Davis Erin Anderson
June 20, 2019
Loyalty cards are one of the biggest abusers of data privacy
Real world consequences to what you do
Data Flows
Internet is the physical infrastructure and the Web is the software on top of it. Web is the human access point. SMTP, FTP, helps support many lanes of traffic.
The Internet is a global interconnected network of computer devices.
The web is one set of software services that runs on the Internet.
World Science Festival Youtube video
Who's obtaining our data?
corporations, govt, malicious hackers, people we know, in some cases
First party trackers: the website you are visiting
Third party trackers: Facebook like buttons, embedded twitter feeds, et cetera
Mechanics: Cookies, Browser Fingerprinting
https://panopticlick.eff.org
https://webkay.robinlinus.com
Web beacon
Our Digital Shadows
Hot on your trail, privacy, data and
https://www.youtube.com/watch?v=bqWuioPHhz0
data detox kit tactical tech
Data Detox Kit
https://datadetoxkit.org/en/about
#privacyproject
Mitigating Digital Risk
1. Connecting securely
Using https -- protects against attacks, secure communication
Using password-protected Wi-fi -- open wifi allows for network snooping and man in the middle attacks
Digital equity issue
Don't let your phone be set to join networks ...turn it off. You want it to ask if you want to join the networks. Delete old networks
Change your MAC address before connecting to WI-Fi
Kevin Metnick book: The Art of invisibility
Adam Alter -- addiction/compulsion to devices
Keep your security settings up to date
Turn off wi-fi when you are done
Turn off file sharing and AirDrop
Choose your network wisely
Setting strong passwords
Protect against unauthorized account access
Protect against data breaches
Have you been Pwned?
-https://haveibeenpwned.com
Type in your email address
Avoid the most common passwords
-Don't substitute a character for a number
-Don't use all lowercase or all uppercase
-Don't use the same password for multiple accounts
A couple of methods:
-Bruce Schneier's method -- Turn a sentence into a password.
-Person-Action-Object (PAO)-String together four uncommon words, avoid familiar phrases, tie to a memory aid
- Set unique passwords for each account.
- Make sure passwords have a lot of entropy
- Set up 2 factor authentication
- Always set a password or PIN
- If possible set a longer PIN
- Use biometrics in combo with another method
- Face and PIN
- Fingerprint and passcodde
- and so on...
- Set strong lock patterns in your Android phone
- not first letter of your name
- Invest in a password manager --
- Set up yubikeys for 2FA purposes
How our data gets tracked on the web
Select web browser carefully
Update your browser settings
- Disallow popup adds
- automatically delete cookies/history
- Never auto-save passwords
Install plugins to protect against third-party tracking -- No script, ghostery, script block on chrome, Block
Uninstall super cookies Flash Player, Silverlight
Uninstall toolbars added by third parties
Sending Secure Messages
http vs https -- like a postcard vs a letter in the mail
Your metadata story
How get hacked: Brute force, email scams
Run Google's security checkup Tool
Keep your work-related email on task
Answer personal emails outside of work time
Create a secondary email address to keep your main account private
Go Phish
Managing Social media
curate your friends/followers lists
be careful what you post
create restricted groups to share content
restrict your account to known viewers
Update settings to reflect your preferences
Refrain from using OAuth -- Don't use google or facebook to log in to a site
- Create unique accounts for all services
log out of social media sites when you are not using them.
Delete social media apps from your phone
Privacy in the Library
Risk Assessment questions
