Mike Gerwitz

Activist for User Freedom

diff options
authorMike Gerwitz <mtg@gnu.org>2017-03-09 05:20:33 -0500
committerMike Gerwitz <mtg@gnu.org>2017-04-02 22:04:28 -0400
commit00c8900bb3298a5527b31876d3d1616636e44578 (patch)
parent1c246e8628a736d17b3328977403200472a6ca46 (diff)
slides.org (The Web): Draft slides
1 files changed, 32 insertions, 28 deletions
diff --git a/slides.org b/slides.org
index ef59d31..36a9770 100644
--- a/slides.org
+++ b/slides.org
@@ -868,20 +868,20 @@ It's just what it sounds like:
-**** DEVOID Alarmingly Effective
+**** LACKING Alarmingly Effective
:DURATION: 00:03
:BEAMER_env: fullframe
+- Panopticlick (EFF)\cite{panopti:about}
+- JavaScript opens up a world of possibilities
+- Clearing cookies et al. won't always help
+- Can even track separate browsers on the same box
It's alarmingly effective.
-<<general fingerprinting stuff>>
Some methods allow fingerprinting even if the user uses multiple browsers
and takes care to clear all session data.
They can do this by effectively breaking out of the browser's sandbox by
@@ -889,24 +889,22 @@ They can do this by effectively breaking out of the browser's sandbox by
-**** DEVOID Browser Addons
-:DURATION: 00:01
+**** DRAFT User Agent
+- <1-> User agents can leak a lot of information
+ - <1-> ~18 bits in my browser on GNU/Linux, 1/~250,000
+- <2-> Tor Browser\cite{panopti:about}
-(Merge into other sections?)
-So how do we avoid this type of tracking?
-<<Talk about browser addons>>.
+Your browser's user agent is a string that it sends with every request
+ identifying itself and some of its capabilities.
+It can be surprisingly unique.
+When I tested a Firefox browser on GNU/Linux,
+ I was unique out of nearly 250,000 users.
-*** LACKING Anonymity [0/4]
-**** LACKING Summary :B_fullframe:
+*** DRAFT Anonymity [0/4]
+**** DRAFT Summary :B_fullframe:
:DURATION: 00:01
:BEAMER_env: fullframe
@@ -922,11 +920,13 @@ In the former case,
current session.
-***** TODO Anonymity
+***** Anonymity
+Origin is unknown to server; no unique identifier known by
-***** TODO Pseudonymity
+***** Pseudonymity
+Origin is unknown to server; unique identifier /is available/ to
**** DRAFT IANAAE :B_fullframe:
@@ -948,13 +948,14 @@ I provide a number of resources to get you started.
-**** DEVOID The Tor Network
+**** DRAFT The Tor Network
:DURATION: 00:01
-- The Onion Router (Tor)
-- ...
+- The Onion Router (Tor)\cite{tor}
+- Helps defend against traffic analysis
+- (Routing image)
Most here have probably heard of Tor.
@@ -980,18 +981,21 @@ There are lots of other details that I don't have time to get to here,
-**** DEVOID TorBrowser, Tails, and Whonix
+**** DRAFT TorBrowser, Tails, and Whonix
:DURATION: 00:02
+- <1-> Tor alone isn't enough
+- <1-> Browser needs to be hardened
+ - <2-> TorBrowser is a hardened Firefox derivative
+- <1-> Operating System needs to be hardened
+ - <2-> Tails, Whonix
Tor alone isn't enough to secure your anonymity.
It's hard to secure a web browser.
TorBrowser is a hardened version of Firefox.
The Tor browser recommends that you don't rely on a vanilla Firefox for