reigning in the data (fosscon 2014) - ephemeral messaging and privacy in post snowden era

Reigning In The Data

The Need for “Ephemeral”

Content

And the Social Impacts of the

Privacy

Crisis In the Post-Snowden Era

FOSSCON 2014 Andrew Schwabe

A Copy of this Presentation

• Will be linked via twitter:

• Follow me at @aschwabe

• Posted on my blog:

PainInTheApps.com

Background

• Tech Entrepreneur

• 20 yrs in Encryption + Data

Security

• Mobile, Social, Privacy focus now

• Assisted FBI for online predator

hunts

• Founder of Point.io

• Hackr #001 at new startup: STASH

• Privacy + OSS Advocate

• Launched August 2014

• First announced at FOSSCON!

• The worlds first peer-validation

ephemeral messaging platform

• http://Stash.My

Ahhhhh the Internet!

Ignorance *was* bliss

• A smartphone was just a phone with

email and junk and stuff

• We didn’t care if our kids uploaded pictures and

shared where they were during the day (every

day?)

• We didn’t think twice about emailing sensitive or

private stuff to ourselves or friends, even in

gmail…

Then…

1.2 Billion Usernames and passwords compromised

Hacked!

SPIED ON!

NO PRIVACY!

Welcome to a new Era!

Used to be… …the government would protect your

privacy

and stealing your secrets… …took effort and some paper moon

trickery…

<Cthon98> hey, if you type in your pw, it will show as stars<Cthon98> ********* see!<AzureDiamond> hunter2<AzureDiamond> doesnt look like stars to me<Cthon98> <AzureDiamond> *******<Cthon98> thats what I see<AzureDiamond> oh, really?<Cthon98> Absolutely…<AzureDiamond> oh, ok.

So What Happened???• Mobile devices got powerful and

complex

• Social media exploded onto the

scene

• Consumerization of IT

• … and we didn’t know what was

going on…

The Privacy Crisis

• We can at least be concerned that the NSA

have cracked and monitor:

– SSL (HTTPS) website activity

– RSA encryption certificates (public/private keys)

– 4G mobile networks (voice and data)

– VoIP voice services

– And any websites/etc. that use the above

NSA security coverage

• Means that they *can* (not will)

hack/monitor most of the services we

rely on daily

• These all use the same core security

tech

Google, Microsoft, otheremail scans

What is next ?

Data creation explosion

We are creating

huge amounts of

digital content,

much of which lives

longer in the cloud

than we intended

or have use for.

Data creation

• A large portion of what we create will live on

disk somewhere beyond our use for it

• The last decade was spent schooling people on

having backups

People know enough to be concerned

Google’s Right to be Forgotten

We SHOULD…

• Be concerned about

– what gets shared

– with whom

– And how long it lasts

Apps that are helping

• Snapchat

• Wickr

• Spideroak

• All focused on being a “place” where

your stuff is secure

Ephemeral

• What does it mean?

• Origin: greek word “ephĕmeros”

• “lasting for a very short time”

• The new “bucket” for technology that

manages the life of digital content

How does it help

• Personal privacy

• Corporate Risk

• Facebook vs snapchat models

• The opposite of Big Data ?

Is it enough?

• The concept is still new

• People are building “apps” more than

broad sweeping “solutions”

• It doesn’t address the issue of being

monitored/collected by NSA/Others

(strong encryption)

True anonymity ?

• Maybe the answer is anonymous

communication??

• Only available for *some* activity online

• Whistleblowers – do we want to enable

WikiLeaks and Snowdens ?

• But isn’t true anonymity the….

Dark Side of the Internet

Tools exist for anonymity• “Leak” website lets you send untrackable anonymous

emails.

– Inappropriate emails anybody ?

– Harrassment, abuse ?

• Tor lets you encrypt your web traffic and make you difficult

to track

– Porn and pirated content

• Bitcoin exists to keep the banks out of your financial

dealings

– Silk Road. BUSTED.

But Still Enable Naughty Activity

• Gov’ts around the world cracking down on

porn and sex trafficking

• FBI Infecting Tor users with Malware

• Google and Microsoft scan emails, etc. and

report questionable content to authorities

• Evil begets evil

Accountability

• There is no way to make everybody

behave

• As a global society we need new

ways to encourage law abiding

netizens

OMG I’m Scared

• What should I do?

– Know the risks

– Use technologies to protect yourself

– Don’t associate with those who don’t

behave

What we [might] need (the Future?)

• Anonymous peer validation for data

integrity

• Anonymous submissions to known

entities only for whistleblowing

• Social content stays social and never

collected for “Big Data”

In Summary

• We are in a new era

• Keep Calm

• Stay Educated

• Don’t Share unless you know the risks

• Use the right tech for your

security/privacy needs

For Some Fun Reading

• “Cryptonomicon” by Neal

Stephenson

– A futuristic take on:

– Underground Data Haven

– Anonymous Internet Banking

– Digital Gold Currency

Q&A

Thank you for coming!• Presentation will be shared via

twitter:

• Follow me at @aschwabe

• AND Posted on my blog:

PainInTheApps.com