L 12: Privacy Protecting Technologies CSCI E-170 December 7, 2004 Simson L. Garfinkel
Agenda • HW 6 – Grades sent out. (sorry for the delay) • Projects – How are people doing? • Privacy Protecting Technologies • Course Evaluations – In class or on the website
Technology: Value Neutral? • Does technology, on average, help or hinder personal privacy?
The Big Idea • We can use technology to improve privacy
Privacy Protecting Tools for Web Browsing • Browser – pop-up blocking • Client Side: – Web proxy – works with anything – IE plug-in – “helper object” • Web Service: – Browser agnostic – You must trust the service!
Browser protection • Safari and Mozilla provide: – pop-up blocking – Cookie Management • Demo; look at what’s offered
Client-side Protection • Ad-Subtract – http: //www. intermute. com/adsubtract/ • Bugnosis – http: //www. bugnosis. org/ • Spoof. Guard – http: //crypto. stanford. edu/Spoof. Guard/ • Web. Pwd. Hash – http: //crypto. stanford. edu/Pwd. Hash/
Ad Subtract
“Search Sanity”
Ad Subtract: Client-Side Java Proxy Advantages: – Multiplatform – Easy to debug – Client/server Disadvantages: – Doesn’t work with SSL – Install footprint – Need to parse HTML
Ad Blockers • Ad-Subtract • Junkbuster Proxy • Discussion?
Bugnosis
Bugnosis Features: – Browser helper object – Accesses HTTP & HTTPS – Downloads updates – Designed for journalists
Spoof. Guard • Browser plug-in (IE only) • Rule-based; “spamassassin for websites”
Spoof. Guard Controls • Not quite sure how to set these? You’re not alone
Spoof. Guard rules • Domain Name Check – http: //www. paypai. com/ • URL check – http: //www. paypai. com@123. 123/ • Email Check – Arriving at a URL by email is bad • Password Field Check – Lower threshold for pages asking for passwords • Link Check – Suspicious links are links that have suspicious URLs • Image Check – Images on one website similar to those on another website • Password Tracking – Password at one website same as another website
Spoof. Guard URL Check
Spoof. Guard Image Check
Spoof. Guard Download • Open. Source - Good template for doing a browser plug-in • Internet Explorer only • http: //crypto. stanford. edu/Spoof. Guard/download. html Discussion?
Web. Pwd. Hash • The problem: Users tend to use the same username & password at every site • The solution: Hash the password with the domain at the browser and send the hash to the remote website
Web. Pwd. Hash • Advantages: – Each site gets a different password – Protects against phishing • Disadvantages: – Must trust the browser (doing that anyway) – Can’t run without the plug-in (unless you go to a remote website) – Users must “reset” all of their passwords – Doesn’t work with handhelds, cell phones, etc. Discussion?
Privacy Protecting Web Services • • Web Caches & Open Proxies Remailers Anonymizer Anonymous Transport Services: – Freedom – Onion Routing • Anonymous Publishing Services
Why use a privacy service? • Prevent tracing to your IP address • Get around a national, ISP, or business block – China – Saudi Arabia – Fidelity
Mix-Nets • Anonymity Loves Company • Chaum’s mix-net scheme – 1 mix: you trust the mixer – More mixes -> Less Trust – Mixing needs to be in space and time
Practical applications of mixers: • Anonymous Remailers • Anonymous Browsing • Anonymous Publishing
Anonymous Remailers • Anonymous posting on Usenet • anon. penet. fi – – – – Based in Finland Operated by Julf Helsingius 70, 000 registered users; 10, 000 messages/day February 1995 – Church of Scientology demands the True Name of a nym an 144108@anon. penet. fi Revealed on February 8 to belong to tc@alumni. caltech. edu under order from Finish Court (Information applied to the Finish court had apparently been somewhat misleading) August 30 – After second court case, anon. penet. fi shut down full details at www. xs 4 all. nl/~kspaink/cos/rnewman/anon/penet. html
Craig’s List
Key features of an anonymous remailer • Strips identity from messages passing through • Provides mapping of nyms to “true names” – But only if replies are important • Optional: – Mixing - only if traffic in and out is observable – Encryption – Prevents intermediaries from knowing what’s going on.
Freedom / Onion Routing
Web Caches: Less Sophisticated, but easier to use • No special software to install – support for caches is already built in. • Can work both ways – a cache can also monitor you.
![Web Caches cache-ntc-ah 12. proxy. aol. com - - [10/May/2003: 22: 47: 31 -0400]](https://present5.com/presentation/9892fc4d54c3597700110393312e6596/image-33.jpg "Web Caches cache-ntc-ah 12. proxy. aol. com - - [10/May/2003: 22: 47: 31 -0400]")
Web Caches cache-ntc-ah 12. proxy. aol. com - - [10/May/2003: 22: 47: 31 -0400] "GET /clips/1999. TR. LCS 35 -Fountain. Of. Ideas. pdf HTTP/1. 0" 200 65536 "http: //aolsearch. aol. com/aol/search? query=fountain+ideas&page=2" "Mozilla/4. 0 (compatible; MSIE 6. 0; AOL 7. 0; Windows NT 5. 1; . NET CLR 1. 0. 3705)“ cache-ntc-ah 12. proxy. aol. com - - [10/May/2003: 22: 47: 39 -0400] "GET /clips/1999. TR. LCS 35 -Fountain. Of. Ideas. pdf HTTP/1. 1" 206 688128 "-" "Mozilla/4. 0 (compatible; MSIE 6. 0; AOL 7. 0; Windows NT 5. 1; . NET CLR 1. 0. 3705)“ cache-ntc-ah 12. proxy. aol. com - - [10/May/2003: 22: 47: 44 -0400] "GET /clips/1999. TR. LCS 35 -Fountain. Of. Ideas. pdf HTTP/1. 1" 206 1024 "-" "Mozilla/4. 0 (compatible; MSIE 6. 0; AOL 7. 0; Windows NT 5. 1; . NET CLR 1. 0. 3705)“ cache-ntc-ah 12. proxy. aol. com - - [10/May/2003: 22: 47 -0400] "GET /clips/1999. TR. LCS 35 -Fountain. Of. Ideas. pdf HTTP/1. 1" 206 75 "-" "Mozilla/4. 0 (compatible; MSIE 6. 0; AOL 7. 0; Windows NT 5. 1; . NET CLR 1. 0. 3705)“
Cache with anonymity
Anonymizer
Anonymizer. com rewrites URLs <td width=90 style='background: aqua; text-align: center; font: bold; font-family: Arial'> <a href='http: //anon. free. anonymizer. com/http: //www. simson. net/photos. php' title='Photos by and of Simson Garfinkel'> Photos </a> </td> <td width=90 style='background: lime; text-align: center; font: bold; font-family: Arial'> <a href='http: //anon. free. anonymizer. com/http: //www. simson. net/pubs. php' title='Publications, both academic and journalistic. '> Pubs </a> </td> <td width=90 style='background: magenta; text-align: center; font: bold; font-family: Arial'> <a href='http: //anon. free. anonymizer. com/http: //www. simson. net/projects. php' title='Current projects'> Projects </a> </td>
Open Proxy • • Like a cache, but no cache! No logs (usually) Anybody running an open proxy server Also used by bad guys
Unresolved Issues • How do you buy a book anonymously?
Anonymous Publishing Services • anon. penet. fi was really about the right to anonymous publication on Usenet (1996) • The Eternity Service – Ross J. Anderson – http: //www. cl. cam. ac. uk/users/rja 14/eternity. ht ml • Publius: – http: //www. freehaven. net/anonbib/cache/publius. pdf – Waldman, Rubin & Cranor • Free Haven • Ka. Za. A?
Key Items Required for Anonymous Publishing Service • • Server Management Naming of Documents Publishing Updating Deleting Indexing Payment
Private Messaging • • • PGP – first generation Hush Mail – web based The Martus Project – application specific Groove Disappearing Ink (Omniva) – Deletion – c. f. Microsoft Rights Management System
PGP • • Add-on Plug-in S/MIME vs. Open. PGP Political Baggage
Hush Mail • Second-generation • Web-based • Java Crypto Client
Hush Mail
Hush Mail
Hush Mail
Hush Mail
Hush Mail Interface
Hush. Mail Diagram
Matrus • Closed system for filing human rights reports • Oriented around “bulletins” • Lots of clever ideas •
Martus Login • Screen-based keyboard to defeat keyboard sniffers.
Martus Bulletins • Designed to be easily created, easily searched • Based on 10+ years of research by Patrick Ball http: //dir. salon. com/tech/col/garf/2000/09/08/patrick_ba
Martus Design • All information kept in an encrypted database
Groove Virtual Office • • Peer-to-Peer Encrypted Space and Communications Messaging Future unclear
Disappearing Ink / Omniva • Self-destructing email for people who want to use it. • Why bother? Because it’s hard to delete things
Email gets copies a lot
Microsoft Rights Management System • Like Dissappearing Ink, but you need to have permission to get the key • Main use: Preventing forwarding of Microsoft Word documents to outside of an organization • Built into Office 2003
References: • EPIC Online Guide to Privacy Protecting tools: • http: //www. epic. org/privacy/tools. html
Скачать презентацию L 12 Privacy Protecting Technologies CSCI E-170 December
9892fc4d54c3597700110393312e6596.ppt