http://prismbreakup.org/#/schedule/blocking-your-metadata
This workshop will be a roundtable discussion and tutorials on a few ways to limit your metadata trail. Before relying on proprietary services, we will investigate their known alternatives:
Email: Google vs. Zarafa
Digital e-storage: Dropbox vs. SpiderOak
Online Voice Communication: Skype vs. Jitsi/Pidgin OTR
Android: cyanogenmod/replicant OS
Attendees should come prepared to contribute, with laptops in hand.
3. 1. What does Metadata look like?
2. cryptographic protocols
3. See what’s happening on your network
4. Some ways to block your data
1 hour
Sunday, October 6, 13
4. 1. Delete cookies
2. Alternate Web Browser & Online Storage
3. Your Documents (text, images...)
4. Chat / Skype / Twitter / Facebook / SMS
5. VPN / Little Snitch
Protect your metadata.
Sunday, October 6, 13
8. 1. In the “cloud”
2. On the client’s server
3. On your local machine (cookies)
4. The client’s client’s server
...where else?
Where is it kept?
Sunday, October 6, 13
11. NISO categories of metadata:
Structural, Descriptive, Administrative
Markup Languages : syntax to express
metadata
Different syntaxes:
XML, HTML, JSON, RDF, plain text...
MetaData Syntax
Sunday, October 6, 13
12. ISO - endorsed Dublin Core
1. Title
2. Creator
3. Subject
4. Description
5. Publisher
6. Contributor
7. Date
8. Type
9. Format
10.Identifier
11.Source
12.Language
13.Relation
14.Coverage
15.Rights
MetaData Standards
Sunday, October 6, 13
24. - Track how many people visit a website
- Store Login / password info
- E-Commerce sites store customer
preferences
- Easy checkout info
- Sell your cookie info to telemarketers
- Sell statistics
...all based on info you’ve input to an
form online
What with my cookies?
Sunday, October 6, 13
34. -Communication protocol over a network
-HTTPS vs. HTTP
-HTTP sends data as plain text
-HTTPS encrypts data with SSL (secure
socket layer)
-HTTPS layers HTTP on top of SSL / TLS
Security Certificates
Sunday, October 6, 13
35. -Perform authentications
-Encrypt communications
-Uses a certificate
-CA (certificate authority) has a private key
used to sign other certificates
-CA resources : Thawte, Verisign...
-Free ones: CAcert, StartSSL, godaddy.com ...
SSL : Secure Socket Layer
Sunday, October 6, 13
36. - SSL Certificates have a key pair: a public
and a private key.
- These keys work together to establish an
encrypted connection.
- RSA: an algorithm for public key
encryption
RSA encryption
Sunday, October 6, 13
39. Anyone can create a key pair
Verisign makes DIGITAL CERTIFICATES, by signing
public keys
This certificate is seen by my browser, which has
a list of trusted providers
Trusted providers vs. not trusted providers (selfsigned)
Verisign is expensive ($1000)
Value = Trustworthiness
Sunday, October 6, 13
47. IP address to identify your general location
“We may also select advertising based on
information about your computer or device,
such as your device model, browser type, or
sensors in your device like the accelerometer.”
http://www.google.com/policies/technologies/ads/
Metadata that is tracked
Sunday, October 6, 13
55. 1. Delete cookies
2. Alternate Web Browser & Online Storage
3. Your Documents (text, images...)
4. Chat / Skype / Twitter / Facebook / SMS
5. VPN / Little Snitch
Protect your metadata.
Sunday, October 6, 13
56. 1. Firewall - protect your computer from
data from the internet)
2. VPN (virtual private network - protect
your data on the internet)
3. Little Snitch (protects your private data
from being sent out)
Shields
Sunday, October 6, 13
65. Tor (free software for enabling online anonymity
through a network)
Duck Duck Go (an anonymous internet search
engine)
Project Meshnet + cjdns (an encrypted
network, with the goal of a sustainable decentralized
alternative internet)
HyperBoria + cjdns (a global decentralized
network, alternative internet)
Alternate Browsers & Networks
Sunday, October 6, 13
79. • Your name
• Your initials
• Your company or organization name
• The name of your computer
• The name of the network server or hard disk where yo
• Other file properties and summary information
• Non-visible portions of embedded OLE objects
• The names of previous document authors
• Document revisions
• Document versions
• Template information
• Hidden text
• Comments
MS Word
Sunday, October 6, 13
84. •Your name
•What type of camera
•GPS location photo taken
•Photo date / time
•Size, formate
•linked files
•fonts
•properties
•copyrights
•edit history
Photos
Sunday, October 6, 13
121. 1. Now I know how to use Adium to encrypt my chats,
and I use chatserver or gibberbot for sending texts,
and I use Rise Up for gmail, but what can I do because
everyone uses gmail still?
2. All of these platforms are messy and hard to use can we come up with 3 solutions for better, more user
friendly interface?
Sunday, October 6, 13