SlideShare une entreprise Scribd logo

I´m not a number, I´m a free man

V
vicenteDiaz_KL

My privacy talk in Virus Bulletin conference 2012, Dallas

Technologie
1  sur  36
Télécharger pour lire hors ligne
I´m not a number, I´m a free man Vicente Diaz, Senior Security Analyst, Kasperksy Lab Virus Bulletin 2012 PAGE 1 |
The story of the 9 friends PAGE 2 |
The story of the 9 friends PAGE 3 |
Who profiles me? PAGE 4 |
Who profiles me? PAGE 5 |
Who profiles me? PAGE 6 |
Who profiles me? PAGE 7 |
Remember Gator Corporation? [1998-2008] !   “The leader in online behavioral marketing” !   2003: installed on 35 million PCs !   Spyware? I will send you my lawyers !   Report behavior, replace Ads !   Top management: most in the online Ads industry now PAGE 8 |
Regulation? Better protections. Consumers Union, the advocacy arm of Consumer Reports, wants a national privacy law that holds all companies to the same privacy standards and lets consumers tell companies not to track them online PAGE 9 | 1 2 3 4 5 6
Business is business PAGE 10 | 1 2 3 4 5 6
Business is business In November, regulators in Germany found that such information was being collected on Facebook users for up to two years even after they deactivated their accounts. Facebook said that was needed to enhance security, a claim German regulators rejected. Both sides say they are willing to talk, but Facebook’s website says it doesn’t share such data without your permission and deletes it or makes the information anonymous within 90 days. PAGE 11 | 1 2 3 4 5 6
!   Google Privacy Policy •  Information you give to us •  Information we get form your use of our services •  Device information (HW model, OS, UDI, Phone number) •  Log information –  search queries –  phone number, forwarding numbers, time and date of calls, duration of calls –  IP –  Device info (system activity, browser language, date and time of your request and referral URL) –  Cookies •  Location (GPS, WIFI Aps, cell towers) •  Applications Source: www.google.com/policies/privacy PAGE 12 | 1 2 3 4 5 6
Tracking 1 2 3 4 5 6
Simple tracking GET index.html Host: news.com GET xxx GET xxx GET xxx Host: domain1.com Host: domain2.com Host: domain3.com Referer: news.com Referer: news.com Referer: news.com PAGE 14 | 1 2 3 4 5 6
Simple tracking GET index.html Host: news.com http://www.google.es/url? sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CCUQFjA GET xxx GET xxx GET xxx A&url=http%3A%2F%2Fwww.productosflower.com Host: domain1.com Host: domain2.com Host: domain3.com %2F&ei=MZ1cUNPJGYjIhAfo6IGYCw&usg=AFQjCNFmmOdGYUOZ Referer: news.com Referer: news.com Referer: news.com 8XNFiDK9XpX_7iYktQ PAGE 15 | 1 2 3 4 5 6
Advanced tracking !   Identify the user: !   Passive data: headers, plugins, browser, OS !   JS: screen resolution, custom resource detection via Plugins API (i.e. printers via PDF, fonts via Flash, etc.) !   Track ID !   Cookies, Flash cookies (allow cross-domain references), HTML5 storage, silverlight Java: own download cache, applets can read embedded resource streams !   Future? Apps and games in social networks. PAGE 16 | 1 2 3 4 5 6
Advanced tracking !   Identify the user: !   Passive data: headers, plugins, browser, OS !   JS: screen resolution, custom resource detection via Plugins API (i.e. printers via PDF, fonts via Flash, etc.) !   Track ID !   Cookies, Flash cookies (allow cross-domain references), HTML5 storage, silverlight Java: own download cache, applets can read embedded resource streams !   Future? Apps and games in social networks. PAGE 17 | 1 2 3 4 5 6
Advanced tracking !   Identify the user: !   Passive data: headers, plugins, browser, OS !   JS: screen resolution, custom resource detection via Plugins API (i.e. printers via PDF, fonts via Flash, etc.) !   Track ID !   Cookies, Flash cookies (allow cross-domain references), HTML5 storage, silverlight Java: own download cache, applets can read embedded resource streams !   Future? Apps and games in social networks. PAGE 18 | 1 2 3 4 5 6
How much tracking? 1 2 3 4 5 6
www.elmundo.es PAGE2020 | PAGE | 1 2 3 4 5 6 | September 28, 2012
www.elmundo.es PAGE2121 | PAGE | 1 2 3 4 5 6 | September 28, 2012
Analyzing World´s top traffic (I) !   The experiment •  Browsed top 100 sites country by country according to Alexa •  Sniffed all the traffic •  Set up a database of tracking sites (around 1500 domains) PAGE 22 | 1 2 3 4 5 6
Analyzing World´s top traffic (II) !   Countries with most requests to tracking domains 36 World avg. 24,58% 35 34 33 32 31 30 29 28 GB QA YE NP US AU PK SD AL CA PAGE 23 | 1 2 3 4 5 6
Top world trackers ! fbcdn.net ! googlesyndication.com !   doubleclick.net ! yimg.com ! google-analytics.com ! scorecardresearch.com ! facebook.com ! ytimg.com ! twitter.com ! googleapis.com ! google.com !   yieldmanager.com ! twimg.com PAGE 24 | 1 2 3 4 5 6
Top world trackers ! fbcdn.net ! googlesyndication.com !   doubleclick.net ! yimg.com ! google-analytics.com ! scorecardresearch.com ! facebook.com ! ytimg.com ! twitter.com ! googleapis.com ! google.com !   yieldmanager.com ! twimg.com PAGE 25 | 1 2 3 4 5 6
Analyzing World´s top traffic (III) !   Top 100 domains WITHOUT references to tracking sites (country by country avg): 49,96% !   Why so low? !   Let´s take top 10 sites instead of top 100 !   References to tracking sites: 92,32% !   Top 100 world sites: 89% tracking (source: digitaltrends.com) PAGE 26 | 1 2 3 4 5 6
Analyzing World´s top traffic (III) !   Top 100 domains WITHOUT references to tracking sites (country by country avg): 49,96% !   Why so low? !   Let´s take top 10 sites instead of top 100 !   References to tracking sites: 92,32% !   Top 100 world sites: 89% tracking (source: digitaltrends.com) PAGE 27 | 1 2 3 4 5 6
1 year ago … 1 2 3 4 5 6
I looked at the eyes of Diablo – VB 2011 PAGE 29 | 1 2 3 4 5 6
I looked at the eyes of Diablo – VB 2011 PAGE 30 | 1 2 3 4 5 6
I looked at the eyes of Diablo – VB 2011 PAGE 31 | 1 2 3 4 5 6
I looked at the eyes of Diablo – VB 2011 PAGE 32 | 1 2 3 4 5 6
I looked at the eyes of Diablo – VB 2011 PAGE 33 | 1 2 3 4 5 6
Conclusions 1 2 3 4 5 6
Conclusions •  Recipe for the disaster: tons of money, low regulation, relaxed self regulation •  Privacy vs business objectives •  User´s awareness raising: who is offering them solutions? We did help with Gator in the past. The difference? They installed unwanted software. However it was the same goal using different means. In 2012 is not about protecting the device, but protecting the user. PAGE 35 | 1 2 3 4 5 6
Thank you! I´m not a number, I´m a free man Vicente Diaz, Senior Security Analyst @trompi Virus Bulletin 2012 PAGE 36 |

Recommandé

Beyond Hacktivism - why #policymatters - Zan Markan - Codemotion Milan 2016
Beyond Hacktivism - why #policymatters - Zan Markan - Codemotion Milan 2016Beyond Hacktivism - why #policymatters - Zan Markan - Codemotion Milan 2016
Beyond Hacktivism - why #policymatters - Zan Markan - Codemotion Milan 2016Codemotion
 
The Ins, Outs, and Nuances of Internet Privacy
The Ins, Outs, and Nuances of Internet PrivacyThe Ins, Outs, and Nuances of Internet Privacy
The Ins, Outs, and Nuances of Internet PrivacyeBoost Consulting
 
SWMRA EF- 2011
SWMRA EF- 2011SWMRA EF- 2011
SWMRA EF- 2011Discovery Research Group
 
Halloween game
Halloween gameHalloween game
Halloween gamemarianobenlliure
 
The enemy in your pocket
The enemy in your pocketThe enemy in your pocket
The enemy in your pocketvicenteDiaz_KL
 
The enemy in your pocket
The enemy in your pocketThe enemy in your pocket
The enemy in your pocketvicenteDiaz_KL
 
Creacion del blog
Creacion del blogCreacion del blog
Creacion del blogPaoartavia13
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 

Recommandé

Beyond Hacktivism - why #policymatters - Zan Markan - Codemotion Milan 2016
Beyond Hacktivism - why #policymatters - Zan Markan - Codemotion Milan 2016Beyond Hacktivism - why #policymatters - Zan Markan - Codemotion Milan 2016
Beyond Hacktivism - why #policymatters - Zan Markan - Codemotion Milan 2016Codemotion
 
The Ins, Outs, and Nuances of Internet Privacy
The Ins, Outs, and Nuances of Internet PrivacyThe Ins, Outs, and Nuances of Internet Privacy
The Ins, Outs, and Nuances of Internet PrivacyeBoost Consulting
 
SWMRA EF- 2011
SWMRA EF- 2011SWMRA EF- 2011
SWMRA EF- 2011Discovery Research Group
 
Halloween game
Halloween gameHalloween game
Halloween gamemarianobenlliure
 
The enemy in your pocket
The enemy in your pocketThe enemy in your pocket
The enemy in your pocketvicenteDiaz_KL
 
The enemy in your pocket
The enemy in your pocketThe enemy in your pocket
The enemy in your pocketvicenteDiaz_KL
 
Creacion del blog
Creacion del blogCreacion del blog
Creacion del blogPaoartavia13
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 
Search Engines
Search EnginesSearch Engines
Search EnginesVidco Digital
 
Free lowcost dec2010
Free lowcost dec2010Free lowcost dec2010
Free lowcost dec2010Highway T
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
DIY Web Builder: Apps and Social Media
DIY Web Builder: Apps and Social MediaDIY Web Builder: Apps and Social Media
DIY Web Builder: Apps and Social Media1&1
 
Bitsquatting: Exploiting bit-flips for fun, or profit?
Bitsquatting: Exploiting bit-flips for fun, or profit?Bitsquatting: Exploiting bit-flips for fun, or profit?
Bitsquatting: Exploiting bit-flips for fun, or profit?nicknikiforakis
 
Future of Search and Links - The iGaming Summit Malta #sigma2014
Future of Search and Links - The iGaming Summit Malta #sigma2014Future of Search and Links - The iGaming Summit Malta #sigma2014
Future of Search and Links - The iGaming Summit Malta #sigma2014Jan-Willem Bobbink - Freelance SEO Consultant
 
Web 2.0
Web 2.0Web 2.0
Web 2.0griflet
 
Conversionista : Conversion manager course - Stockholm 20 march 2013
Conversionista : Conversion manager course - Stockholm 20 march 2013Conversionista : Conversion manager course - Stockholm 20 march 2013
Conversionista : Conversion manager course - Stockholm 20 march 2013Craig Sullivan
 
7 Things Your Nonprofit Can Do to Get the Most out of Your Website in 2020
7 Things Your Nonprofit Can Do to Get the Most out of Your Website in 20207 Things Your Nonprofit Can Do to Get the Most out of Your Website in 2020
7 Things Your Nonprofit Can Do to Get the Most out of Your Website in 2020TechSoup
 
Open analytics chicago 2014 piwik by d tassone
Open analytics chicago 2014 piwik by d tassoneOpen analytics chicago 2014 piwik by d tassone
Open analytics chicago 2014 piwik by d tassoneDomenico Tassone
 
Sistrix - SEO Do's and Don't
Sistrix - SEO Do's and Don'tSistrix - SEO Do's and Don't
Sistrix - SEO Do's and Don'tAmazon Associates UK
 
Curating Social Media Data And Compiling Them Together
Curating Social Media Data And Compiling Them TogetherCurating Social Media Data And Compiling Them Together
Curating Social Media Data And Compiling Them TogetherPitra Satvika
 
Measuring adblockers impact on site performance
Measuring adblockers impact on site performanceMeasuring adblockers impact on site performance
Measuring adblockers impact on site performanceKaran Kumar
 
Automatic Detection of Web Trackers by Vasia Kalavri
Automatic Detection of Web Trackers by Vasia KalavriAutomatic Detection of Web Trackers by Vasia Kalavri
Automatic Detection of Web Trackers by Vasia KalavriFlink Forward
 
Cool Tools for the Cloud Generation
Cool Tools for the Cloud GenerationCool Tools for the Cloud Generation
Cool Tools for the Cloud GenerationAndy Hadfield
 
04.Social media and PR
04.Social media and PR04.Social media and PR
04.Social media and PRJulian Matthews
 
(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...
(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...
(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...Tinuiti
 
Digital Marketing Trends and Must-Have Solutions for 2023
Digital Marketing Trends and Must-Have Solutions for 2023 Digital Marketing Trends and Must-Have Solutions for 2023
Digital Marketing Trends and Must-Have Solutions for 2023 Milestone Inc
 
Digital Marketing Trends and Must Have for 2023
Digital Marketing Trends and Must Have for 2023 Digital Marketing Trends and Must Have for 2023
Digital Marketing Trends and Must Have for 2023 Benu Aggarwal
 
Measure camp tools of the cro rabble
Measure camp tools of the cro rabbleMeasure camp tools of the cro rabble
Measure camp tools of the cro rabbleCraig Sullivan
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 

Contenu connexe

Similaire à I´m not a number, I´m a free man

Free lowcost dec2010
Free lowcost dec2010Free lowcost dec2010
Free lowcost dec2010Highway T
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
DIY Web Builder: Apps and Social Media
DIY Web Builder: Apps and Social MediaDIY Web Builder: Apps and Social Media
DIY Web Builder: Apps and Social Media1&1
 
Bitsquatting: Exploiting bit-flips for fun, or profit?
Bitsquatting: Exploiting bit-flips for fun, or profit?Bitsquatting: Exploiting bit-flips for fun, or profit?
Bitsquatting: Exploiting bit-flips for fun, or profit?nicknikiforakis
 
Conversionista : Conversion manager course - Stockholm 20 march 2013
Conversionista : Conversion manager course - Stockholm 20 march 2013Conversionista : Conversion manager course - Stockholm 20 march 2013
Conversionista : Conversion manager course - Stockholm 20 march 2013Craig Sullivan
 
7 Things Your Nonprofit Can Do to Get the Most out of Your Website in 2020
7 Things Your Nonprofit Can Do to Get the Most out of Your Website in 20207 Things Your Nonprofit Can Do to Get the Most out of Your Website in 2020
7 Things Your Nonprofit Can Do to Get the Most out of Your Website in 2020TechSoup
 
Open analytics chicago 2014 piwik by d tassone
Open analytics chicago 2014 piwik by d tassoneOpen analytics chicago 2014 piwik by d tassone
Open analytics chicago 2014 piwik by d tassoneDomenico Tassone
 
Curating Social Media Data And Compiling Them Together
Curating Social Media Data And Compiling Them TogetherCurating Social Media Data And Compiling Them Together
Curating Social Media Data And Compiling Them TogetherPitra Satvika
 
Measuring adblockers impact on site performance
Measuring adblockers impact on site performanceMeasuring adblockers impact on site performance
Measuring adblockers impact on site performanceKaran Kumar
 
Automatic Detection of Web Trackers by Vasia Kalavri
Automatic Detection of Web Trackers by Vasia KalavriAutomatic Detection of Web Trackers by Vasia Kalavri
Automatic Detection of Web Trackers by Vasia KalavriFlink Forward
 
Cool Tools for the Cloud Generation
Cool Tools for the Cloud GenerationCool Tools for the Cloud Generation
Cool Tools for the Cloud GenerationAndy Hadfield
 
(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...
(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...
(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...Tinuiti
 
Digital Marketing Trends and Must-Have Solutions for 2023
Digital Marketing Trends and Must-Have Solutions for 2023 Digital Marketing Trends and Must-Have Solutions for 2023
Digital Marketing Trends and Must-Have Solutions for 2023 Milestone Inc
 
Digital Marketing Trends and Must Have for 2023
Digital Marketing Trends and Must Have for 2023 Digital Marketing Trends and Must Have for 2023
Digital Marketing Trends and Must Have for 2023 Benu Aggarwal
 
Measure camp tools of the cro rabble
Measure camp tools of the cro rabbleMeasure camp tools of the cro rabble
Measure camp tools of the cro rabbleCraig Sullivan
 

Similaire à I´m not a number, I´m a free man (20)

Search Engines
Search EnginesSearch Engines
Search Engines
 
Free lowcost dec2010
Free lowcost dec2010Free lowcost dec2010
Free lowcost dec2010
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
DIY Web Builder: Apps and Social Media
DIY Web Builder: Apps and Social MediaDIY Web Builder: Apps and Social Media
DIY Web Builder: Apps and Social Media
 
Bitsquatting: Exploiting bit-flips for fun, or profit?
Bitsquatting: Exploiting bit-flips for fun, or profit?Bitsquatting: Exploiting bit-flips for fun, or profit?
Bitsquatting: Exploiting bit-flips for fun, or profit?
 
Future of Search and Links - The iGaming Summit Malta #sigma2014
Future of Search and Links - The iGaming Summit Malta #sigma2014Future of Search and Links - The iGaming Summit Malta #sigma2014
Future of Search and Links - The iGaming Summit Malta #sigma2014
 
Web 2.0
Web 2.0Web 2.0
Web 2.0
 
Conversionista : Conversion manager course - Stockholm 20 march 2013
Conversionista : Conversion manager course - Stockholm 20 march 2013Conversionista : Conversion manager course - Stockholm 20 march 2013
Conversionista : Conversion manager course - Stockholm 20 march 2013
 
7 Things Your Nonprofit Can Do to Get the Most out of Your Website in 2020
7 Things Your Nonprofit Can Do to Get the Most out of Your Website in 20207 Things Your Nonprofit Can Do to Get the Most out of Your Website in 2020
7 Things Your Nonprofit Can Do to Get the Most out of Your Website in 2020
 
Open analytics chicago 2014 piwik by d tassone
Open analytics chicago 2014 piwik by d tassoneOpen analytics chicago 2014 piwik by d tassone
Open analytics chicago 2014 piwik by d tassone
 
Sistrix - SEO Do's and Don't
Sistrix - SEO Do's and Don'tSistrix - SEO Do's and Don't
Sistrix - SEO Do's and Don't
 
Curating Social Media Data And Compiling Them Together
Curating Social Media Data And Compiling Them TogetherCurating Social Media Data And Compiling Them Together
Curating Social Media Data And Compiling Them Together
 
Measuring adblockers impact on site performance
Measuring adblockers impact on site performanceMeasuring adblockers impact on site performance
Measuring adblockers impact on site performance
 
Automatic Detection of Web Trackers by Vasia Kalavri
Automatic Detection of Web Trackers by Vasia KalavriAutomatic Detection of Web Trackers by Vasia Kalavri
Automatic Detection of Web Trackers by Vasia Kalavri
 
Cool Tools for the Cloud Generation
Cool Tools for the Cloud GenerationCool Tools for the Cloud Generation
Cool Tools for the Cloud Generation
 
04.Social media and PR
04.Social media and PR04.Social media and PR
04.Social media and PR
 
(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...
(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...
(Another) Wild Year in Data Privacy: What Went Down in 2022 & What to Expect ...
 
Digital Marketing Trends and Must-Have Solutions for 2023
Digital Marketing Trends and Must-Have Solutions for 2023 Digital Marketing Trends and Must-Have Solutions for 2023
Digital Marketing Trends and Must-Have Solutions for 2023
 
Digital Marketing Trends and Must Have for 2023
Digital Marketing Trends and Must Have for 2023 Digital Marketing Trends and Must Have for 2023
Digital Marketing Trends and Must Have for 2023
 
Measure camp tools of the cro rabble
Measure camp tools of the cro rabbleMeasure camp tools of the cro rabble
Measure camp tools of the cro rabble
 

Dernier

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 

Dernier (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 

I´m not a number, I´m a free man

  • 1. I´m not a number, I´m a free man Vicente Diaz, Senior Security Analyst, Kasperksy Lab Virus Bulletin 2012 PAGE 1 |
  • 2. The story of the 9 friends PAGE 2 |
  • 3. The story of the 9 friends PAGE 3 |
  • 8. Remember Gator Corporation? [1998-2008] !   “The leader in online behavioral marketing” !   2003: installed on 35 million PCs !   Spyware? I will send you my lawyers !   Report behavior, replace Ads !   Top management: most in the online Ads industry now PAGE 8 |
  • 9. Regulation? Better protections. Consumers Union, the advocacy arm of Consumer Reports, wants a national privacy law that holds all companies to the same privacy standards and lets consumers tell companies not to track them online PAGE 9 | 1 2 3 4 5 6
  • 10. Business is business PAGE 10 | 1 2 3 4 5 6
  • 11. Business is business In November, regulators in Germany found that such information was being collected on Facebook users for up to two years even after they deactivated their accounts. Facebook said that was needed to enhance security, a claim German regulators rejected. Both sides say they are willing to talk, but Facebook’s website says it doesn’t share such data without your permission and deletes it or makes the information anonymous within 90 days. PAGE 11 | 1 2 3 4 5 6
  • 12. !   Google Privacy Policy •  Information you give to us •  Information we get form your use of our services •  Device information (HW model, OS, UDI, Phone number) •  Log information –  search queries –  phone number, forwarding numbers, time and date of calls, duration of calls –  IP –  Device info (system activity, browser language, date and time of your request and referral URL) –  Cookies •  Location (GPS, WIFI Aps, cell towers) •  Applications Source: www.google.com/policies/privacy PAGE 12 | 1 2 3 4 5 6
  • 13. Tracking 1 2 3 4 5 6
  • 14. Simple tracking GET index.html Host: news.com GET xxx GET xxx GET xxx Host: domain1.com Host: domain2.com Host: domain3.com Referer: news.com Referer: news.com Referer: news.com PAGE 14 | 1 2 3 4 5 6
  • 15. Simple tracking GET index.html Host: news.com http://www.google.es/url? sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CCUQFjA GET xxx GET xxx GET xxx A&url=http%3A%2F%2Fwww.productosflower.com Host: domain1.com Host: domain2.com Host: domain3.com %2F&ei=MZ1cUNPJGYjIhAfo6IGYCw&usg=AFQjCNFmmOdGYUOZ Referer: news.com Referer: news.com Referer: news.com 8XNFiDK9XpX_7iYktQ PAGE 15 | 1 2 3 4 5 6
  • 16. Advanced tracking !   Identify the user: !   Passive data: headers, plugins, browser, OS !   JS: screen resolution, custom resource detection via Plugins API (i.e. printers via PDF, fonts via Flash, etc.) !   Track ID !   Cookies, Flash cookies (allow cross-domain references), HTML5 storage, silverlight Java: own download cache, applets can read embedded resource streams !   Future? Apps and games in social networks. PAGE 16 | 1 2 3 4 5 6
  • 17. Advanced tracking !   Identify the user: !   Passive data: headers, plugins, browser, OS !   JS: screen resolution, custom resource detection via Plugins API (i.e. printers via PDF, fonts via Flash, etc.) !   Track ID !   Cookies, Flash cookies (allow cross-domain references), HTML5 storage, silverlight Java: own download cache, applets can read embedded resource streams !   Future? Apps and games in social networks. PAGE 17 | 1 2 3 4 5 6
  • 18. Advanced tracking !   Identify the user: !   Passive data: headers, plugins, browser, OS !   JS: screen resolution, custom resource detection via Plugins API (i.e. printers via PDF, fonts via Flash, etc.) !   Track ID !   Cookies, Flash cookies (allow cross-domain references), HTML5 storage, silverlight Java: own download cache, applets can read embedded resource streams !   Future? Apps and games in social networks. PAGE 18 | 1 2 3 4 5 6
  • 19. How much tracking? 1 2 3 4 5 6
  • 20. www.elmundo.es PAGE2020 | PAGE | 1 2 3 4 5 6 | September 28, 2012
  • 21. www.elmundo.es PAGE2121 | PAGE | 1 2 3 4 5 6 | September 28, 2012
  • 22. Analyzing World´s top traffic (I) !   The experiment •  Browsed top 100 sites country by country according to Alexa •  Sniffed all the traffic •  Set up a database of tracking sites (around 1500 domains) PAGE 22 | 1 2 3 4 5 6
  • 23. Analyzing World´s top traffic (II) !   Countries with most requests to tracking domains 36 World avg. 24,58% 35 34 33 32 31 30 29 28 GB QA YE NP US AU PK SD AL CA PAGE 23 | 1 2 3 4 5 6
  • 24. Top world trackers ! fbcdn.net ! googlesyndication.com !   doubleclick.net ! yimg.com ! google-analytics.com ! scorecardresearch.com ! facebook.com ! ytimg.com ! twitter.com ! googleapis.com ! google.com !   yieldmanager.com ! twimg.com PAGE 24 | 1 2 3 4 5 6
  • 25. Top world trackers ! fbcdn.net ! googlesyndication.com !   doubleclick.net ! yimg.com ! google-analytics.com ! scorecardresearch.com ! facebook.com ! ytimg.com ! twitter.com ! googleapis.com ! google.com !   yieldmanager.com ! twimg.com PAGE 25 | 1 2 3 4 5 6
  • 26. Analyzing World´s top traffic (III) !   Top 100 domains WITHOUT references to tracking sites (country by country avg): 49,96% !   Why so low? !   Let´s take top 10 sites instead of top 100 !   References to tracking sites: 92,32% !   Top 100 world sites: 89% tracking (source: digitaltrends.com) PAGE 26 | 1 2 3 4 5 6
  • 27. Analyzing World´s top traffic (III) !   Top 100 domains WITHOUT references to tracking sites (country by country avg): 49,96% !   Why so low? !   Let´s take top 10 sites instead of top 100 !   References to tracking sites: 92,32% !   Top 100 world sites: 89% tracking (source: digitaltrends.com) PAGE 27 | 1 2 3 4 5 6
  • 28. 1 year ago … 1 2 3 4 5 6
  • 29. I looked at the eyes of Diablo – VB 2011 PAGE 29 | 1 2 3 4 5 6
  • 30. I looked at the eyes of Diablo – VB 2011 PAGE 30 | 1 2 3 4 5 6
  • 31. I looked at the eyes of Diablo – VB 2011 PAGE 31 | 1 2 3 4 5 6
  • 32. I looked at the eyes of Diablo – VB 2011 PAGE 32 | 1 2 3 4 5 6
  • 33. I looked at the eyes of Diablo – VB 2011 PAGE 33 | 1 2 3 4 5 6
  • 35. Conclusions •  Recipe for the disaster: tons of money, low regulation, relaxed self regulation •  Privacy vs business objectives •  User´s awareness raising: who is offering them solutions? We did help with Gator in the past. The difference? They installed unwanted software. However it was the same goal using different means. In 2012 is not about protecting the device, but protecting the user. PAGE 35 | 1 2 3 4 5 6
  • 36. Thank you! I´m not a number, I´m a free man Vicente Diaz, Senior Security Analyst @trompi Virus Bulletin 2012 PAGE 36 |