- Why we do this talk ?
- The digital identity
- HOW TO : Encryption
- WTF is encryption ?
- What can I encrypt ? How?
- HOW TO : Anonymity
- Why does it matter ?
1. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
How to get back your privacy?
Naam, Genma
EPITA / Gconfs
naam@riseup.net
genma@riseup.net
01/17/14
Naam, Genma
Anonymity and encryption
2. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Overview
1
2
3
4
Intro
Why we do this talk ?
The digital identity
HOW TO : Encryption
WTF is encryption ?
What can I encrypt ? How ?
HOW TO : Anonymity
Why does it matter ?
There is always a tool that ts your need
Conclusion
We're not in a XOXO world
Cryptoparty
Naam, Genma
Anonymity and encryption
3. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why we do this talk ?
The digital identity
Sensitive data
Denition
a set of values of qualitative or quantitative variables
individual pieces of information
Some of them are (important|critical)s, don't play with Mallory.
Naam, Genma
Anonymity and encryption
4. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why we do this talk ?
The digital identity
The right to stay anonymous
The Convention for the Protection of Human Rights and Fundamental Freedoms states that :
Article 8 - Right to respect for private and family life
Everyone has the right to respect for his private and family life
(...).
There shall be no interference by a public authority with the
exercise of this right except such as is in accordance with the
law and is necessary in a democratic society in the interests of
national security, public safety or the economic well-being of
the country, for the prevention of disorder or crime, for the
protection of health or morals, or for the protection of the
rights and freedoms of others
Naam, Genma
.
Anonymity and encryption
5. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why we do this talk ?
The digital identity
Current situation
Naam, Genma
Anonymity and encryption
6. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why we do this talk ?
The digital identity
You will also see
Tons of softwares, distributions, techniques to defeat too
inquisitive people and censorship.
What's a Cryptoparty and what you could learn from it.
Naam, Genma
Anonymity and encryption
7. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why we do this talk ?
The digital identity
About me
Where can you nd me on
Internet ?
Blog (in French) :
http ://genma.free.fr
Twitter :
http ://twitter.com/genma
My Hobbies ? Many things
Crypto
Privacy
Naam, Genma
Anonymity and encryption
8. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why we do this talk ?
The digital identity
Digital identity, what is it ?
Denition
Digital identity is all the public data you can nd about someone
using Internet research.
It's the famous e-reputation.
Naam, Genma
Anonymity and encryption
9. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why we do this talk ?
The digital identity
What do you think of me ?
Google you name
The results shown are they exactly what you want ?
Naam, Genma
Anonymity and encryption
10. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why we do this talk ?
The digital identity
Saying
Words y, writings remain
This adage is especially true with the Internet.
It must be assumed that what is said will always be accessible,
even years later.
Everything on the Internet is public or will be (even if it is
private, Terms of Use may change).
it is therefore not an abuse of freedom of expression and it
remains respectful of laws
Naam, Genma
Anonymity and encryption
11. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why we do this talk ?
The digital identity
Pseudonymity
Dention
Contraction of anonymity and pseudonym words, the term pseudonymity reects quite well the contradictory of being a public
gure and to remain anonymous ...
Have a pseudonym does not mean to say and do anything.
This is the image that I return, this is my credibility (past,
present and future).
A pseudonym is also a public identity, which is associated with
dierent account : my blog, my Twitter, my Facebook account.
The digital identity are all these public data associated with this
identity.
Naam, Genma
Anonymity and encryption
12. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why we do this talk ?
The digital identity
Samples
Twitter
Linkedin
Naam, Genma
Anonymity and encryption
13. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why we do this talk ?
The digital identity
Pseudonymity is disapearing...
Facebook
Facebook doesn't allow the creation of an account with a
pseudonym, if you really want there is some easy steps to
follow.
The goal is to force people to express themselves using their
real names,
Naam, Genma
Anonymity and encryption
14. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why we do this talk ?
The digital identity
Pseudonymity is seen as a problem
The problem is that the anonymity is taken as an excuse to condemn
the use of the Internet as a tool for freedom of expression.
If people are monitored, they do not say what they think, they do
not criticize the politicians.
With the Internet, the citizen is gradually taking power on politicians.
Naam, Genma
Anonymity and encryption
15. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why we do this talk ?
The digital identity
Conclusion
Pseudonymity is a necessity
Manage your digital identity.
Pseudonymity is the rst step to take back you privacy.
Naam, Genma
Anonymity and encryption
16. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why we do this talk ?
The digital identity
Something unclear ?
Feel free to ask for questions now.
Naam, Genma
Anonymity and encryption
17. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Denition - cryptage, encrypt, encryption ?
Encryption
Encryption is to encrypt a document / le using an encryption key.
The reverse operation is decryption.
Cryptage
Term cryptage is derived from the English encryption and does
not exist in French. Decryption is the fact of breaking the encryption
when the private key is unknown.
Cryptography
Science is called Cryptography.
Naam, Genma
Anonymity and encryption
18. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Encryption, how does it work ?
Symetric Encryption
This involves encrypting a message with the same key that will be
used for decryption process.
Sample : Caesar code, with an oset letter. A-C, B-D etc.
Nous venons en paix - Pqwu xgpqpu gp rckz
The reverse process is applied to get the message.
What is an encryption key ?
A key is called so because it opens / closes the padlock that is the
used encryption algorithm.
Here, the algorithm is the oset.
The key is the number of oset of letter (here two letters).
Naam, Genma
Anonymity and encryption
19. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Asymetric Encryption 1/2
Public key - Private key
Asymetric Encryption is based on the pair public key - private key.
⇒ What you need to know :
My private key is... private and my own.
My public key is shared with everyone.
The encryption algorithm
The encryption algorithm is more complexe than the fact of shifting
letters ; it is based on mathematical concepts (rst number ...)
Naam, Genma
Anonymity and encryption
20. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Asymetric Encryption 2/2
Encryption
With the public key of my correspondent, I encrypt a le.
⇒ The le can only be decrypted by the person who possesses the
private key corresponding to the public key that I used (and therefore
my correspondent).
Decryption
With its private key, my correspondent decrypts the le.
⇒ He can then read the message.
Concret case
Mail Encryption with PGP.
Naam, Genma
Anonymity and encryption
21. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Bob send a message to Alice
Naam, Genma
Anonymity and encryption
22. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Why encryption ?
Naam, Genma
Anonymity and encryption
23. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Encrypt - The arguments against
Nobody does...
FALSE. Without knowing it, you do it every day.
Sample 1 : padlock when connecting (https)
Sample 2 : Wi key.
Nothing to hide...
FALSE. Who would accept the postman reading his medical post ?
Encryption, it's for the pedo-nazi...
FALSE. For journalists / bloggers dissidents who are denouncing dictatorships...
Naam, Genma
Anonymity and encryption
24. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Encrypt - The arguments for
Encryption, it's not so complicated
It is not more complicated than using a software. You just have
to understand the principle.
Protection and security
My personnal data are safe Cf. PRISM, NSA...
Privacy
Only the person for who the message is, is able to read it.
Naam, Genma
Anonymity and encryption
25. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Edward Snowden
Encryption works. Properly implemented strong crypto systems are
one of the few things that you can rely on.
Naam, Genma
Anonymity and encryption
26. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Encryption limit
Which is encrypted can be decrypted today tomorrow
Tomorrow's computers will allow to decrypt the encrypted data today.
It the private key is lost
We no longer have access to data.
Metadata, social graph
PGP does not protect against the analysis of metadata (servers transit, addresses, headers, subject). Do not forget to clean
the meta-data les (EXIF tag photos, oce documents with tracked
changes). DNS... Case of tracking Internet ...
Naam, Genma
Anonymity and encryption
27. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Law and encryption
In France, the law therefore considers that the use of cryptology is
free (LCEN Article 30-1) and there is therefore now no limit to the
size of the encryption key that can be used .
In case of search, the refusal of submission of the encryption key may
result in 3 years imprisonment and 45000e.
This penalty is increased if Encryption was used to commit a crime.
It is therefore recommended to give the decryption key, except in the
case where the decrypted data would result in a judicial proceeding
in which the nal sentence would be greater than the interference
with the judicial investigation.
Naam, Genma
Anonymity and encryption
28. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Encryption
Locally - your data
Hard disk
USB Key
Smartphone
Network - Communications
Https : HTTPSEveryWhere for Firefox
E-mails : GPG with Enigmail for Thunderbird
Connexion : VPN, SSH, TOR...
⇒
Each use, there is an encryption solution.
Naam, Genma
Anonymity and encryption
29. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Emails - PGP, GPG ?
PGP
Pretty Good Privacy - PGP is an encryption software created by the
American Phil Zimmermann in 1991.
OpenPGP
This standard describes the format of messages, signatures or certicates that can send software such as GNU Privacy Guard. It is
therefore not a software but a format for the secure exchange of
data, which owes its name to the historic program Pretty Good Privacy (PGP).
GnuPG
GnuPG (GNU Privacy Guard) is the free software.
Naam, Genma
Anonymity and encryption
30. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Harddisk encryption
Software integrated in operating systems
Windows 7/8 : Bitlocker (Backdoor)
MacOS : FileVault
GNU/Linux : Encfs...
Can you trust closed source software ?
Independently of the operating system
⇒ TrueCrypt. For a USB key/an external hard drive.
Naam, Genma
Anonymity and encryption
31. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
TrueCrypt audit
Naam, Genma
Anonymity and encryption
32. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Encryption and privacy
Encryption meets the need for privacy
and allows data protection.
Naam, Genma
Anonymity and encryption
33. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Encryption for connexions : SSL/TLS
Session layer based, aect application layer (TFP, HTTP,
SMTP, IMAP, POP , DNS, RTMP ...)
Prefer using TLS over SSL when you have choice.
Asymetrical encryption, forward secrecy (Die-Hellman).
Only use up to date browser in order to have the correct ngerprint
caught on your computer and avoid MITM attack. If your browser
does not have a certicate pinning system install certicate patrol
(assuming your rst connection is safe) or HTTPS everywhere with
the SSL observatory ON.
Naam, Genma
Anonymity and encryption
34. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Die-Hellman key exchange
With color
two people that never met agrees
on the same keys
heavy use of one-way function
Select a public color, then each
part select a private secret one.
each part mix private/public key
and send it to the other.
Each part mix the mixture of the
other with their own private color
and arrive to the same nal private
color.
Naam, Genma
Anonymity and encryption
35. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Die-Hellman key exchange
With maths : (modular|clock) arithmetic
work on prime modulus and
generator of that modulus.
3 mod 17 = X with
0 = X = 17 hard to reverse
when len(prime modulus) increase.
so each part agrees on a prime
modulus (p) and a generator (g).
Then calculate
g
mod (p ) = Mix and send it
publicly.
each part compute now
n
secret
Mix
secret
( ) = Key
mod p
Naam, Genma
Anonymity and encryption
36. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Encryption for chat sessions : OTR
OTR : O-the-Record Messaging
Die-Hellman key exchange
o-the-record conversation
repudiable authentication by using message authentication
codes.
(authentication ON | digital signature OFF)
Bob cannot prove that Alice generated the MAC. Install Pidgin
(cross-plateform) with plugin (available from the OTR homepage)
and start playing.
Naam, Genma
Anonymity and encryption
37. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Encryption for disk
Many possibilities, but full disk encryption is advised in case you
really care about privacy. For this purpose you have a plethora of
choice.
Stacked lesystem encryption (eCryptfs, EncFs, disk utility ...)
Disk encryption (dm-crypt, GELI, FileVault, DiskCryptor,
trueCrypt ...)
Case study : Plain dm-crypt
full disk encryption
bootloader and key on external device
(can also be done with Diskcryptor)
Naam, Genma
Anonymity and encryption
38. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Encryption for smartphone
Android
Chatsecure (Facebook chat, GTalk, Jabber) [OTR Messaging]
Textsecure (SMS)
LUKS Manager (ROOT requiered)
iOS
Chatsecure (Facebook chat, GTalk, Jabber) [OTR Messaging]
FDE available by default, bypass techniques available,
proprietary built system...
(More details : iPhone Forensic, O'Reilly)
Naam, Genma
Anonymity and encryption
39. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Example : chatsecure with facebook
Naam, Genma
Anonymity and encryption
40. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Example : chatsecure with facebook
Win.
Facebook cannot read your
messages.
But you can't read it
anymore after your current
session.
Naam, Genma
Anonymity and encryption
41. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Encryption for les
Mails : Use GPG
create your keys
share your public key
enter the matrix Web Of Trust (WOT)
encrypt/sign your message and send it.
receive mails too.
Files
Basically you can do the same with 'regular le'... Make sure not to
store keys near encrypted les, prefer symetrical encryption if les
will not be shared.
Naam, Genma
Anonymity and encryption
42. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Choosing a password : Diceware method
The diceware method allow you to construct very strong password
with the following advantages :
Very easy to remember
strong passphrase with high entropy ( 20char +)
truly random ; password is totally detached from user
habits/knowledge etc.
Test your password strength in bits
Entropy calculated by : H = =1 L ∗
n
tn
LogN
k
Log
2
Do NOT test your password strength online. Take a calculator and
calcul the entropy yourself.
Naam, Genma
Anonymity and encryption
43. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Diceware, overall strength
Naam, Genma
Anonymity and encryption
44. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Diceware, how does it work
You only need a true random source and an ocial mapped dictionary.
Draw 1 : 5 1 5 5 5
...
Draw 2 : 5 4 5 6 6
14245 bit
Draw 3 : 6 5 6 4 6
14246 bitch
Draw 4 : 5 4 3 1 2
14247 bite
Draw 5 : 2 2 3 5 4
...
Results
in French : phase ribose vv rebut clebs
in English : rest sober 80 skye data
Naam, Genma
Anonymity and encryption
45. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
WTF is encryption ?
What can I encrypt ? How ?
Something unclear ?
Feel free to ask for questions now.
Naam, Genma
Anonymity and encryption
46. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
Anonymity
Naam, Genma
Anonymity and encryption
47. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
Anonymity, why does it matter ?
In real life, anonymity is necessary for democraty (voting paper).
On line, anonymity is necessary for freedom of expression.
Naam, Genma
Anonymity and encryption
48. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
TOR the Onion router
Naam, Genma
Anonymity and encryption
49. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
Onion routing principles
Naam, Genma
Anonymity and encryption
50. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
TOR : The Onion Router
It's an open-source implementation of the principles we just saw
supported by The Tor Project.
Naam, Genma
Anonymity and encryption
51. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
TOR : The Onion Router
Pros
Hiding you identity and location, prevents from eyesdropping.
Hiding you browsing habits and act like a debrider on the
informations that you're authorized to see.
encrypting your (incom|outgo)ing trac between nodes.
Cons
Slower connexion, forget about downloading big les, torrents
(deanonymize eect) etc...
Still vulnerable to some kind of analysis
(timing deduction or infection between applications).
entry/exit nodes are vulnerables, no magic here.
(Partial solution if you setup an exit enclaving node)
Naam, Genma
Anonymity and encryption
52. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
If you use it, do it smartly
Don't use standalone TOR
or Vidalia bundlle
Prefer the use of the TBB
(Tor Browser Bundle)
or even better : tails (live
Debian), in hostile
environment (public places
etc)
Try Tor browser launcher for your distribution, that keep TBB updated. Grab-it from here :
https ://github.com/micahee/torbrowser-launcher
Naam, Genma
Anonymity and encryption
53. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
If it's free,
then you're the product
Naam, Genma
Anonymity and encryption
54. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
What is the tracking ?
Tracking over the Internet
websites, announcers use it to learn your browsing habits.
they save what websites are you're visiting, what do you like or
dislike and what you buy.
Data are processed in order to display the best ads that t your
preferences.
Naam, Genma
Anonymity and encryption
55. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
What's the magic ?
Ads and widget are spying you
The Like button : Allows FaceBook to know what you visit, even
if you don't click on it, even if you are properly disconnected
from Facebook.
Same for the +1 by Google, and Google Analytics script.
In fact every ad and many widget do it.
Naam, Genma
Anonymity and encryption
56. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
Want to test ? Try LightBeam (ex Collusion) with Firefox
That add-on allow you to see in real time which websites are tracking
you and the inter-connexion between the actual website and others.
Kind of weird sometime.
Naam, Genma
Anonymity and encryption
57. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
Firefox
Firefox addons
Naam, Genma
Anonymity and encryption
58. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
Firefox scripts : Ghostery
Block all trackers.
Naam, Genma
Anonymity and encryption
59. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
Firefox scripts : Self destructing cookie
Automatic cookie deletion techniques. Prevent tracking and
spying. Possibility to setup a whitelist if you really want to keep
some cookies for some domains
even if you're not currently using
it.
Naam, Genma
Anonymity and encryption
60. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
Firefox scripts : HTTPSEverywhere
Made by the electronic frontier fondation (EFF), it forces the
HTTPS when available on the
website. If you have one, consider registering it for your visitors
(see https ://www.e.org/httpseverywhere/rulesets).
Also, activate the SSL Observatory : it prevents from MITM attacks and more generally against
corrupted certicates.
Naam, Genma
Anonymity and encryption
61. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
Firefox scripts : Certicate Patrol
Does approximately the same thing than the SSLObservatory. Less
transparent in everyday use.
Naam, Genma
Anonymity and encryption
62. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
Search engines
Problems with search engines
Naam, Genma
Anonymity and encryption
63. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
Search engines
Duckduckgo (ddg.gg) personalizable interface for your needs.
Ixquick/startpage (ixquick.com/startpage.com) more than one
search engine begind, automatic proxy if you want to.
binsearch (binsearch.info) search for binaries (newsgroups etc)
that google is hiding from you.
Naam, Genma
Anonymity and encryption
64. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
Metadatas are evil
Metadatas are evil
Naam, Genma
Anonymity and encryption
65. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
Metadatas are evil
Naam, Genma
Anonymity and encryption
66. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
Metadatas are evil
Naam, Genma
Anonymity and encryption
67. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
Metadatas are evil
Denition (http ://dictionary.reference.com/browse/meta-data)
Data about data.
information that is held as a description of stored data.
Examples
EXIF tags on photography (Date, cameras info, GPS
coordinates...)
data stored on documents like .doc(x)
...
Naam, Genma
Anonymity and encryption
68. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
Metadatas are evil
Naam, Genma
Anonymity and encryption
69. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
Solution ? YES, partialy
There is a good tool to erase metadatas from a large spectrum of
letypes. It's called MAT (mat.boum.org).
Reside in Tails, standalone package (Debian), Git repos.
it has a GUI, no worry (can also be used in command line,
don't worry too).
Files support :
Images : .png, JPEG (.jpg, .jpeg, . . . )
Documents : .odt, .odx, .ods, . . . , .docx, .pptx, .xlsx, . . . , .pdf
Tape ARchives (.tar, .tar.bz2, . . . )
Media : .mp3, .mp2, .mp1, . . . , .ogg, . . . , .ac
Torrent (.torrent)
Naam, Genma
Anonymity and encryption
70. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
Why does it matter ?
There is always a tool that ts your need
Something unclear ?
Feel free to ask for questions now.
Naam, Genma
Anonymity and encryption
71. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
We're not in a XOXO world
Cryptoparty
Conclusion
Conclusion
Naam, Genma
Anonymity and encryption
72. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
We're not in a XOXO world
Cryptoparty
Crypto-anarchy
Everyone does encryption and what is really important is encrypted
and embedded in it.
It creates noise which prevents mass surveillance (PRISM ...)
Careful ! At the current time, encryption is not widespread, anyone
who encrypts their e-mails can be considered as suspicious.
Naam, Genma
Anonymity and encryption
73. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
We're not in a XOXO world
Cryptoparty
Relativity of anonymity today
Analysis on language elements
We can identify someone by studying the typography, style,
vocabulary, culture, ideas ..
the frequency of words used, the turn of phrase, the kind ...
Theses techniques are used to determine who hides behind...
Anonymous
Care of Logs
Schedules connections times and estimated time zone also
provide information ...
Naam, Genma
Anonymity and encryption
74. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
We're not in a XOXO world
Cryptoparty
Relativity theory
Snowden's leak are recent, documents leaked are pretty old.
We have very strong tool but we do not know what they have.
State of the art techniques to defeat those technologies
(processor noise etc...).
Naam, Genma
Anonymity and encryption
75. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
We're not in a XOXO world
Cryptoparty
Want to help ?
With money : You can make donation to those open-source
projects.
With action : Use their services, give feedback, there is always
something to do.
By spreading words, teach others how to use it.
Naam, Genma
Anonymity and encryption
76. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
We're not in a XOXO world
Cryptoparty
Cryptoparty
Interested parties with computers, devices, and the desire to learn
to use the most basic crypto programs and privacy tools and the
fundamental concepts of their operation ! CryptoParties are free to
attend, public, and are commercially and politically non-aligned.
What you'll do
Use crypto-tool, ask for questions, teach to others want you already
know.
What you'll not do
Maths, learn deep crypto-concepts, ... Unless you want it.
Naam, Genma
Anonymity and encryption
77. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
We're not in a XOXO world
Cryptoparty
Something unclear ?
Feel free to ask for questions now.
Naam, Genma
Anonymity and encryption
78. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
We're not in a XOXO world
Cryptoparty
Rendez vous at the Cryptoparty
Naam, Genma
Anonymity and encryption
79. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
We're not in a XOXO world
Cryptoparty
Annexes
Naam, Genma
Anonymity and encryption
80. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
We're not in a XOXO world
Cryptoparty
An Exchange of mails really secure
The problem with encrypted email ? We still know who talks to
whom.
Solution
Exchange mail between two known / trusted servers who are
dialoguing in https SSL / TLS between them.
Encrypt messages via PGP
Naam, Genma
Anonymity and encryption
81. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
We're not in a XOXO world
Cryptoparty
Steganography - Steghide
Can you see a dierence between these two pictures ?
vs
The second image contains the text This is my hidden text. This
is what is called steganography. Software : steghide
Naam, Genma
Anonymity and encryption
82. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
We're not in a XOXO world
Cryptoparty
Bitmessage
Bitmessage , a protocol for sending / receiving messages and acentric
fully encrypted, based on a mechanism simillaire bitcoin .
Naam, Genma
Anonymity and encryption
83. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
We're not in a XOXO world
Cryptoparty
Bitmessage
Characteristics and comparison with an email solution + PGP
Send a pair hand , no need to create a server, register a
domain name, or enroll in a service. You can create as many
addresses as you want.
No need to trust a tier ( CA for example).
Censorship-resistant . Person , including a government can not
delete your address or messages.
It is not possible to impersonate a sender (spoong).
Naam, Genma
Anonymity and encryption
84. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
We're not in a XOXO world
Cryptoparty
Bitmessage
Bitmessage has a feature broadcast .
The identity of the sender and receiver of messages is easier to
hide an email with PGP + solution .
Unlike PGP , the subject is encrypted by default .
Should be easier to use, no need to keep the public keys of
your correspondents .
Opportunity to develop additional functionality based on the
protocol.
Naam, Genma
Anonymity and encryption
85. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
We're not in a XOXO world
Cryptoparty
ZeroBin
ZeroBin is a minimalist, opensource online pastebin/discussion board
where the server has zero knowledge of hosted data. Data is encrypted/decrypted in the browser using 256 bits AES. You can test it
online or install on your own server.
Naam, Genma
Anonymity and encryption
86. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
We're not in a XOXO world
Cryptoparty
ZeroBin
Naam, Genma
Anonymity and encryption
87. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
We're not in a XOXO world
Cryptoparty
ZeroBin
When pasting a text into ZeroBin :
You paste your text in the browser and click the Send button.
A random 256 bits key is generated in the browser.
Data is compressed and encrypted with AES using specialized
javascript libraries.
Encrypted data is sent to server and stored.
The browser displays the nal URL with the key.
The key is never transmitted to the server, which therefore
cannot decrypt data.
Naam, Genma
Anonymity and encryption
88. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
We're not in a XOXO world
Cryptoparty
ZeroBin
Naam, Genma
Anonymity and encryption
89. Intro
HOW TO : Encryption
HOW TO : Anonymity
Conclusion
We're not in a XOXO world
Cryptoparty
ZeroBin
When opening a ZeroBin URL :
The browser requests encrypted data from the server
The decryption key is in the anchor part of the URL which is
never sent to server.
Data is decrypted in the browser using the key and displayed.
Naam, Genma
Anonymity and encryption