the billion dollar product - online privacy (v2.2)
TRANSCRIPT
![Page 1: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/1.jpg)
Deliveringthebestinzservices,so2ware,hardwareandtraining.Deliveringthebestinzservices,so2ware,hardwareandtraining.
WorldClasszSpecialists
TheBillionDollarProduct–OnlinePrivacy
RuiMiguelFeio–SecurityLead
![Page 2: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/2.jpg)
Agenda• Introduc:on• Freeonlineservices• Nothinginlifeisforfree• Paidonlinewebservices• Howdotheydoit?• Risks• Security(orlackofit)• Themainframe• Conclusion• Ques:ons
![Page 3: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/3.jpg)
Introduc:on– SecurityleadatRSMPartners
– Beenworkingwithmainframesforthepast17years
– StartedasanMVSSystemsProgrammerwithIBM
– Specialisesinmainframesecurity
– Experienceinnon-mainframeplaTormsaswell
– Beengivenpresenta:onsallovertheworld
![Page 4: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/4.jpg)
FreeOnlineServices
![Page 5: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/5.jpg)
Freeonlineservices
![Page 6: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/6.jpg)
It’sfreeinreturnfor…• Placingcookiesonyourdevicestotrackyouandyouronline
ac:vi:es
• Collec:ng‘some’ofyourpersonaldata
• Includingadsinthewebsitesyouuse
![Page 7: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/7.jpg)
Isthisfair?• YES!!Theservicesareforfree!!!
• Whocares?...Idon’thaveanythingtohide!
• Sawagreatquotetheotherday…“MybiggestfeariswhenIdie......IsthatmywifesellsmymotorbikesforwhatItoldherIpaidforthem!!!”
• SeeweallhavesomethingtohideJ
![Page 8: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/8.jpg)
Nothinginlifeisforfree
![Page 9: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/9.jpg)
“[…]apersonhasnolegi:mateexpecta:onofprivacyininforma:onhevoluntarilyturnsovertothirdpar:es”
Google’slegalteam
![Page 10: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/10.jpg)
PrivacyPolicy&TermsandCondi:ons
• Howmanyofyoueverreadthem?
• Typicallytheseareextensiveanddifficulttodecipher
• Theyarelegallybindingbusinessproposi:onsbetweenyouandtheonlineserviceprovider
• Ok,butwhocares…?
• It’safreeservice!!...Really?
![Page 11: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/11.jpg)
Letmeaskyousomething…• Howmuchdoyouvalueyourprivacy?
• Howaboutyourfriendsandfamily’sprivacy?
• Whatdoyouthinkcouldhappenifyourdatawasmisused?
• Haveyoueversearchedorvisitedanonlinewebsitethatyouwouldratherliketokeepa‘secret’?
• IknowIhaveJ
![Page 12: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/12.jpg)
Interes:ngfacts• OnadailybasisGoogleprocessesaround24Petabytesofdata
• Thisdataisthenstoredandsoldforadver:sement
• TheuseofCookies:– Fingerprintsthatallowyoutobetracedandcatalogued
• Whatyouseeonlineiscustomisedforyoubasedonyour‘onlineprofile’
![Page 13: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/13.jpg)
ValueofaCompany• WhydoyouthinkFacebookorGoogleareworthbillionsofdollars?
• AstudypublishedbytheWallStreetJournalonFacebook:
– Eachlong-termuserisworth$80.95– Eachfriendshipisworth$0.62– Yourprofilepageisworth$1,800– Abusinesspageandassociatedadrevenuesareworth$3.1million
![Page 14: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/14.jpg)
LetmeseeifIgotthisright…• Youusethese‘free’onlinewebservices• Youcreateyourownsocialnetwork• Youinviteotherstojointhe‘free’onlineservice• Youaddcontent:
– Ideasandthoughts– Statusupdates– Photos,videos,…– Linkstootherusersandpages– Interactwithotherpeople– Search– …
![Page 15: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/15.jpg)
So…• Howmuchdoyougetpaidforallthis?
• Allofthiseffortisworthalotofmoneyforthe‘free’onlineserviceproviderandyougetnothing?
• Hmmm…youareindeedagreatvalueforthe‘free’onlineservice!
![Page 16: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/16.jpg)
Interes:ngfacts• Peoplewhouse‘free’onlineserviceshavebecomethelargest
unpaidworkforceinhistory!
• Thedatathatyouhavefreelyprovidedcanbeusedbythe‘free’onlineservicecompaniestobesoldtothirdpar:es
• Youjustdon’tgetanymoney…andyouhavenosayeither!
![Page 17: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/17.jpg)
Paidonlinewebservices
![Page 18: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/18.jpg)
Paidonlineservices–aretheyanydifferent?• Notreally…
• Manyofthepaidonlineservicesusethedatayouprovideasmeanstocapitaliseandmakemoremoney:
– Customisedservicesorproducts– Ads– Datasoldtothirdpar:es
![Page 19: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/19.jpg)
Howdotheydoit?
![Page 20: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/20.jpg)
Howdoesitwork?• Theonlineserviceprovidersprofileyouasdomanyother
organisa:ons:
– Reads,scans,andsearchesyourdata,messagesandwebsearches
– Analysesyourdataandyouronlinetrends
– Tracksyou(cookies,smartphones,…)
– Createsan‘online’profileofYou!!
![Page 21: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/21.jpg)
Howdoesitwork?• Theonlineserviceprovidersmone:sesYOU!
• Triestosellyouproductsandservicesbasedonyour‘online’profile
• Displaysdataonyourscreenaccordingtoyour‘online’profile
• Sellsyouandyourdatatothirdpar:es
![Page 22: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/22.jpg)
Whowouldwantyourdata?• Everyone!Everysinglecompanywantsit!
• Why?
– Becausenowtheyhaveawayofprofilingyou– Theyknowwhoyouare,whatyoulike,whatyoudon’tlike,whatyoudo,whomyoudoitwith,whoareyourfriends,whatyourhabitsare…
– Aninsurancecompanyknowsyourhabits,andcannowdecideifyouare‘worthytobeinsured’
– Afinancialbankcandecideifitwilllendyoumoneyornot– Theyknowyoufromyour‘online’profile!
![Page 23: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/23.jpg)
Risks
![Page 24: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/24.jpg)
Oh,oh,we’reintrouble!...• Whoarethethirdpar:esthataregeungyourdata?
– Othercompanies– DataBrokers
• Lackoflegisla:on
• HowsecurearetheITinfrastructureofthecompaniesthatnowhaveyourdataandyour‘online’profile?
![Page 25: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/25.jpg)
Danger!Danger!• Websites,smartphones,tablets,smartwatches,GPSdevices,…
• Howisyourdatabeingused?
• Forwhatpurposesisyourdatabeingused?
• Howsecurearethesewebsitesanddevices?
![Page 26: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/26.jpg)
Interes:ngfacts• 82%ofAndroidappstrackandcollectyouronlineac:vi:es
• Databrokersgetinforma:onfromyourISP,onlineac:vity,creditcardcompanies,mobilephonecompanies,banks,etc.
• Databrokersaimtoprovide‘behaviouraltarge:ng’
![Page 27: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/27.jpg)
Interes:ngfacts• DatabrokercompanyAcxiomCorpora:on:
– Hasmorethan23,000servers– Theseserverscollect,collateandanalysemorethan50trillionuniquedatatransac:onsperyear
– 96%ofAmericanhouseholdsareinitsDBs– Hasmorethan700millionuserprofilesfromaroundtheworld– Eachprofilehasmorethan1,500specifictraits
• Onequotestated‘Thisistheageofthestalkereconomy’…
• Wellisit???
![Page 28: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/28.jpg)
Security(orlackofit)
![Page 29: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/29.jpg)
Interes:ngfacts• Worldwidespendingonsecurityso2waretotallednearly$20billion
in2012
• Worldwidespendingonsecurityso2warees:matedtoreach$94billionby2017
• Anaverageof62%oftheintrusionsagainstbusinesseswereonlydetecteda2er2months
• Theaverage:mefromtheini:albreachun:ldiscoveryoftheintrusionis210days
• Companiesfacenearly$154incostsperrecordstolen
![Page 30: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/30.jpg)
Costsofdatabreachforabusiness• Detec:ngthebreach• Containingtheawacks• Inves:ga:ngtheawacks• Iden:fyingtheawackers• Remedia:ngtheITinfrastructure• Salesdecline• Creditcardreplacementfees• Consumercredit-monitoringservices• Insurancepremiums• Dropinstockmarketshareprice• Company’simage
![Page 31: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/31.jpg)
Oh,oh,we’vebeenhacked!• MossackFonseca(PanamaPapers)–11millionrecords(2016)• 21stCenturyOncology–2.2millionrecords(2016)• Verizon–1.5millionrecords(2016)• USVotersdatabase-191millionrecords(2015)• VTech-12millionrecords(2015)• AshleyMadison–37millionrecords(2015)• Mspykids&partnertrackingservice–400,000records(2015)• HomeDepot–56millionrecords(2015)• Anthemhealthinsurance–80millionrecords(2015)• JPMorganChase–76millionrecords(2014)• Andsomanymore…
![Page 32: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/32.jpg)
World’sbiggestdatabreaches
hHp://www.informaKonisbeauKful.net/visualizaKons/worlds-biggest-data-breaches-hacks/
![Page 33: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/33.jpg)
World’sbiggestdatabreaches
hHp://www.informaKonisbeauKful.net/visualizaKons/worlds-biggest-data-breaches-hacks/
![Page 34: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/34.jpg)
CostofdatabreachforYou• Thehackercannowpoten:allyhave:
– Youronlinelogincreden:als– Detailedinforma:onaboutyou– Yourcreditcardinforma:on
• Thehackercannow:– Sellyourdata(yes,eventocompanies)– Testyourlogincreden:alsinothersitesandservers– Manipulateyourdata– Stealyouiden:ty– Blackmailyou!
![Page 35: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/35.jpg)
So,letmeaskyouagain…• Howmuchdoyouvalueyourprivacy?
• Howaboutyourfriendsandfamily’sprivacy?
• Whatdoyouthinkitcouldhappenifyourdatawasmisused?
• Areyousureyouhavenothingtohide?
![Page 36: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/36.jpg)
TheMainframe
![Page 37: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/37.jpg)
Ah,we’resafe!Noonehacksthemainframe!!• Areyousureaboutthat?
– ITfirmLogica–morethan10,000socialsecuritynumbers(2012)– SwedishNordeabank–personaldata,money(2013)– InternalhackinonemajorUKBank(2013)-£2millioninlosses
• ButthemainframeisthemostsecureplaTormintheworld!– No,themainframeisthemostsecurableplaTormintheworld– Requireseffort,investmentandresources– Peopleneedtobetrainedtobekeptuptodatewiththenewsecurity
threatsandtrends
![Page 38: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/38.jpg)
Frommyexperiencewithmainframeclients…• Themainframeispartofanecosystemofmul:pleplaTorms.
– Ifoneofthemgetscompromisedhowwillitaffectthemainframe?
• Hackersaregeungreallyinterestedonthemainframe
• It’sjustamawerof:meun:lamainframeisseriouslycompromised
• Ohmy,alotofworkneedstobedone!
![Page 39: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/39.jpg)
Ourexperiencewithmainframeclients…• Managements:llseesthemainframeasun-hackablewhichleads
toalackofinvestmentorinterestinmainframesecurity
• Whileperformingmainframeauditsandpenetra:ontestsforvariousclientsweseethesamecommonsecurityproblemsoverandoveragain
• Wassatwithaclienttheotherdayandtheystated:
“Themainframeistheonlysystemthathascompleteviewofourclients,it’soursystemofrecord…But......Wedon’tprotectitproperly”
![Page 40: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/40.jpg)
Conclusion
![Page 41: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/41.jpg)
Conclusion• ‘Free’onlineservicescanbeuseful
• Usethem,butdon’tabusethem!
• Think:“DoIreallyneedtousethisservice?”
• Becarefulaboutthedatayouprovide!
• Otherscanpickyourdigitalfootprintandinterpretitwithoutyourknowledgeandinwaysthatcancauseyouharm.
• Governmentsneedtoimplementappropriatelegisla:onarounddataandprivacy!
• Privatedataisworthbillions!
![Page 42: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/42.jpg)
Conclusion• Ifyouarereallyconcernedaboutyouronlineprivacytakealookat:
– TOR– DISCONNECTME
![Page 43: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/43.jpg)
TOR(TheOnionRouter)• ThemostpopularbrowserisTOR
• TORisnotnecessarilyjustfortheDarkWeb
• TORisallaboutonlineprivacy
• ItcanbedownloadedatTORPROJECT.ORG
• SeveralDownloadsavailable
![Page 44: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/44.jpg)
DisconnectStatement:TheTorProjectisanon-profitdedicatedtoresearch,development,andeduca:onaboutonlineanonymityandprivacy.ThismissionisinalignmentwithDisconnect’sownmissiontomakeprivacythedefaultonline,andourpartnershipwithTormarksamajormilestoneinachievingourmutualgoals.
![Page 45: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/45.jpg)
AndFinally….....
![Page 46: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/46.jpg)
Ques:ons
![Page 47: The Billion Dollar Product - Online Privacy (v2.2)](https://reader031.vdocument.in/reader031/viewer/2022022815/587f04631a28abc26f8b48d7/html5/thumbnails/47.jpg)
RuiMiguelFeio,[email protected]:+44(0)7570911459linkedin:www.linkedin.com/in/rfeiowww.rsmpartners.com
Contact