SlideShare una empresa de Scribd logo

How to get back your privacy?

Jérôme aka "Genma" Kun
Jérôme aka "Genma" Kun

- Why we do this talk ? - The digital identity - HOW TO : Encryption - WTF is encryption ? - What can I encrypt ? How? - HOW TO : Anonymity - Why does it matter ?

Tecnología
1 de 89
Descargar para leer sin conexión
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion How to get back your privacy? Naam, Genma EPITA / Gconfs naam@riseup.net genma@riseup.net 01/17/14 Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Overview 1 2 3 4 Intro Why we do this talk ? The digital identity HOW TO : Encryption WTF is encryption ? What can I encrypt ? How ? HOW TO : Anonymity Why does it matter ? There is always a tool that ts your need Conclusion We're not in a XOXO world Cryptoparty Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Sensitive data Denition a set of values of qualitative or quantitative variables individual pieces of information Some of them are (important|critical)s, don't play with Mallory. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity The right to stay anonymous The Convention for the Protection of Human Rights and Fundamental Freedoms states that : Article 8 - Right to respect for private and family life Everyone has the right to respect for his private and family life (...). There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others Naam, Genma . Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Current situation Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity You will also see Tons of softwares, distributions, techniques to defeat too inquisitive people and censorship. What's a Cryptoparty and what you could learn from it. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity About me Where can you nd me on Internet ? Blog (in French) : http ://genma.free.fr Twitter : http ://twitter.com/genma My Hobbies ? Many things Crypto Privacy Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Digital identity, what is it ? Denition Digital identity is all the public data you can nd about someone using Internet research. It's the famous e-reputation. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity What do you think of me ? Google you name The results shown are they exactly what you want ? Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Saying Words y, writings remain This adage is especially true with the Internet. It must be assumed that what is said will always be accessible, even years later. Everything on the Internet is public or will be (even if it is private, Terms of Use may change). it is therefore not an abuse of freedom of expression and it remains respectful of laws Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Pseudonymity Dention Contraction of anonymity and pseudonym words, the term pseudonymity reects quite well the contradictory of being a public gure and to remain anonymous ... Have a pseudonym does not mean to say and do anything. This is the image that I return, this is my credibility (past, present and future). A pseudonym is also a public identity, which is associated with dierent account : my blog, my Twitter, my Facebook account. The digital identity are all these public data associated with this identity. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Samples Twitter Linkedin Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Pseudonymity is disapearing... Facebook Facebook doesn't allow the creation of an account with a pseudonym, if you really want there is some easy steps to follow. The goal is to force people to express themselves using their real names, Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Pseudonymity is seen as a problem The problem is that the anonymity is taken as an excuse to condemn the use of the Internet as a tool for freedom of expression. If people are monitored, they do not say what they think, they do not criticize the politicians. With the Internet, the citizen is gradually taking power on politicians. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Conclusion Pseudonymity is a necessity Manage your digital identity. Pseudonymity is the rst step to take back you privacy. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Something unclear ? Feel free to ask for questions now. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Denition - cryptage, encrypt, encryption ? Encryption Encryption is to encrypt a document / le using an encryption key. The reverse operation is decryption. Cryptage Term cryptage is derived from the English encryption and does not exist in French. Decryption is the fact of breaking the encryption when the private key is unknown. Cryptography Science is called Cryptography. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption, how does it work ? Symetric Encryption This involves encrypting a message with the same key that will be used for decryption process. Sample : Caesar code, with an oset letter. A-C, B-D etc. Nous venons en paix - Pqwu xgpqpu gp rckz The reverse process is applied to get the message. What is an encryption key ? A key is called so because it opens / closes the padlock that is the used encryption algorithm. Here, the algorithm is the oset. The key is the number of oset of letter (here two letters). Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Asymetric Encryption 1/2 Public key - Private key Asymetric Encryption is based on the pair public key - private key. ⇒ What you need to know : My private key is... private and my own. My public key is shared with everyone. The encryption algorithm The encryption algorithm is more complexe than the fact of shifting letters ; it is based on mathematical concepts (rst number ...) Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Asymetric Encryption 2/2 Encryption With the public key of my correspondent, I encrypt a le. ⇒ The le can only be decrypted by the person who possesses the private key corresponding to the public key that I used (and therefore my correspondent). Decryption With its private key, my correspondent decrypts the le. ⇒ He can then read the message. Concret case Mail Encryption with PGP. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Bob send a message to Alice Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Why encryption ? Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encrypt - The arguments against Nobody does... FALSE. Without knowing it, you do it every day. Sample 1 : padlock when connecting (https) Sample 2 : Wi key. Nothing to hide... FALSE. Who would accept the postman reading his medical post ? Encryption, it's for the pedo-nazi... FALSE. For journalists / bloggers dissidents who are denouncing dictatorships... Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encrypt - The arguments for Encryption, it's not so complicated It is not more complicated than using a software. You just have to understand the principle. Protection and security My personnal data are safe Cf. PRISM, NSA... Privacy Only the person for who the message is, is able to read it. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Edward Snowden Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption limit Which is encrypted can be decrypted today tomorrow Tomorrow's computers will allow to decrypt the encrypted data today. It the private key is lost We no longer have access to data. Metadata, social graph PGP does not protect against the analysis of metadata (servers transit, addresses, headers, subject). Do not forget to clean the meta-data les (EXIF tag photos, oce documents with tracked changes). DNS... Case of tracking Internet ... Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Law and encryption In France, the law therefore considers that the use of cryptology is free (LCEN Article 30-1) and there is therefore now no limit to the size of the encryption key that can be used . In case of search, the refusal of submission of the encryption key may result in 3 years imprisonment and 45000e. This penalty is increased if Encryption was used to commit a crime. It is therefore recommended to give the decryption key, except in the case where the decrypted data would result in a judicial proceeding in which the nal sentence would be greater than the interference with the judicial investigation. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption Locally - your data Hard disk USB Key Smartphone Network - Communications Https : HTTPSEveryWhere for Firefox E-mails : GPG with Enigmail for Thunderbird Connexion : VPN, SSH, TOR... ⇒ Each use, there is an encryption solution. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Emails - PGP, GPG ? PGP Pretty Good Privacy - PGP is an encryption software created by the American Phil Zimmermann in 1991. OpenPGP This standard describes the format of messages, signatures or certicates that can send software such as GNU Privacy Guard. It is therefore not a software but a format for the secure exchange of data, which owes its name to the historic program Pretty Good Privacy (PGP). GnuPG GnuPG (GNU Privacy Guard) is the free software. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Harddisk encryption Software integrated in operating systems Windows 7/8 : Bitlocker (Backdoor) MacOS : FileVault GNU/Linux : Encfs... Can you trust closed source software ? Independently of the operating system ⇒ TrueCrypt. For a USB key/an external hard drive. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? TrueCrypt audit Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption and privacy Encryption meets the need for privacy and allows data protection. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption for connexions : SSL/TLS Session layer based, aect application layer (TFP, HTTP, SMTP, IMAP, POP , DNS, RTMP ...) Prefer using TLS over SSL when you have choice. Asymetrical encryption, forward secrecy (Die-Hellman). Only use up to date browser in order to have the correct ngerprint caught on your computer and avoid MITM attack. If your browser does not have a certicate pinning system install certicate patrol (assuming your rst connection is safe) or HTTPS everywhere with the SSL observatory ON. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Die-Hellman key exchange With color two people that never met agrees on the same keys heavy use of one-way function Select a public color, then each part select a private secret one. each part mix private/public key and send it to the other. Each part mix the mixture of the other with their own private color and arrive to the same nal private color. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Die-Hellman key exchange With maths : (modular|clock) arithmetic work on prime modulus and generator of that modulus. 3 mod 17 = X with 0 = X = 17 hard to reverse when len(prime modulus) increase. so each part agrees on a prime modulus (p) and a generator (g). Then calculate g mod (p ) = Mix and send it publicly. each part compute now n secret Mix secret ( ) = Key mod p Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption for chat sessions : OTR OTR : O-the-Record Messaging Die-Hellman key exchange o-the-record conversation repudiable authentication by using message authentication codes. (authentication ON | digital signature OFF) Bob cannot prove that Alice generated the MAC. Install Pidgin (cross-plateform) with plugin (available from the OTR homepage) and start playing. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption for disk Many possibilities, but full disk encryption is advised in case you really care about privacy. For this purpose you have a plethora of choice. Stacked lesystem encryption (eCryptfs, EncFs, disk utility ...) Disk encryption (dm-crypt, GELI, FileVault, DiskCryptor, trueCrypt ...) Case study : Plain dm-crypt full disk encryption bootloader and key on external device (can also be done with Diskcryptor) Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption for smartphone Android Chatsecure (Facebook chat, GTalk, Jabber) [OTR Messaging] Textsecure (SMS) LUKS Manager (ROOT requiered) iOS Chatsecure (Facebook chat, GTalk, Jabber) [OTR Messaging] FDE available by default, bypass techniques available, proprietary built system... (More details : iPhone Forensic, O'Reilly) Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Example : chatsecure with facebook Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Example : chatsecure with facebook Win. Facebook cannot read your messages. But you can't read it anymore after your current session. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption for les Mails : Use GPG create your keys share your public key enter the matrix Web Of Trust (WOT) encrypt/sign your message and send it. receive mails too. Files Basically you can do the same with 'regular le'... Make sure not to store keys near encrypted les, prefer symetrical encryption if les will not be shared. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Choosing a password : Diceware method The diceware method allow you to construct very strong password with the following advantages : Very easy to remember strong passphrase with high entropy ( 20char +) truly random ; password is totally detached from user habits/knowledge etc. Test your password strength in bits Entropy calculated by : H = =1 L ∗ n tn LogN k Log 2 Do NOT test your password strength online. Take a calculator and calcul the entropy yourself. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Diceware, overall strength Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Diceware, how does it work You only need a true random source and an ocial mapped dictionary. Draw 1 : 5 1 5 5 5 ... Draw 2 : 5 4 5 6 6 14245 bit Draw 3 : 6 5 6 4 6 14246 bitch Draw 4 : 5 4 3 1 2 14247 bite Draw 5 : 2 2 3 5 4 ... Results in French : phase ribose vv rebut clebs in English : rest sober 80 skye data Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Something unclear ? Feel free to ask for questions now. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Anonymity Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Anonymity, why does it matter ? In real life, anonymity is necessary for democraty (voting paper). On line, anonymity is necessary for freedom of expression. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need TOR the Onion router Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Onion routing principles Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need TOR : The Onion Router It's an open-source implementation of the principles we just saw supported by The Tor Project. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need TOR : The Onion Router Pros Hiding you identity and location, prevents from eyesdropping. Hiding you browsing habits and act like a debrider on the informations that you're authorized to see. encrypting your (incom|outgo)ing trac between nodes. Cons Slower connexion, forget about downloading big les, torrents (deanonymize eect) etc... Still vulnerable to some kind of analysis (timing deduction or infection between applications). entry/exit nodes are vulnerables, no magic here. (Partial solution if you setup an exit enclaving node) Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need If you use it, do it smartly Don't use standalone TOR or Vidalia bundlle Prefer the use of the TBB (Tor Browser Bundle) or even better : tails (live Debian), in hostile environment (public places etc) Try Tor browser launcher for your distribution, that keep TBB updated. Grab-it from here : https ://github.com/micahee/torbrowser-launcher Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need If it's free, then you're the product Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need What is the tracking ? Tracking over the Internet websites, announcers use it to learn your browsing habits. they save what websites are you're visiting, what do you like or dislike and what you buy. Data are processed in order to display the best ads that t your preferences. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need What's the magic ? Ads and widget are spying you The Like button : Allows FaceBook to know what you visit, even if you don't click on it, even if you are properly disconnected from Facebook. Same for the +1 by Google, and Google Analytics script. In fact every ad and many widget do it. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Want to test ? Try LightBeam (ex Collusion) with Firefox That add-on allow you to see in real time which websites are tracking you and the inter-connexion between the actual website and others. Kind of weird sometime. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Firefox Firefox addons Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Firefox scripts : Ghostery Block all trackers. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Firefox scripts : Self destructing cookie Automatic cookie deletion techniques. Prevent tracking and spying. Possibility to setup a whitelist if you really want to keep some cookies for some domains even if you're not currently using it. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Firefox scripts : HTTPSEverywhere Made by the electronic frontier fondation (EFF), it forces the HTTPS when available on the website. If you have one, consider registering it for your visitors (see https ://www.e.org/httpseverywhere/rulesets). Also, activate the SSL Observatory : it prevents from MITM attacks and more generally against corrupted certicates. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Firefox scripts : Certicate Patrol Does approximately the same thing than the SSLObservatory. Less transparent in everyday use. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Search engines Problems with search engines Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Search engines Duckduckgo (ddg.gg) personalizable interface for your needs. Ixquick/startpage (ixquick.com/startpage.com) more than one search engine begind, automatic proxy if you want to. binsearch (binsearch.info) search for binaries (newsgroups etc) that google is hiding from you. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Metadatas are evil Metadatas are evil Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Metadatas are evil Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Metadatas are evil Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Metadatas are evil Denition (http ://dictionary.reference.com/browse/meta-data) Data about data. information that is held as a description of stored data. Examples EXIF tags on photography (Date, cameras info, GPS coordinates...) data stored on documents like .doc(x) ... Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Metadatas are evil Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Solution ? YES, partialy There is a good tool to erase metadatas from a large spectrum of letypes. It's called MAT (mat.boum.org). Reside in Tails, standalone package (Debian), Git repos. it has a GUI, no worry (can also be used in command line, don't worry too). Files support : Images : .png, JPEG (.jpg, .jpeg, . . . ) Documents : .odt, .odx, .ods, . . . , .docx, .pptx, .xlsx, . . . , .pdf Tape ARchives (.tar, .tar.bz2, . . . ) Media : .mp3, .mp2, .mp1, . . . , .ogg, . . . , .ac Torrent (.torrent) Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Something unclear ? Feel free to ask for questions now. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Conclusion Conclusion Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Crypto-anarchy Everyone does encryption and what is really important is encrypted and embedded in it. It creates noise which prevents mass surveillance (PRISM ...) Careful ! At the current time, encryption is not widespread, anyone who encrypts their e-mails can be considered as suspicious. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Relativity of anonymity today Analysis on language elements We can identify someone by studying the typography, style, vocabulary, culture, ideas .. the frequency of words used, the turn of phrase, the kind ... Theses techniques are used to determine who hides behind... Anonymous Care of Logs Schedules connections times and estimated time zone also provide information ... Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Relativity theory Snowden's leak are recent, documents leaked are pretty old. We have very strong tool but we do not know what they have. State of the art techniques to defeat those technologies (processor noise etc...). Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Want to help ? With money : You can make donation to those open-source projects. With action : Use their services, give feedback, there is always something to do. By spreading words, teach others how to use it. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Cryptoparty Interested parties with computers, devices, and the desire to learn to use the most basic crypto programs and privacy tools and the fundamental concepts of their operation ! CryptoParties are free to attend, public, and are commercially and politically non-aligned. What you'll do Use crypto-tool, ask for questions, teach to others want you already know. What you'll not do Maths, learn deep crypto-concepts, ... Unless you want it. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Something unclear ? Feel free to ask for questions now. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Rendez vous at the Cryptoparty Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Annexes Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty An Exchange of mails really secure The problem with encrypted email ? We still know who talks to whom. Solution Exchange mail between two known / trusted servers who are dialoguing in https SSL / TLS between them. Encrypt messages via PGP Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Steganography - Steghide Can you see a dierence between these two pictures ? vs The second image contains the text This is my hidden text. This is what is called steganography. Software : steghide Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Bitmessage Bitmessage , a protocol for sending / receiving messages and acentric fully encrypted, based on a mechanism simillaire bitcoin . Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Bitmessage Characteristics and comparison with an email solution + PGP Send a pair hand , no need to create a server, register a domain name, or enroll in a service. You can create as many addresses as you want. No need to trust a tier ( CA for example). Censorship-resistant . Person , including a government can not delete your address or messages. It is not possible to impersonate a sender (spoong). Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Bitmessage Bitmessage has a feature broadcast . The identity of the sender and receiver of messages is easier to hide an email with PGP + solution . Unlike PGP , the subject is encrypted by default . Should be easier to use, no need to keep the public keys of your correspondents . Opportunity to develop additional functionality based on the protocol. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty ZeroBin ZeroBin is a minimalist, opensource online pastebin/discussion board where the server has zero knowledge of hosted data. Data is encrypted/decrypted in the browser using 256 bits AES. You can test it online or install on your own server. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty ZeroBin Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty ZeroBin When pasting a text into ZeroBin : You paste your text in the browser and click the Send button. A random 256 bits key is generated in the browser. Data is compressed and encrypted with AES using specialized javascript libraries. Encrypted data is sent to server and stored. The browser displays the nal URL with the key. The key is never transmitted to the server, which therefore cannot decrypt data. Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty ZeroBin Naam, Genma Anonymity and encryption
Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty ZeroBin When opening a ZeroBin URL : The browser requests encrypted data from the server The decryption key is in the anchor part of the URL which is never sent to server. Data is decrypted in the browser using the key and displayed. Naam, Genma Anonymity and encryption

Recomendados

2011-06-23 Privacy, Anonymity, and Intellectual Freedom in the Facebook Era
2011-06-23 Privacy, Anonymity, and Intellectual Freedom in the Facebook Era2011-06-23 Privacy, Anonymity, and Intellectual Freedom in the Facebook Era
2011-06-23 Privacy, Anonymity, and Intellectual Freedom in the Facebook EraFrederick Lane
 
Onion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and AnonymityOnion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and Anonymityanurag singh
 
Realtime communication security - SIP, XMPP and others
Realtime communication security - SIP, XMPP and othersRealtime communication security - SIP, XMPP and others
Realtime communication security - SIP, XMPP and othersOlle E Johansson
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterIT-oLogy
 
Encryption presentation final
Encryption presentation finalEncryption presentation final
Encryption presentation finaladrigee12
 
PBU-Intro_to_PGP
PBU-Intro_to_PGPPBU-Intro_to_PGP
PBU-Intro_to_PGPauremoser
 
Computer Security Seminar: Protect your internet account information
Computer Security Seminar: Protect your internet account informationComputer Security Seminar: Protect your internet account information
Computer Security Seminar: Protect your internet account informationChurch of the Epiphany
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 

Recomendados

2011-06-23 Privacy, Anonymity, and Intellectual Freedom in the Facebook Era
2011-06-23 Privacy, Anonymity, and Intellectual Freedom in the Facebook Era2011-06-23 Privacy, Anonymity, and Intellectual Freedom in the Facebook Era
2011-06-23 Privacy, Anonymity, and Intellectual Freedom in the Facebook EraFrederick Lane
 
Onion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and AnonymityOnion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and Anonymityanurag singh
 
Realtime communication security - SIP, XMPP and others
Realtime communication security - SIP, XMPP and othersRealtime communication security - SIP, XMPP and others
Realtime communication security - SIP, XMPP and othersOlle E Johansson
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterIT-oLogy
 
Encryption presentation final
Encryption presentation finalEncryption presentation final
Encryption presentation finaladrigee12
 
PBU-Intro_to_PGP
PBU-Intro_to_PGPPBU-Intro_to_PGP
PBU-Intro_to_PGPauremoser
 
Computer Security Seminar: Protect your internet account information
Computer Security Seminar: Protect your internet account informationComputer Security Seminar: Protect your internet account information
Computer Security Seminar: Protect your internet account informationChurch of the Epiphany
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 
Introduction PGP-GPG Subkey Management
Introduction PGP-GPG Subkey ManagementIntroduction PGP-GPG Subkey Management
Introduction PGP-GPG Subkey Managementn|u - The Open Security Community
 
Security.pptx
Security.pptxSecurity.pptx
Security.pptxjohn6938
 
Pyramid Technology
Pyramid TechnologyPyramid Technology
Pyramid TechnologyAdrian Elgie
 
Anonymizers
AnonymizersAnonymizers
AnonymizersGregory Hanis
 
Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)Paul Yang
 
Secure encryption in a wiretapped future
Secure encryption in a wiretapped futureSecure encryption in a wiretapped future
Secure encryption in a wiretapped futureMichael Renner
 
How to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBroHow to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBroJared Broker
 
Public Vs. Private Keys
Public Vs. Private KeysPublic Vs. Private Keys
Public Vs. Private Keys101 Blockchains
 
Personal safety gr5 unit ppt
Personal safety gr5 unit pptPersonal safety gr5 unit ppt
Personal safety gr5 unit pptapieper
 
Cryptography Tutorial
Cryptography TutorialCryptography Tutorial
Cryptography TutorialIntellipaat
 
How To Secure Online Activities
How To Secure Online ActivitiesHow To Secure Online Activities
How To Secure Online Activities- Mark - Fullbright
 
How encryption works
How encryption worksHow encryption works
How encryption workss1200019
 
The Veterans' Guide to Protecting Your Privacy and Staying Safe Online
The Veterans' Guide to Protecting Your Privacy and Staying Safe OnlineThe Veterans' Guide to Protecting Your Privacy and Staying Safe Online
The Veterans' Guide to Protecting Your Privacy and Staying Safe OnlineJinger Jarrett
 
What is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesWhat is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesCheapSSLsecurity
 
L1 Slides – Online Safety – KS4.pptx
L1 Slides – Online Safety – KS4.pptxL1 Slides – Online Safety – KS4.pptx
L1 Slides – Online Safety – KS4.pptxITRIS1
 
Cybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 SofiaCybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 SofiaSteve Poole
 
Lecture 1
Lecture 1Lecture 1
Lecture 1fadwa_stuka
 
hamad.pwrpoint.pdf
hamad.pwrpoint.pdfhamad.pwrpoint.pdf
hamad.pwrpoint.pdfhmooodes115
 
File security system
File security systemFile security system
File security systemÁŠHÍŸÂ ŹÂBÊÊÑ
 
enkripsi and authentication
enkripsi and authenticationenkripsi and authentication
enkripsi and authenticationahmad amiruddin
 
Conférence Nextcloud - le cloud de l’hygiène numérique
Conférence Nextcloud - le cloud de l’hygiène numériqueConférence Nextcloud - le cloud de l’hygiène numérique
Conférence Nextcloud - le cloud de l’hygiène numériqueJérôme aka "Genma" Kun
 
Pourquoi faut-il arrêter de parler de Powerpoint ?
Pourquoi faut-il arrêter de parler de Powerpoint ?Pourquoi faut-il arrêter de parler de Powerpoint ?
Pourquoi faut-il arrêter de parler de Powerpoint ?Jérôme aka "Genma" Kun
 

Más contenido relacionado

Similar a How to get back your privacy?

Security.pptx
Security.pptxSecurity.pptx
Security.pptxjohn6938
 
Pyramid Technology
Pyramid TechnologyPyramid Technology
Pyramid TechnologyAdrian Elgie
 
Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)Paul Yang
 
Secure encryption in a wiretapped future
Secure encryption in a wiretapped futureSecure encryption in a wiretapped future
Secure encryption in a wiretapped futureMichael Renner
 
How to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBroHow to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBroJared Broker
 
Personal safety gr5 unit ppt
Personal safety gr5 unit pptPersonal safety gr5 unit ppt
Personal safety gr5 unit pptapieper
 
Cryptography Tutorial
Cryptography TutorialCryptography Tutorial
Cryptography TutorialIntellipaat
 
How encryption works
How encryption worksHow encryption works
How encryption workss1200019
 
The Veterans' Guide to Protecting Your Privacy and Staying Safe Online
The Veterans' Guide to Protecting Your Privacy and Staying Safe OnlineThe Veterans' Guide to Protecting Your Privacy and Staying Safe Online
The Veterans' Guide to Protecting Your Privacy and Staying Safe OnlineJinger Jarrett
 
What is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesWhat is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesCheapSSLsecurity
 
L1 Slides – Online Safety – KS4.pptx
L1 Slides – Online Safety – KS4.pptxL1 Slides – Online Safety – KS4.pptx
L1 Slides – Online Safety – KS4.pptxITRIS1
 
Cybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 SofiaCybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 SofiaSteve Poole
 
hamad.pwrpoint.pdf
hamad.pwrpoint.pdfhamad.pwrpoint.pdf
hamad.pwrpoint.pdfhmooodes115
 
enkripsi and authentication
enkripsi and authenticationenkripsi and authentication
enkripsi and authenticationahmad amiruddin
 

Similar a How to get back your privacy? (20)

Introduction PGP-GPG Subkey Management
Introduction PGP-GPG Subkey ManagementIntroduction PGP-GPG Subkey Management
Introduction PGP-GPG Subkey Management
 
Security.pptx
Security.pptxSecurity.pptx
Security.pptx
 
Pyramid Technology
Pyramid TechnologyPyramid Technology
Pyramid Technology
 
Anonymizers
AnonymizersAnonymizers
Anonymizers
 
Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)Security everywhere digital signature and digital fingerprint v1 (personal)
Security everywhere digital signature and digital fingerprint v1 (personal)
 
Secure encryption in a wiretapped future
Secure encryption in a wiretapped futureSecure encryption in a wiretapped future
Secure encryption in a wiretapped future
 
How to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBroHow to Avoid Crypto Scams - Crypto JBro
How to Avoid Crypto Scams - Crypto JBro
 
Public Vs. Private Keys
Public Vs. Private KeysPublic Vs. Private Keys
Public Vs. Private Keys
 
Personal safety gr5 unit ppt
Personal safety gr5 unit pptPersonal safety gr5 unit ppt
Personal safety gr5 unit ppt
 
Cryptography Tutorial
Cryptography TutorialCryptography Tutorial
Cryptography Tutorial
 
How To Secure Online Activities
How To Secure Online ActivitiesHow To Secure Online Activities
How To Secure Online Activities
 
How encryption works
How encryption worksHow encryption works
How encryption works
 
The Veterans' Guide to Protecting Your Privacy and Staying Safe Online
The Veterans' Guide to Protecting Your Privacy and Staying Safe OnlineThe Veterans' Guide to Protecting Your Privacy and Staying Safe Online
The Veterans' Guide to Protecting Your Privacy and Staying Safe Online
 
What is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesWhat is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple Examples
 
L1 Slides – Online Safety – KS4.pptx
L1 Slides – Online Safety – KS4.pptxL1 Slides – Online Safety – KS4.pptx
L1 Slides – Online Safety – KS4.pptx
 
Cybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 SofiaCybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 Sofia
 
Lecture 1
Lecture 1Lecture 1
Lecture 1
 
hamad.pwrpoint.pdf
hamad.pwrpoint.pdfhamad.pwrpoint.pdf
hamad.pwrpoint.pdf
 
File security system
File security systemFile security system
File security system
 
enkripsi and authentication
enkripsi and authenticationenkripsi and authentication
enkripsi and authentication
 

Más de Jérôme aka "Genma" Kun

Conférence Nextcloud - le cloud de l’hygiène numérique
Conférence Nextcloud - le cloud de l’hygiène numériqueConférence Nextcloud - le cloud de l’hygiène numérique
Conférence Nextcloud - le cloud de l’hygiène numériqueJérôme aka "Genma" Kun
 
Pourquoi faut-il arrêter de parler de Powerpoint ?
Pourquoi faut-il arrêter de parler de Powerpoint ?Pourquoi faut-il arrêter de parler de Powerpoint ?
Pourquoi faut-il arrêter de parler de Powerpoint ?Jérôme aka "Genma" Kun
 
En 2021, comment je fais de la veille opensource
En 2021, comment je fais de la veille opensource En 2021, comment je fais de la veille opensource
En 2021, comment je fais de la veille opensource Jérôme aka "Genma" Kun
 
Why is the Opensource Center by Atos developping a business model around Next...
Why is the Opensource Center by Atos developping a business model around Next...Why is the Opensource Center by Atos developping a business model around Next...
Why is the Opensource Center by Atos developping a business model around Next...Jérôme aka "Genma" Kun
 
Ubuntu 2016 - De Framasoft à Yunohost, réapproprions nous le cloud
Ubuntu 2016 - De Framasoft à Yunohost, réapproprions nous le cloudUbuntu 2016 - De Framasoft à Yunohost, réapproprions nous le cloud
Ubuntu 2016 - De Framasoft à Yunohost, réapproprions nous le cloudJérôme aka "Genma" Kun
 
Guide d’Hygiène numérique version 2016
Guide d’Hygiène numérique version 2016Guide d’Hygiène numérique version 2016
Guide d’Hygiène numérique version 2016Jérôme aka "Genma" Kun
 
Rattrapage Geek spécial Manga par l’association The Geek Side.
Rattrapage Geek spécial Manga par l’association The Geek Side.Rattrapage Geek spécial Manga par l’association The Geek Side.
Rattrapage Geek spécial Manga par l’association The Geek Side.Jérôme aka "Genma" Kun
 
Reprenez le contrôle de votre vie privée
Reprenez le contrôle de votre vie privéeReprenez le contrôle de votre vie privée
Reprenez le contrôle de votre vie privéeJérôme aka "Genma" Kun
 
Ubuntu Party Mai 2015 - FirefoxOS, l'OS pour Smarpthone de Mozilla
Ubuntu Party Mai 2015 - FirefoxOS, l'OS pour Smarpthone de MozillaUbuntu Party Mai 2015 - FirefoxOS, l'OS pour Smarpthone de Mozilla
Ubuntu Party Mai 2015 - FirefoxOS, l'OS pour Smarpthone de MozillaJérôme aka "Genma" Kun
 
Ubuntu Party Mai 2015 - Framasoft et la degogoolisation
Ubuntu Party Mai 2015 - Framasoft et la degogoolisationUbuntu Party Mai 2015 - Framasoft et la degogoolisation
Ubuntu Party Mai 2015 - Framasoft et la degogoolisationJérôme aka "Genma" Kun
 
Rattrapage Geek - Avoir une vie privée sur Internet
Rattrapage Geek - Avoir une vie privée sur InternetRattrapage Geek - Avoir une vie privée sur Internet
Rattrapage Geek - Avoir une vie privée sur InternetJérôme aka "Genma" Kun
 

Más de Jérôme aka "Genma" Kun (20)

Conférence Nextcloud - le cloud de l’hygiène numérique
Conférence Nextcloud - le cloud de l’hygiène numériqueConférence Nextcloud - le cloud de l’hygiène numérique
Conférence Nextcloud - le cloud de l’hygiène numérique
 
Pourquoi faut-il arrêter de parler de Powerpoint ?
Pourquoi faut-il arrêter de parler de Powerpoint ?Pourquoi faut-il arrêter de parler de Powerpoint ?
Pourquoi faut-il arrêter de parler de Powerpoint ?
 
En 2021, comment je fais de la veille opensource
En 2021, comment je fais de la veille opensource En 2021, comment je fais de la veille opensource
En 2021, comment je fais de la veille opensource
 
Why is the Opensource Center by Atos developping a business model around Next...
Why is the Opensource Center by Atos developping a business model around Next...Why is the Opensource Center by Atos developping a business model around Next...
Why is the Opensource Center by Atos developping a business model around Next...
 
UDS - Suivez Linagora sur Twitter
UDS - Suivez Linagora sur TwitterUDS - Suivez Linagora sur Twitter
UDS - Suivez Linagora sur Twitter
 
Ubuntu 2016 - De Framasoft à Yunohost, réapproprions nous le cloud
Ubuntu 2016 - De Framasoft à Yunohost, réapproprions nous le cloudUbuntu 2016 - De Framasoft à Yunohost, réapproprions nous le cloud
Ubuntu 2016 - De Framasoft à Yunohost, réapproprions nous le cloud
 
Degooglisons internet numok
Degooglisons internet numokDegooglisons internet numok
Degooglisons internet numok
 
Guide d’Hygiène numérique version 2016
Guide d’Hygiène numérique version 2016Guide d’Hygiène numérique version 2016
Guide d’Hygiène numérique version 2016
 
Rattrapage Geek spécial Manga par l’association The Geek Side.
Rattrapage Geek spécial Manga par l’association The Geek Side.Rattrapage Geek spécial Manga par l’association The Geek Side.
Rattrapage Geek spécial Manga par l’association The Geek Side.
 
Lyon - Expériences Numériques 2016
Lyon - Expériences Numériques 2016Lyon - Expériences Numériques 2016
Lyon - Expériences Numériques 2016
 
Lyon Expériences Numériques # 16
Lyon Expériences Numériques # 16Lyon Expériences Numériques # 16
Lyon Expériences Numériques # 16
 
Windows10 et la vie privée
Windows10 et la vie privéeWindows10 et la vie privée
Windows10 et la vie privée
 
Numok - L'identité numérique
Numok - L'identité numériqueNumok - L'identité numérique
Numok - L'identité numérique
 
Numok - Le logiciel libre
Numok - Le logiciel libreNumok - Le logiciel libre
Numok - Le logiciel libre
 
Numok Lles réseaux sociaux
Numok Lles réseaux sociauxNumok Lles réseaux sociaux
Numok Lles réseaux sociaux
 
Reprenez le contrôle de votre vie privée
Reprenez le contrôle de votre vie privéeReprenez le contrôle de votre vie privée
Reprenez le contrôle de votre vie privée
 
Ubuntu Party - Tor et le TorBrowser
Ubuntu Party - Tor et le TorBrowserUbuntu Party - Tor et le TorBrowser
Ubuntu Party - Tor et le TorBrowser
 
Ubuntu Party Mai 2015 - FirefoxOS, l'OS pour Smarpthone de Mozilla
Ubuntu Party Mai 2015 - FirefoxOS, l'OS pour Smarpthone de MozillaUbuntu Party Mai 2015 - FirefoxOS, l'OS pour Smarpthone de Mozilla
Ubuntu Party Mai 2015 - FirefoxOS, l'OS pour Smarpthone de Mozilla
 
Ubuntu Party Mai 2015 - Framasoft et la degogoolisation
Ubuntu Party Mai 2015 - Framasoft et la degogoolisationUbuntu Party Mai 2015 - Framasoft et la degogoolisation
Ubuntu Party Mai 2015 - Framasoft et la degogoolisation
 
Rattrapage Geek - Avoir une vie privée sur Internet
Rattrapage Geek - Avoir une vie privée sur InternetRattrapage Geek - Avoir une vie privée sur Internet
Rattrapage Geek - Avoir une vie privée sur Internet
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 

Último (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

How to get back your privacy?

  • 1. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion How to get back your privacy? Naam, Genma EPITA / Gconfs naam@riseup.net genma@riseup.net 01/17/14 Naam, Genma Anonymity and encryption
  • 2. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Overview 1 2 3 4 Intro Why we do this talk ? The digital identity HOW TO : Encryption WTF is encryption ? What can I encrypt ? How ? HOW TO : Anonymity Why does it matter ? There is always a tool that ts your need Conclusion We're not in a XOXO world Cryptoparty Naam, Genma Anonymity and encryption
  • 3. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Sensitive data Denition a set of values of qualitative or quantitative variables individual pieces of information Some of them are (important|critical)s, don't play with Mallory. Naam, Genma Anonymity and encryption
  • 4. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity The right to stay anonymous The Convention for the Protection of Human Rights and Fundamental Freedoms states that : Article 8 - Right to respect for private and family life Everyone has the right to respect for his private and family life (...). There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others Naam, Genma . Anonymity and encryption
  • 5. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Current situation Naam, Genma Anonymity and encryption
  • 6. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity You will also see Tons of softwares, distributions, techniques to defeat too inquisitive people and censorship. What's a Cryptoparty and what you could learn from it. Naam, Genma Anonymity and encryption
  • 7. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity About me Where can you nd me on Internet ? Blog (in French) : http ://genma.free.fr Twitter : http ://twitter.com/genma My Hobbies ? Many things Crypto Privacy Naam, Genma Anonymity and encryption
  • 8. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Digital identity, what is it ? Denition Digital identity is all the public data you can nd about someone using Internet research. It's the famous e-reputation. Naam, Genma Anonymity and encryption
  • 9. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity What do you think of me ? Google you name The results shown are they exactly what you want ? Naam, Genma Anonymity and encryption
  • 10. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Saying Words y, writings remain This adage is especially true with the Internet. It must be assumed that what is said will always be accessible, even years later. Everything on the Internet is public or will be (even if it is private, Terms of Use may change). it is therefore not an abuse of freedom of expression and it remains respectful of laws Naam, Genma Anonymity and encryption
  • 11. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Pseudonymity Dention Contraction of anonymity and pseudonym words, the term pseudonymity reects quite well the contradictory of being a public gure and to remain anonymous ... Have a pseudonym does not mean to say and do anything. This is the image that I return, this is my credibility (past, present and future). A pseudonym is also a public identity, which is associated with dierent account : my blog, my Twitter, my Facebook account. The digital identity are all these public data associated with this identity. Naam, Genma Anonymity and encryption
  • 12. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Samples Twitter Linkedin Naam, Genma Anonymity and encryption
  • 13. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Pseudonymity is disapearing... Facebook Facebook doesn't allow the creation of an account with a pseudonym, if you really want there is some easy steps to follow. The goal is to force people to express themselves using their real names, Naam, Genma Anonymity and encryption
  • 14. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Pseudonymity is seen as a problem The problem is that the anonymity is taken as an excuse to condemn the use of the Internet as a tool for freedom of expression. If people are monitored, they do not say what they think, they do not criticize the politicians. With the Internet, the citizen is gradually taking power on politicians. Naam, Genma Anonymity and encryption
  • 15. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Conclusion Pseudonymity is a necessity Manage your digital identity. Pseudonymity is the rst step to take back you privacy. Naam, Genma Anonymity and encryption
  • 16. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why we do this talk ? The digital identity Something unclear ? Feel free to ask for questions now. Naam, Genma Anonymity and encryption
  • 17. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Denition - cryptage, encrypt, encryption ? Encryption Encryption is to encrypt a document / le using an encryption key. The reverse operation is decryption. Cryptage Term cryptage is derived from the English encryption and does not exist in French. Decryption is the fact of breaking the encryption when the private key is unknown. Cryptography Science is called Cryptography. Naam, Genma Anonymity and encryption
  • 18. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption, how does it work ? Symetric Encryption This involves encrypting a message with the same key that will be used for decryption process. Sample : Caesar code, with an oset letter. A-C, B-D etc. Nous venons en paix - Pqwu xgpqpu gp rckz The reverse process is applied to get the message. What is an encryption key ? A key is called so because it opens / closes the padlock that is the used encryption algorithm. Here, the algorithm is the oset. The key is the number of oset of letter (here two letters). Naam, Genma Anonymity and encryption
  • 19. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Asymetric Encryption 1/2 Public key - Private key Asymetric Encryption is based on the pair public key - private key. ⇒ What you need to know : My private key is... private and my own. My public key is shared with everyone. The encryption algorithm The encryption algorithm is more complexe than the fact of shifting letters ; it is based on mathematical concepts (rst number ...) Naam, Genma Anonymity and encryption
  • 20. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Asymetric Encryption 2/2 Encryption With the public key of my correspondent, I encrypt a le. ⇒ The le can only be decrypted by the person who possesses the private key corresponding to the public key that I used (and therefore my correspondent). Decryption With its private key, my correspondent decrypts the le. ⇒ He can then read the message. Concret case Mail Encryption with PGP. Naam, Genma Anonymity and encryption
  • 21. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Bob send a message to Alice Naam, Genma Anonymity and encryption
  • 22. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Why encryption ? Naam, Genma Anonymity and encryption
  • 23. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encrypt - The arguments against Nobody does... FALSE. Without knowing it, you do it every day. Sample 1 : padlock when connecting (https) Sample 2 : Wi key. Nothing to hide... FALSE. Who would accept the postman reading his medical post ? Encryption, it's for the pedo-nazi... FALSE. For journalists / bloggers dissidents who are denouncing dictatorships... Naam, Genma Anonymity and encryption
  • 24. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encrypt - The arguments for Encryption, it's not so complicated It is not more complicated than using a software. You just have to understand the principle. Protection and security My personnal data are safe Cf. PRISM, NSA... Privacy Only the person for who the message is, is able to read it. Naam, Genma Anonymity and encryption
  • 25. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Edward Snowden Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Naam, Genma Anonymity and encryption
  • 26. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption limit Which is encrypted can be decrypted today tomorrow Tomorrow's computers will allow to decrypt the encrypted data today. It the private key is lost We no longer have access to data. Metadata, social graph PGP does not protect against the analysis of metadata (servers transit, addresses, headers, subject). Do not forget to clean the meta-data les (EXIF tag photos, oce documents with tracked changes). DNS... Case of tracking Internet ... Naam, Genma Anonymity and encryption
  • 27. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Law and encryption In France, the law therefore considers that the use of cryptology is free (LCEN Article 30-1) and there is therefore now no limit to the size of the encryption key that can be used . In case of search, the refusal of submission of the encryption key may result in 3 years imprisonment and 45000e. This penalty is increased if Encryption was used to commit a crime. It is therefore recommended to give the decryption key, except in the case where the decrypted data would result in a judicial proceeding in which the nal sentence would be greater than the interference with the judicial investigation. Naam, Genma Anonymity and encryption
  • 28. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption Locally - your data Hard disk USB Key Smartphone Network - Communications Https : HTTPSEveryWhere for Firefox E-mails : GPG with Enigmail for Thunderbird Connexion : VPN, SSH, TOR... ⇒ Each use, there is an encryption solution. Naam, Genma Anonymity and encryption
  • 29. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Emails - PGP, GPG ? PGP Pretty Good Privacy - PGP is an encryption software created by the American Phil Zimmermann in 1991. OpenPGP This standard describes the format of messages, signatures or certicates that can send software such as GNU Privacy Guard. It is therefore not a software but a format for the secure exchange of data, which owes its name to the historic program Pretty Good Privacy (PGP). GnuPG GnuPG (GNU Privacy Guard) is the free software. Naam, Genma Anonymity and encryption
  • 30. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Harddisk encryption Software integrated in operating systems Windows 7/8 : Bitlocker (Backdoor) MacOS : FileVault GNU/Linux : Encfs... Can you trust closed source software ? Independently of the operating system ⇒ TrueCrypt. For a USB key/an external hard drive. Naam, Genma Anonymity and encryption
  • 31. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? TrueCrypt audit Naam, Genma Anonymity and encryption
  • 32. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption and privacy Encryption meets the need for privacy and allows data protection. Naam, Genma Anonymity and encryption
  • 33. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption for connexions : SSL/TLS Session layer based, aect application layer (TFP, HTTP, SMTP, IMAP, POP , DNS, RTMP ...) Prefer using TLS over SSL when you have choice. Asymetrical encryption, forward secrecy (Die-Hellman). Only use up to date browser in order to have the correct ngerprint caught on your computer and avoid MITM attack. If your browser does not have a certicate pinning system install certicate patrol (assuming your rst connection is safe) or HTTPS everywhere with the SSL observatory ON. Naam, Genma Anonymity and encryption
  • 34. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Die-Hellman key exchange With color two people that never met agrees on the same keys heavy use of one-way function Select a public color, then each part select a private secret one. each part mix private/public key and send it to the other. Each part mix the mixture of the other with their own private color and arrive to the same nal private color. Naam, Genma Anonymity and encryption
  • 35. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Die-Hellman key exchange With maths : (modular|clock) arithmetic work on prime modulus and generator of that modulus. 3 mod 17 = X with 0 = X = 17 hard to reverse when len(prime modulus) increase. so each part agrees on a prime modulus (p) and a generator (g). Then calculate g mod (p ) = Mix and send it publicly. each part compute now n secret Mix secret ( ) = Key mod p Naam, Genma Anonymity and encryption
  • 36. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption for chat sessions : OTR OTR : O-the-Record Messaging Die-Hellman key exchange o-the-record conversation repudiable authentication by using message authentication codes. (authentication ON | digital signature OFF) Bob cannot prove that Alice generated the MAC. Install Pidgin (cross-plateform) with plugin (available from the OTR homepage) and start playing. Naam, Genma Anonymity and encryption
  • 37. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption for disk Many possibilities, but full disk encryption is advised in case you really care about privacy. For this purpose you have a plethora of choice. Stacked lesystem encryption (eCryptfs, EncFs, disk utility ...) Disk encryption (dm-crypt, GELI, FileVault, DiskCryptor, trueCrypt ...) Case study : Plain dm-crypt full disk encryption bootloader and key on external device (can also be done with Diskcryptor) Naam, Genma Anonymity and encryption
  • 38. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption for smartphone Android Chatsecure (Facebook chat, GTalk, Jabber) [OTR Messaging] Textsecure (SMS) LUKS Manager (ROOT requiered) iOS Chatsecure (Facebook chat, GTalk, Jabber) [OTR Messaging] FDE available by default, bypass techniques available, proprietary built system... (More details : iPhone Forensic, O'Reilly) Naam, Genma Anonymity and encryption
  • 39. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Example : chatsecure with facebook Naam, Genma Anonymity and encryption
  • 40. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Example : chatsecure with facebook Win. Facebook cannot read your messages. But you can't read it anymore after your current session. Naam, Genma Anonymity and encryption
  • 41. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Encryption for les Mails : Use GPG create your keys share your public key enter the matrix Web Of Trust (WOT) encrypt/sign your message and send it. receive mails too. Files Basically you can do the same with 'regular le'... Make sure not to store keys near encrypted les, prefer symetrical encryption if les will not be shared. Naam, Genma Anonymity and encryption
  • 42. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Choosing a password : Diceware method The diceware method allow you to construct very strong password with the following advantages : Very easy to remember strong passphrase with high entropy ( 20char +) truly random ; password is totally detached from user habits/knowledge etc. Test your password strength in bits Entropy calculated by : H = =1 L ∗ n tn LogN k Log 2 Do NOT test your password strength online. Take a calculator and calcul the entropy yourself. Naam, Genma Anonymity and encryption
  • 43. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Diceware, overall strength Naam, Genma Anonymity and encryption
  • 44. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Diceware, how does it work You only need a true random source and an ocial mapped dictionary. Draw 1 : 5 1 5 5 5 ... Draw 2 : 5 4 5 6 6 14245 bit Draw 3 : 6 5 6 4 6 14246 bitch Draw 4 : 5 4 3 1 2 14247 bite Draw 5 : 2 2 3 5 4 ... Results in French : phase ribose vv rebut clebs in English : rest sober 80 skye data Naam, Genma Anonymity and encryption
  • 45. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion WTF is encryption ? What can I encrypt ? How ? Something unclear ? Feel free to ask for questions now. Naam, Genma Anonymity and encryption
  • 46. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Anonymity Naam, Genma Anonymity and encryption
  • 47. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Anonymity, why does it matter ? In real life, anonymity is necessary for democraty (voting paper). On line, anonymity is necessary for freedom of expression. Naam, Genma Anonymity and encryption
  • 48. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need TOR the Onion router Naam, Genma Anonymity and encryption
  • 49. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Onion routing principles Naam, Genma Anonymity and encryption
  • 50. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need TOR : The Onion Router It's an open-source implementation of the principles we just saw supported by The Tor Project. Naam, Genma Anonymity and encryption
  • 51. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need TOR : The Onion Router Pros Hiding you identity and location, prevents from eyesdropping. Hiding you browsing habits and act like a debrider on the informations that you're authorized to see. encrypting your (incom|outgo)ing trac between nodes. Cons Slower connexion, forget about downloading big les, torrents (deanonymize eect) etc... Still vulnerable to some kind of analysis (timing deduction or infection between applications). entry/exit nodes are vulnerables, no magic here. (Partial solution if you setup an exit enclaving node) Naam, Genma Anonymity and encryption
  • 52. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need If you use it, do it smartly Don't use standalone TOR or Vidalia bundlle Prefer the use of the TBB (Tor Browser Bundle) or even better : tails (live Debian), in hostile environment (public places etc) Try Tor browser launcher for your distribution, that keep TBB updated. Grab-it from here : https ://github.com/micahee/torbrowser-launcher Naam, Genma Anonymity and encryption
  • 53. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need If it's free, then you're the product Naam, Genma Anonymity and encryption
  • 54. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need What is the tracking ? Tracking over the Internet websites, announcers use it to learn your browsing habits. they save what websites are you're visiting, what do you like or dislike and what you buy. Data are processed in order to display the best ads that t your preferences. Naam, Genma Anonymity and encryption
  • 55. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need What's the magic ? Ads and widget are spying you The Like button : Allows FaceBook to know what you visit, even if you don't click on it, even if you are properly disconnected from Facebook. Same for the +1 by Google, and Google Analytics script. In fact every ad and many widget do it. Naam, Genma Anonymity and encryption
  • 56. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Want to test ? Try LightBeam (ex Collusion) with Firefox That add-on allow you to see in real time which websites are tracking you and the inter-connexion between the actual website and others. Kind of weird sometime. Naam, Genma Anonymity and encryption
  • 57. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Firefox Firefox addons Naam, Genma Anonymity and encryption
  • 58. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Firefox scripts : Ghostery Block all trackers. Naam, Genma Anonymity and encryption
  • 59. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Firefox scripts : Self destructing cookie Automatic cookie deletion techniques. Prevent tracking and spying. Possibility to setup a whitelist if you really want to keep some cookies for some domains even if you're not currently using it. Naam, Genma Anonymity and encryption
  • 60. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Firefox scripts : HTTPSEverywhere Made by the electronic frontier fondation (EFF), it forces the HTTPS when available on the website. If you have one, consider registering it for your visitors (see https ://www.e.org/httpseverywhere/rulesets). Also, activate the SSL Observatory : it prevents from MITM attacks and more generally against corrupted certicates. Naam, Genma Anonymity and encryption
  • 61. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Firefox scripts : Certicate Patrol Does approximately the same thing than the SSLObservatory. Less transparent in everyday use. Naam, Genma Anonymity and encryption
  • 62. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Search engines Problems with search engines Naam, Genma Anonymity and encryption
  • 63. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Search engines Duckduckgo (ddg.gg) personalizable interface for your needs. Ixquick/startpage (ixquick.com/startpage.com) more than one search engine begind, automatic proxy if you want to. binsearch (binsearch.info) search for binaries (newsgroups etc) that google is hiding from you. Naam, Genma Anonymity and encryption
  • 64. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Metadatas are evil Metadatas are evil Naam, Genma Anonymity and encryption
  • 65. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Metadatas are evil Naam, Genma Anonymity and encryption
  • 66. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Metadatas are evil Naam, Genma Anonymity and encryption
  • 67. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Metadatas are evil Denition (http ://dictionary.reference.com/browse/meta-data) Data about data. information that is held as a description of stored data. Examples EXIF tags on photography (Date, cameras info, GPS coordinates...) data stored on documents like .doc(x) ... Naam, Genma Anonymity and encryption
  • 68. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Metadatas are evil Naam, Genma Anonymity and encryption
  • 69. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Solution ? YES, partialy There is a good tool to erase metadatas from a large spectrum of letypes. It's called MAT (mat.boum.org). Reside in Tails, standalone package (Debian), Git repos. it has a GUI, no worry (can also be used in command line, don't worry too). Files support : Images : .png, JPEG (.jpg, .jpeg, . . . ) Documents : .odt, .odx, .ods, . . . , .docx, .pptx, .xlsx, . . . , .pdf Tape ARchives (.tar, .tar.bz2, . . . ) Media : .mp3, .mp2, .mp1, . . . , .ogg, . . . , .ac Torrent (.torrent) Naam, Genma Anonymity and encryption
  • 70. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion Why does it matter ? There is always a tool that ts your need Something unclear ? Feel free to ask for questions now. Naam, Genma Anonymity and encryption
  • 71. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Conclusion Conclusion Naam, Genma Anonymity and encryption
  • 72. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Crypto-anarchy Everyone does encryption and what is really important is encrypted and embedded in it. It creates noise which prevents mass surveillance (PRISM ...) Careful ! At the current time, encryption is not widespread, anyone who encrypts their e-mails can be considered as suspicious. Naam, Genma Anonymity and encryption
  • 73. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Relativity of anonymity today Analysis on language elements We can identify someone by studying the typography, style, vocabulary, culture, ideas .. the frequency of words used, the turn of phrase, the kind ... Theses techniques are used to determine who hides behind... Anonymous Care of Logs Schedules connections times and estimated time zone also provide information ... Naam, Genma Anonymity and encryption
  • 74. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Relativity theory Snowden's leak are recent, documents leaked are pretty old. We have very strong tool but we do not know what they have. State of the art techniques to defeat those technologies (processor noise etc...). Naam, Genma Anonymity and encryption
  • 75. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Want to help ? With money : You can make donation to those open-source projects. With action : Use their services, give feedback, there is always something to do. By spreading words, teach others how to use it. Naam, Genma Anonymity and encryption
  • 76. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Cryptoparty Interested parties with computers, devices, and the desire to learn to use the most basic crypto programs and privacy tools and the fundamental concepts of their operation ! CryptoParties are free to attend, public, and are commercially and politically non-aligned. What you'll do Use crypto-tool, ask for questions, teach to others want you already know. What you'll not do Maths, learn deep crypto-concepts, ... Unless you want it. Naam, Genma Anonymity and encryption
  • 77. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Something unclear ? Feel free to ask for questions now. Naam, Genma Anonymity and encryption
  • 78. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Rendez vous at the Cryptoparty Naam, Genma Anonymity and encryption
  • 79. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Annexes Naam, Genma Anonymity and encryption
  • 80. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty An Exchange of mails really secure The problem with encrypted email ? We still know who talks to whom. Solution Exchange mail between two known / trusted servers who are dialoguing in https SSL / TLS between them. Encrypt messages via PGP Naam, Genma Anonymity and encryption
  • 81. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Steganography - Steghide Can you see a dierence between these two pictures ? vs The second image contains the text This is my hidden text. This is what is called steganography. Software : steghide Naam, Genma Anonymity and encryption
  • 82. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Bitmessage Bitmessage , a protocol for sending / receiving messages and acentric fully encrypted, based on a mechanism simillaire bitcoin . Naam, Genma Anonymity and encryption
  • 83. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Bitmessage Characteristics and comparison with an email solution + PGP Send a pair hand , no need to create a server, register a domain name, or enroll in a service. You can create as many addresses as you want. No need to trust a tier ( CA for example). Censorship-resistant . Person , including a government can not delete your address or messages. It is not possible to impersonate a sender (spoong). Naam, Genma Anonymity and encryption
  • 84. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty Bitmessage Bitmessage has a feature broadcast . The identity of the sender and receiver of messages is easier to hide an email with PGP + solution . Unlike PGP , the subject is encrypted by default . Should be easier to use, no need to keep the public keys of your correspondents . Opportunity to develop additional functionality based on the protocol. Naam, Genma Anonymity and encryption
  • 85. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty ZeroBin ZeroBin is a minimalist, opensource online pastebin/discussion board where the server has zero knowledge of hosted data. Data is encrypted/decrypted in the browser using 256 bits AES. You can test it online or install on your own server. Naam, Genma Anonymity and encryption
  • 86. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty ZeroBin Naam, Genma Anonymity and encryption
  • 87. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty ZeroBin When pasting a text into ZeroBin : You paste your text in the browser and click the Send button. A random 256 bits key is generated in the browser. Data is compressed and encrypted with AES using specialized javascript libraries. Encrypted data is sent to server and stored. The browser displays the nal URL with the key. The key is never transmitted to the server, which therefore cannot decrypt data. Naam, Genma Anonymity and encryption
  • 88. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty ZeroBin Naam, Genma Anonymity and encryption
  • 89. Intro HOW TO : Encryption HOW TO : Anonymity Conclusion We're not in a XOXO world Cryptoparty ZeroBin When opening a ZeroBin URL : The browser requests encrypted data from the server The decryption key is in the anchor part of the URL which is never sent to server. Data is decrypted in the browser using the key and displayed. Naam, Genma Anonymity and encryption