CALLS and CHAT)
Silent Circle
(no logging, no data-farming, no backdoors)
Signal Private Messenger (IOS)
Burner (Android/IOS)
Hushed
(disposable numbers, works on Tablets, no phone needed)

disposable SMS/Phone
Receive SMS online
Receive Free SMS
SMS Receiver

virtual phone number providers
UREACH (voice mail, call redirection)
Grasshopper (Toll-Free or local number)
Open source P2P Cryptocurrency
Bitcoin (transctions log)
Darkcoin (anonymous)

Open source P2P Cryptocash
Billon
Anonymous Payment Systems
Bitlocker (WIN)
Dm-crypt/LUKS
DiskCryptor
anonymous credit cards
Vanilla Visa
Simon Card

Blur
Low-latency anonymity systems
(open source)
Phone
austrian post add
Full transcript