Download - Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post Snowden Era
Reigning In The Data
The Need for “Ephemeral”
Content
And the Social Impacts of the
Privacy
Crisis In the Post-Snowden Era
FOSSCON 2014 Andrew Schwabe
A Copy of this Presentation
• Will be linked via twitter:
• Follow me at @aschwabe
• Posted on my blog:
PainInTheApps.com
Background
• Tech Entrepreneur
• 20 yrs in Encryption + Data
Security
• Mobile, Social, Privacy focus now
• Assisted FBI for online predator
hunts
• Founder of Point.io
• Hackr #001 at new startup: STASH
• Privacy + OSS Advocate
• Launched August 2014
• First announced at FOSSCON!
• The worlds first peer-validation
ephemeral messaging platform
• http://Stash.My
Ahhhhh the Internet!
Ignorance *was* bliss
• A smartphone was just a phone with
email and junk and stuff
• We didn’t care if our kids uploaded pictures and
shared where they were during the day (every
day?)
• We didn’t think twice about emailing sensitive or
private stuff to ourselves or friends, even in
gmail…
Then…
1.2 Billion Usernames and passwords compromised
Hacked!
SPIED ON!
NO PRIVACY!
Welcome to a new Era!
Used to be… …the government would protect your
privacy
and stealing your secrets… …took effort and some paper moon
trickery…
<Cthon98> hey, if you type in your pw, it will show as stars<Cthon98> ********* see!<AzureDiamond> hunter2<AzureDiamond> doesnt look like stars to me<Cthon98> <AzureDiamond> *******<Cthon98> thats what I see<AzureDiamond> oh, really?<Cthon98> Absolutely…<AzureDiamond> oh, ok.
So What Happened???• Mobile devices got powerful and
complex
• Social media exploded onto the
scene
• Consumerization of IT
• … and we didn’t know what was
going on…
The Privacy Crisis
• We can at least be concerned that the NSA
have cracked and monitor:
– SSL (HTTPS) website activity
– RSA encryption certificates (public/private keys)
– 4G mobile networks (voice and data)
– VoIP voice services
– And any websites/etc. that use the above
NSA security coverage
• Means that they *can* (not will)
hack/monitor most of the services we
rely on daily
• These all use the same core security
tech
Google, Microsoft, otheremail scans
What is next ?
Data creation explosion
We are creating
huge amounts of
digital content,
much of which lives
longer in the cloud
than we intended
or have use for.
Data creation
• A large portion of what we create will live on
disk somewhere beyond our use for it
• The last decade was spent schooling people on
having backups
People know enough to be concerned
Google’s Right to be Forgotten
We SHOULD…
• Be concerned about
– what gets shared
– with whom
– And how long it lasts
Apps that are helping
• Snapchat
• Wickr
• Spideroak
• All focused on being a “place” where
your stuff is secure
Ephemeral
• What does it mean?
• Origin: greek word “ephĕmeros”
• “lasting for a very short time”
• The new “bucket” for technology that
manages the life of digital content
How does it help
• Personal privacy
• Corporate Risk
• Facebook vs snapchat models
• The opposite of Big Data ?
Is it enough?
• The concept is still new
• People are building “apps” more than
broad sweeping “solutions”
• It doesn’t address the issue of being
monitored/collected by NSA/Others
(strong encryption)
True anonymity ?
• Maybe the answer is anonymous
communication??
• Only available for *some* activity online
• Whistleblowers – do we want to enable
WikiLeaks and Snowdens ?
• But isn’t true anonymity the….
Dark Side of the Internet
Tools exist for anonymity• “Leak” website lets you send untrackable anonymous
emails.
– Inappropriate emails anybody ?
– Harrassment, abuse ?
• Tor lets you encrypt your web traffic and make you difficult
to track
– Porn and pirated content
• Bitcoin exists to keep the banks out of your financial
dealings
– Silk Road. BUSTED.
But Still Enable Naughty Activity
• Gov’ts around the world cracking down on
porn and sex trafficking
• FBI Infecting Tor users with Malware
• Google and Microsoft scan emails, etc. and
report questionable content to authorities
• Evil begets evil
Accountability
• There is no way to make everybody
behave
• As a global society we need new
ways to encourage law abiding
netizens
OMG I’m Scared
• What should I do?
– Know the risks
– Use technologies to protect yourself
– Don’t associate with those who don’t
behave
What we [might] need (the Future?)
• Anonymous peer validation for data
integrity
• Anonymous submissions to known
entities only for whistleblowing
• Social content stays social and never
collected for “Big Data”
In Summary
• We are in a new era
• Keep Calm
• Stay Educated
• Don’t Share unless you know the risks
• Use the right tech for your
security/privacy needs
For Some Fun Reading
• “Cryptonomicon” by Neal
Stephenson
– A futuristic take on:
– Underground Data Haven
– Anonymous Internet Banking
– Digital Gold Currency
Q&A
Thank you for coming!• Presentation will be shared via
twitter:
• Follow me at @aschwabe
• AND Posted on my blog:
PainInTheApps.com