SlideShare una empresa de Scribd logo

I´m not a number, I´m a free man

V
vicenteDiaz_KL

My privacy talk in Virus Bulletin conference 2012, Dallas

Tecnología
1 de 36
Descargar para leer sin conexión
I´m not a number, I´m a free man Vicente Diaz, Senior Security Analyst, Kasperksy Lab Virus Bulletin 2012 PAGE 1 |
The story of the 9 friends PAGE 2 |
The story of the 9 friends PAGE 3 |
Who profiles me? PAGE 4 |
Who profiles me? PAGE 5 |
Who profiles me? PAGE 6 |
Who profiles me? PAGE 7 |
Remember Gator Corporation? [1998-2008] !   “The leader in online behavioral marketing” !   2003: installed on 35 million PCs !   Spyware? I will send you my lawyers !   Report behavior, replace Ads !   Top management: most in the online Ads industry now PAGE 8 |
Regulation? Better protections. Consumers Union, the advocacy arm of Consumer Reports, wants a national privacy law that holds all companies to the same privacy standards and lets consumers tell companies not to track them online PAGE 9 | 1 2 3 4 5 6
Business is business PAGE 10 | 1 2 3 4 5 6
Business is business In November, regulators in Germany found that such information was being collected on Facebook users for up to two years even after they deactivated their accounts. Facebook said that was needed to enhance security, a claim German regulators rejected. Both sides say they are willing to talk, but Facebook’s website says it doesn’t share such data without your permission and deletes it or makes the information anonymous within 90 days. PAGE 11 | 1 2 3 4 5 6
!   Google Privacy Policy •  Information you give to us •  Information we get form your use of our services •  Device information (HW model, OS, UDI, Phone number) •  Log information –  search queries –  phone number, forwarding numbers, time and date of calls, duration of calls –  IP –  Device info (system activity, browser language, date and time of your request and referral URL) –  Cookies •  Location (GPS, WIFI Aps, cell towers) •  Applications Source: www.google.com/policies/privacy PAGE 12 | 1 2 3 4 5 6
Tracking 1 2 3 4 5 6
Simple tracking GET index.html Host: news.com GET xxx GET xxx GET xxx Host: domain1.com Host: domain2.com Host: domain3.com Referer: news.com Referer: news.com Referer: news.com PAGE 14 | 1 2 3 4 5 6
Simple tracking GET index.html Host: news.com http://www.google.es/url? sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CCUQFjA GET xxx GET xxx GET xxx A&url=http%3A%2F%2Fwww.productosflower.com Host: domain1.com Host: domain2.com Host: domain3.com %2F&ei=MZ1cUNPJGYjIhAfo6IGYCw&usg=AFQjCNFmmOdGYUOZ Referer: news.com Referer: news.com Referer: news.com 8XNFiDK9XpX_7iYktQ PAGE 15 | 1 2 3 4 5 6
Advanced tracking !   Identify the user: !   Passive data: headers, plugins, browser, OS !   JS: screen resolution, custom resource detection via Plugins API (i.e. printers via PDF, fonts via Flash, etc.) !   Track ID !   Cookies, Flash cookies (allow cross-domain references), HTML5 storage, silverlight Java: own download cache, applets can read embedded resource streams !   Future? Apps and games in social networks. PAGE 16 | 1 2 3 4 5 6
Advanced tracking !   Identify the user: !   Passive data: headers, plugins, browser, OS !   JS: screen resolution, custom resource detection via Plugins API (i.e. printers via PDF, fonts via Flash, etc.) !   Track ID !   Cookies, Flash cookies (allow cross-domain references), HTML5 storage, silverlight Java: own download cache, applets can read embedded resource streams !   Future? Apps and games in social networks. PAGE 17 | 1 2 3 4 5 6
Advanced tracking !   Identify the user: !   Passive data: headers, plugins, browser, OS !   JS: screen resolution, custom resource detection via Plugins API (i.e. printers via PDF, fonts via Flash, etc.) !   Track ID !   Cookies, Flash cookies (allow cross-domain references), HTML5 storage, silverlight Java: own download cache, applets can read embedded resource streams !   Future? Apps and games in social networks. PAGE 18 | 1 2 3 4 5 6
How much tracking? 1 2 3 4 5 6
www.elmundo.es PAGE2020 | PAGE | 1 2 3 4 5 6 | September 28, 2012
www.elmundo.es PAGE2121 | PAGE | 1 2 3 4 5 6 | September 28, 2012
Analyzing World´s top traffic (I) !   The experiment •  Browsed top 100 sites country by country according to Alexa •  Sniffed all the traffic •  Set up a database of tracking sites (around 1500 domains) PAGE 22 | 1 2 3 4 5 6
Analyzing World´s top traffic (II) !   Countries with most requests to tracking domains 36 World avg. 24,58% 35 34 33 32 31 30 29 28 GB QA YE NP US AU PK SD AL CA PAGE 23 | 1 2 3 4 5 6
Top world trackers ! fbcdn.net ! googlesyndication.com !   doubleclick.net ! yimg.com ! google-analytics.com ! scorecardresearch.com ! facebook.com ! ytimg.com ! twitter.com ! googleapis.com ! google.com !   yieldmanager.com ! twimg.com PAGE 24 | 1 2 3 4 5 6
Top world trackers ! fbcdn.net ! googlesyndication.com !   doubleclick.net ! yimg.com ! google-analytics.com ! scorecardresearch.com ! facebook.com ! ytimg.com ! twitter.com ! googleapis.com ! google.com !   yieldmanager.com ! twimg.com PAGE 25 | 1 2 3 4 5 6
Analyzing World´s top traffic (III) !   Top 100 domains WITHOUT references to tracking sites (country by country avg): 49,96% !   Why so low? !   Let´s take top 10 sites instead of top 100 !   References to tracking sites: 92,32% !   Top 100 world sites: 89% tracking (source: digitaltrends.com) PAGE 26 | 1 2 3 4 5 6
Analyzing World´s top traffic (III) !   Top 100 domains WITHOUT references to tracking sites (country by country avg): 49,96% !   Why so low? !   Let´s take top 10 sites instead of top 100 !   References to tracking sites: 92,32% !   Top 100 world sites: 89% tracking (source: digitaltrends.com) PAGE 27 | 1 2 3 4 5 6
1 year ago … 1 2 3 4 5 6
I looked at the eyes of Diablo – VB 2011 PAGE 29 | 1 2 3 4 5 6
I looked at the eyes of Diablo – VB 2011 PAGE 30 | 1 2 3 4 5 6
I looked at the eyes of Diablo – VB 2011 PAGE 31 | 1 2 3 4 5 6
I looked at the eyes of Diablo – VB 2011 PAGE 32 | 1 2 3 4 5 6
I looked at the eyes of Diablo – VB 2011 PAGE 33 | 1 2 3 4 5 6
Conclusions 1 2 3 4 5 6
Conclusions •  Recipe for the disaster: tons of money, low regulation, relaxed self regulation •  Privacy vs business objectives •  User´s awareness raising: who is offering them solutions? We did help with Gator in the past. The difference? They installed unwanted software. However it was the same goal using different means. In 2012 is not about protecting the device, but protecting the user. PAGE 35 | 1 2 3 4 5 6
Thank you! I´m not a number, I´m a free man Vicente Diaz, Senior Security Analyst @trompi Virus Bulletin 2012 PAGE 36 |

Recomendados

Beyond Hacktivism - why #policymatters - Zan Markan - Codemotion Milan 2016
Beyond Hacktivism - why #policymatters - Zan Markan - Codemotion Milan 2016Beyond Hacktivism - why #policymatters - Zan Markan - Codemotion Milan 2016
Beyond Hacktivism - why #policymatters - Zan Markan - Codemotion Milan 2016Codemotion
 
The Ins, Outs, and Nuances of Internet Privacy
The Ins, Outs, and Nuances of Internet PrivacyThe Ins, Outs, and Nuances of Internet Privacy
The Ins, Outs, and Nuances of Internet PrivacyeBoost Consulting
 
SWMRA EF- 2011
SWMRA EF- 2011SWMRA EF- 2011
SWMRA EF- 2011Discovery Research Group
 
Halloween game
Halloween gameHalloween game
Halloween gamemarianobenlliure
 
The enemy in your pocket
The enemy in your pocketThe enemy in your pocket
The enemy in your pocketvicenteDiaz_KL
 
The enemy in your pocket
The enemy in your pocketThe enemy in your pocket
The enemy in your pocketvicenteDiaz_KL
 
Creacion del blog
Creacion del blogCreacion del blog
Creacion del blogPaoartavia13
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 

Recomendados

Beyond Hacktivism - why #policymatters - Zan Markan - Codemotion Milan 2016
Beyond Hacktivism - why #policymatters - Zan Markan - Codemotion Milan 2016Beyond Hacktivism - why #policymatters - Zan Markan - Codemotion Milan 2016
Beyond Hacktivism - why #policymatters - Zan Markan - Codemotion Milan 2016Codemotion
 
The Ins, Outs, and Nuances of Internet Privacy
The Ins, Outs, and Nuances of Internet PrivacyThe Ins, Outs, and Nuances of Internet Privacy
The Ins, Outs, and Nuances of Internet PrivacyeBoost Consulting
 
SWMRA EF- 2011
SWMRA EF- 2011SWMRA EF- 2011
SWMRA EF- 2011Discovery Research Group
 
Halloween game
Halloween gameHalloween game
Halloween gamemarianobenlliure
 
The enemy in your pocket
The enemy in your pocketThe enemy in your pocket
The enemy in your pocketvicenteDiaz_KL
 
The enemy in your pocket
The enemy in your pocketThe enemy in your pocket
The enemy in your pocketvicenteDiaz_KL
 
Creacion del blog
Creacion del blogCreacion del blog
Creacion del blogPaoartavia13
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 
Search Engines
Search EnginesSearch Engines
Search EnginesVidco Digital
 
Free lowcost dec2010
Free lowcost dec2010Free lowcost dec2010
Free lowcost dec2010Highway T
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
DIY Web Builder: Apps and Social Media
DIY Web Builder: Apps and Social MediaDIY Web Builder: Apps and Social Media
DIY Web Builder: Apps and Social Media1&1
 
Bitsquatting: Exploiting bit-flips for fun, or profit?
Bitsquatting: Exploiting bit-flips for fun, or profit?Bitsquatting: Exploiting bit-flips for fun, or profit?
Bitsquatting: Exploiting bit-flips for fun, or profit?nicknikiforakis
 
Future of Search and Links - The iGaming Summit Malta #sigma2014
Future of Search and Links - The iGaming Summit Malta #sigma2014Future of Search and Links - The iGaming Summit Malta #sigma2014
Future of Search and Links - The iGaming Summit Malta #sigma2014Jan-Willem Bobbink - Freelance SEO Consultant
 
Web 2.0
Web 2.0Web 2.0
Web 2.0griflet
 
Conversionista : Conversion manager course - Stockholm 20 march 2013
Conversionista : Conversion manager course - Stockholm 20 march 2013Conversionista : Conversion manager course - Stockholm 20 march 2013
Conversionista : Conversion manager course - Stockholm 20 march 2013Craig Sullivan
 
7 Things Your Nonprofit Can Do to Get the Most out of Your Website in 2020
7 Things Your Nonprofit Can Do to Get the Most out of Your Website in 20207 Things Your Nonprofit Can Do to Get the Most out of Your Website in 2020
7 Things Your Nonprofit Can Do to Get the Most out of Your Website in 2020TechSoup
 
Open analytics chicago 2014 piwik by d tassone
Open analytics chicago 2014 piwik by d tassoneOpen analytics chicago 2014 piwik by d tassone
Open analytics chicago 2014 piwik by d tassoneDomenico Tassone
 
Sistrix - SEO Do's and Don't
Sistrix - SEO Do's and Don'tSistrix - SEO Do's and Don't
Sistrix - SEO Do's and Don'tAmazon Associates UK
 
Curating Social Media Data And Compiling Them Together
Curating Social Media Data And Compiling Them TogetherCurating Social Media Data And Compiling Them Together
Curating Social Media Data And Compiling Them TogetherPitra Satvika
 
Measuring adblockers impact on site performance
Measuring adblockers impact on site performanceMeasuring adblockers impact on site performance
Measuring adblockers impact on site performanceKaran Kumar
 
Automatic Detection of Web Trackers by Vasia Kalavri
Automatic Detection of Web Trackers by Vasia KalavriAutomatic Detection of Web Trackers by Vasia Kalavri
Automatic Detection of Web Trackers by Vasia KalavriFlink Forward
 
Cool Tools for the Cloud Generation
Cool Tools for the Cloud GenerationCool Tools for the Cloud Generation
Cool Tools for the Cloud GenerationAndy Hadfield
 
04.Social media and PR
04.Social media and PR04.Social media and PR
04.Social media and PRJulian Matthews
 
(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...
(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...
(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...Tinuiti
 
Digital Marketing Trends and Must-Have Solutions for 2023
Digital Marketing Trends and Must-Have Solutions for 2023 Digital Marketing Trends and Must-Have Solutions for 2023
Digital Marketing Trends and Must-Have Solutions for 2023 Milestone Inc
 
Digital Marketing Trends and Must Have for 2023
Digital Marketing Trends and Must Have for 2023 Digital Marketing Trends and Must Have for 2023
Digital Marketing Trends and Must Have for 2023 Benu Aggarwal
 
Measure camp tools of the cro rabble
Measure camp tools of the cro rabbleMeasure camp tools of the cro rabble
Measure camp tools of the cro rabbleCraig Sullivan
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 

Más contenido relacionado

Similar a I´m not a number, I´m a free man

Free lowcost dec2010
Free lowcost dec2010Free lowcost dec2010
Free lowcost dec2010Highway T
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
DIY Web Builder: Apps and Social Media
DIY Web Builder: Apps and Social MediaDIY Web Builder: Apps and Social Media
DIY Web Builder: Apps and Social Media1&1
 
Bitsquatting: Exploiting bit-flips for fun, or profit?
Bitsquatting: Exploiting bit-flips for fun, or profit?Bitsquatting: Exploiting bit-flips for fun, or profit?
Bitsquatting: Exploiting bit-flips for fun, or profit?nicknikiforakis
 
Conversionista : Conversion manager course - Stockholm 20 march 2013
Conversionista : Conversion manager course - Stockholm 20 march 2013Conversionista : Conversion manager course - Stockholm 20 march 2013
Conversionista : Conversion manager course - Stockholm 20 march 2013Craig Sullivan
 
7 Things Your Nonprofit Can Do to Get the Most out of Your Website in 2020
7 Things Your Nonprofit Can Do to Get the Most out of Your Website in 20207 Things Your Nonprofit Can Do to Get the Most out of Your Website in 2020
7 Things Your Nonprofit Can Do to Get the Most out of Your Website in 2020TechSoup
 
Open analytics chicago 2014 piwik by d tassone
Open analytics chicago 2014 piwik by d tassoneOpen analytics chicago 2014 piwik by d tassone
Open analytics chicago 2014 piwik by d tassoneDomenico Tassone
 
Curating Social Media Data And Compiling Them Together
Curating Social Media Data And Compiling Them TogetherCurating Social Media Data And Compiling Them Together
Curating Social Media Data And Compiling Them TogetherPitra Satvika
 
Measuring adblockers impact on site performance
Measuring adblockers impact on site performanceMeasuring adblockers impact on site performance
Measuring adblockers impact on site performanceKaran Kumar
 
Automatic Detection of Web Trackers by Vasia Kalavri
Automatic Detection of Web Trackers by Vasia KalavriAutomatic Detection of Web Trackers by Vasia Kalavri
Automatic Detection of Web Trackers by Vasia KalavriFlink Forward
 
Cool Tools for the Cloud Generation
Cool Tools for the Cloud GenerationCool Tools for the Cloud Generation
Cool Tools for the Cloud GenerationAndy Hadfield
 
(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...
(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...
(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...Tinuiti
 
Digital Marketing Trends and Must-Have Solutions for 2023
Digital Marketing Trends and Must-Have Solutions for 2023 Digital Marketing Trends and Must-Have Solutions for 2023
Digital Marketing Trends and Must-Have Solutions for 2023 Milestone Inc
 
Digital Marketing Trends and Must Have for 2023
Digital Marketing Trends and Must Have for 2023 Digital Marketing Trends and Must Have for 2023
Digital Marketing Trends and Must Have for 2023 Benu Aggarwal
 
Measure camp tools of the cro rabble
Measure camp tools of the cro rabbleMeasure camp tools of the cro rabble
Measure camp tools of the cro rabbleCraig Sullivan
 

Similar a I´m not a number, I´m a free man (20)

Search Engines
Search EnginesSearch Engines
Search Engines
 
Free lowcost dec2010
Free lowcost dec2010Free lowcost dec2010
Free lowcost dec2010
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
DIY Web Builder: Apps and Social Media
DIY Web Builder: Apps and Social MediaDIY Web Builder: Apps and Social Media
DIY Web Builder: Apps and Social Media
 
Bitsquatting: Exploiting bit-flips for fun, or profit?
Bitsquatting: Exploiting bit-flips for fun, or profit?Bitsquatting: Exploiting bit-flips for fun, or profit?
Bitsquatting: Exploiting bit-flips for fun, or profit?
 
Future of Search and Links - The iGaming Summit Malta #sigma2014
Future of Search and Links - The iGaming Summit Malta #sigma2014Future of Search and Links - The iGaming Summit Malta #sigma2014
Future of Search and Links - The iGaming Summit Malta #sigma2014
 
Web 2.0
Web 2.0Web 2.0
Web 2.0
 
Conversionista : Conversion manager course - Stockholm 20 march 2013
Conversionista : Conversion manager course - Stockholm 20 march 2013Conversionista : Conversion manager course - Stockholm 20 march 2013
Conversionista : Conversion manager course - Stockholm 20 march 2013
 
7 Things Your Nonprofit Can Do to Get the Most out of Your Website in 2020
7 Things Your Nonprofit Can Do to Get the Most out of Your Website in 20207 Things Your Nonprofit Can Do to Get the Most out of Your Website in 2020
7 Things Your Nonprofit Can Do to Get the Most out of Your Website in 2020
 
Open analytics chicago 2014 piwik by d tassone
Open analytics chicago 2014 piwik by d tassoneOpen analytics chicago 2014 piwik by d tassone
Open analytics chicago 2014 piwik by d tassone
 
Sistrix - SEO Do's and Don't
Sistrix - SEO Do's and Don'tSistrix - SEO Do's and Don't
Sistrix - SEO Do's and Don't
 
Curating Social Media Data And Compiling Them Together
Curating Social Media Data And Compiling Them TogetherCurating Social Media Data And Compiling Them Together
Curating Social Media Data And Compiling Them Together
 
Measuring adblockers impact on site performance
Measuring adblockers impact on site performanceMeasuring adblockers impact on site performance
Measuring adblockers impact on site performance
 
Automatic Detection of Web Trackers by Vasia Kalavri
Automatic Detection of Web Trackers by Vasia KalavriAutomatic Detection of Web Trackers by Vasia Kalavri
Automatic Detection of Web Trackers by Vasia Kalavri
 
Cool Tools for the Cloud Generation
Cool Tools for the Cloud GenerationCool Tools for the Cloud Generation
Cool Tools for the Cloud Generation
 
04.Social media and PR
04.Social media and PR04.Social media and PR
04.Social media and PR
 
(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...
(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...
(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...
 
Digital Marketing Trends and Must-Have Solutions for 2023
Digital Marketing Trends and Must-Have Solutions for 2023 Digital Marketing Trends and Must-Have Solutions for 2023
Digital Marketing Trends and Must-Have Solutions for 2023
 
Digital Marketing Trends and Must Have for 2023
Digital Marketing Trends and Must Have for 2023 Digital Marketing Trends and Must Have for 2023
Digital Marketing Trends and Must Have for 2023
 
Measure camp tools of the cro rabble
Measure camp tools of the cro rabbleMeasure camp tools of the cro rabble
Measure camp tools of the cro rabble
 

Último

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 

Último (20)

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

I´m not a number, I´m a free man

  • 1. I´m not a number, I´m a free man Vicente Diaz, Senior Security Analyst, Kasperksy Lab Virus Bulletin 2012 PAGE 1 |
  • 2. The story of the 9 friends PAGE 2 |
  • 3. The story of the 9 friends PAGE 3 |
  • 8. Remember Gator Corporation? [1998-2008] !   “The leader in online behavioral marketing” !   2003: installed on 35 million PCs !   Spyware? I will send you my lawyers !   Report behavior, replace Ads !   Top management: most in the online Ads industry now PAGE 8 |
  • 9. Regulation? Better protections. Consumers Union, the advocacy arm of Consumer Reports, wants a national privacy law that holds all companies to the same privacy standards and lets consumers tell companies not to track them online PAGE 9 | 1 2 3 4 5 6
  • 10. Business is business PAGE 10 | 1 2 3 4 5 6
  • 11. Business is business In November, regulators in Germany found that such information was being collected on Facebook users for up to two years even after they deactivated their accounts. Facebook said that was needed to enhance security, a claim German regulators rejected. Both sides say they are willing to talk, but Facebook’s website says it doesn’t share such data without your permission and deletes it or makes the information anonymous within 90 days. PAGE 11 | 1 2 3 4 5 6
  • 12. !   Google Privacy Policy •  Information you give to us •  Information we get form your use of our services •  Device information (HW model, OS, UDI, Phone number) •  Log information –  search queries –  phone number, forwarding numbers, time and date of calls, duration of calls –  IP –  Device info (system activity, browser language, date and time of your request and referral URL) –  Cookies •  Location (GPS, WIFI Aps, cell towers) •  Applications Source: www.google.com/policies/privacy PAGE 12 | 1 2 3 4 5 6
  • 13. Tracking 1 2 3 4 5 6
  • 14. Simple tracking GET index.html Host: news.com GET xxx GET xxx GET xxx Host: domain1.com Host: domain2.com Host: domain3.com Referer: news.com Referer: news.com Referer: news.com PAGE 14 | 1 2 3 4 5 6
  • 15. Simple tracking GET index.html Host: news.com http://www.google.es/url? sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CCUQFjA GET xxx GET xxx GET xxx A&url=http%3A%2F%2Fwww.productosflower.com Host: domain1.com Host: domain2.com Host: domain3.com %2F&ei=MZ1cUNPJGYjIhAfo6IGYCw&usg=AFQjCNFmmOdGYUOZ Referer: news.com Referer: news.com Referer: news.com 8XNFiDK9XpX_7iYktQ PAGE 15 | 1 2 3 4 5 6
  • 16. Advanced tracking !   Identify the user: !   Passive data: headers, plugins, browser, OS !   JS: screen resolution, custom resource detection via Plugins API (i.e. printers via PDF, fonts via Flash, etc.) !   Track ID !   Cookies, Flash cookies (allow cross-domain references), HTML5 storage, silverlight Java: own download cache, applets can read embedded resource streams !   Future? Apps and games in social networks. PAGE 16 | 1 2 3 4 5 6
  • 17. Advanced tracking !   Identify the user: !   Passive data: headers, plugins, browser, OS !   JS: screen resolution, custom resource detection via Plugins API (i.e. printers via PDF, fonts via Flash, etc.) !   Track ID !   Cookies, Flash cookies (allow cross-domain references), HTML5 storage, silverlight Java: own download cache, applets can read embedded resource streams !   Future? Apps and games in social networks. PAGE 17 | 1 2 3 4 5 6
  • 18. Advanced tracking !   Identify the user: !   Passive data: headers, plugins, browser, OS !   JS: screen resolution, custom resource detection via Plugins API (i.e. printers via PDF, fonts via Flash, etc.) !   Track ID !   Cookies, Flash cookies (allow cross-domain references), HTML5 storage, silverlight Java: own download cache, applets can read embedded resource streams !   Future? Apps and games in social networks. PAGE 18 | 1 2 3 4 5 6
  • 19. How much tracking? 1 2 3 4 5 6
  • 20. www.elmundo.es PAGE2020 | PAGE | 1 2 3 4 5 6 | September 28, 2012
  • 21. www.elmundo.es PAGE2121 | PAGE | 1 2 3 4 5 6 | September 28, 2012
  • 22. Analyzing World´s top traffic (I) !   The experiment •  Browsed top 100 sites country by country according to Alexa •  Sniffed all the traffic •  Set up a database of tracking sites (around 1500 domains) PAGE 22 | 1 2 3 4 5 6
  • 23. Analyzing World´s top traffic (II) !   Countries with most requests to tracking domains 36 World avg. 24,58% 35 34 33 32 31 30 29 28 GB QA YE NP US AU PK SD AL CA PAGE 23 | 1 2 3 4 5 6
  • 24. Top world trackers ! fbcdn.net ! googlesyndication.com !   doubleclick.net ! yimg.com ! google-analytics.com ! scorecardresearch.com ! facebook.com ! ytimg.com ! twitter.com ! googleapis.com ! google.com !   yieldmanager.com ! twimg.com PAGE 24 | 1 2 3 4 5 6
  • 25. Top world trackers ! fbcdn.net ! googlesyndication.com !   doubleclick.net ! yimg.com ! google-analytics.com ! scorecardresearch.com ! facebook.com ! ytimg.com ! twitter.com ! googleapis.com ! google.com !   yieldmanager.com ! twimg.com PAGE 25 | 1 2 3 4 5 6
  • 26. Analyzing World´s top traffic (III) !   Top 100 domains WITHOUT references to tracking sites (country by country avg): 49,96% !   Why so low? !   Let´s take top 10 sites instead of top 100 !   References to tracking sites: 92,32% !   Top 100 world sites: 89% tracking (source: digitaltrends.com) PAGE 26 | 1 2 3 4 5 6
  • 27. Analyzing World´s top traffic (III) !   Top 100 domains WITHOUT references to tracking sites (country by country avg): 49,96% !   Why so low? !   Let´s take top 10 sites instead of top 100 !   References to tracking sites: 92,32% !   Top 100 world sites: 89% tracking (source: digitaltrends.com) PAGE 27 | 1 2 3 4 5 6
  • 28. 1 year ago … 1 2 3 4 5 6
  • 29. I looked at the eyes of Diablo – VB 2011 PAGE 29 | 1 2 3 4 5 6
  • 30. I looked at the eyes of Diablo – VB 2011 PAGE 30 | 1 2 3 4 5 6
  • 31. I looked at the eyes of Diablo – VB 2011 PAGE 31 | 1 2 3 4 5 6
  • 32. I looked at the eyes of Diablo – VB 2011 PAGE 32 | 1 2 3 4 5 6
  • 33. I looked at the eyes of Diablo – VB 2011 PAGE 33 | 1 2 3 4 5 6
  • 35. Conclusions •  Recipe for the disaster: tons of money, low regulation, relaxed self regulation •  Privacy vs business objectives •  User´s awareness raising: who is offering them solutions? We did help with Gator in the past. The difference? They installed unwanted software. However it was the same goal using different means. In 2012 is not about protecting the device, but protecting the user. PAGE 35 | 1 2 3 4 5 6
  • 36. Thank you! I´m not a number, I´m a free man Vicente Diaz, Senior Security Analyst @trompi Virus Bulletin 2012 PAGE 36 |