SlideShare a Scribd company logo

Privacy Exposed: Ramifications of Social Media and Mobile Technology

Tom Eston
Tom Eston

Mobile devices and applications have taken the world by storm. Millions of consumers are using these devices for everything from conducting financial transactions, accessing health care information and sharing personal experiences over social media. Unfortunately there is still little regard or concern with how mobile platforms and major social networks collect, transmit and store personal and corporate information. This exacerbates existing privacy concerns and the need for new regulations in the age of big data. In this presentation we discuss the latest privacy concerns with this new technology. Topics will include: • All new privacy concerns with mobile application data, geolocation, address book harvesting , third party information sharing and the latest mobile technology such as NFC (Near Field Communication) • A close look at the top 20 mobile applications and how they transmit, store and reuse personal or private information • Comparison of current privacy policies of the major social networks, what they tell you and what they don't • Ramifications of international and US privacy regulations and how this impacts mobile devices, social networks, you and your business

TechnologyBusiness
1 of 61
Download to read offline
Privacy Exposed: Ramifications of Social Media and Mobile Technology Brian Dean and Tom Eston
Agenda • Privacy in a Mobile World – – – – – Apps and Your Data Location Based Services Data Harvesting Hot New Mobile Technology Mobile Application Privacy Policies • Privacy in a Social World – – – – Evolution of Social Technology More Privacy Controls = More Confusion Hot New Social Technology Comparison of Social Network Privacy Policies • Regulatory Ramifications 1,000,000,000,000,000,000,000,000 bytes 2
About Your Presenters • Brian Dean – Audit and Compliance Team Manager, Privacy Officer – PCI QSA, PMP, PCIP, ACE, Certified Information Privacy Professional – Privacy Officer, HIPAA Officer, and GLBA Officer for $100 billion bank.  Over 13 years in privacy – Frequent Speaker at IAPP, Info Security Summit, ACI, INFOSEC World • Tom Eston – Attack & Defense Team Manager – Web Applications, Mobile Applications and Device Security – Founder of SocialMediaSecurity.com – OWASP Mobile Threat Model Project Lead – SANS Mentor – SEC542 Web Application Penetration Testing – Frequent Speaker at Black Hat, DEF CON, ShmooCon, DerbyCon, SANS, OWASP AppSec, InfoSec World 3
Disclaimer • This presentation is for informational purposes only. • Before implementing or executing on any ideas presented, it would be prudent to seek council from your technical, security, compliance, and Legal representation. • Always perform adequate due diligence, including a formal risk assessment. • Views and opinions presented today are not necessarily that of SecureState or other entities we may represent. – Good chance it doesn’t represent our opinions either. 4
Privacy in a Mobile World • Mobile Data: Storage – Mobile devices have become “virtual wallets” – Personal data via social networks and email are easily stored and shared with others – Smartphone are personal tracking devices that just happen to also take phone calls – Smartphones are one expensive wallet to lose! 5
Example: Mobile Pen Test 6
7
Trivial to Access Private Data • With physical access…it’s “game over” – Rooting or Jailbreaking of the device – Passcode bypass (iOS 7- several!) – Circumvention of “remote wipe” controls – Malware can harvest personal data (especially on Android) * Subject to the security policies or MDM (Mobile Device Management) enforcement! 8
Example: MyFitnessPal • Application stores (too much) PPI on the device 9
Phone Stored Data Date of Birth 10
Mobile Data: Transmission • Do you know what your apps are sending? – To the app developers? – To third-party ad/marketing companies? • Do mobile apps send your data securely? – Is SSL being used? – In our research of the Top 20 Apps…very few use SSL! 11
Example: UDID • What is UDID? – Unique Device IDentifier for the hardware – Apple iOS (iPhone/iPad) • Found to be transmitted from mobile apps – To third party ad and marketing companies – To the mobile app company – Usually transmitted with other personal information (user name, IP, geolocation, etc.) 12
Example: iTunes 13
Pinterest and Flurry.com 14
UDID 15
iOS 7 16
1 Million UDIDs Exposed? • Hackers said it’s from the FBI. FBI denies… • This was actually a third-party breach! 17
Location Based Services • Also known as “geolocation” • Coordinates are frequently sent via third party services • GPS coordinates sometimes stored locally or sent back to the company • Apple had a problem with storing location data without user approval in 2011 18
Apple iOS Location Data Storage Issue • Fixed in iOS 4.3.3 – When turning off location services, iOS will not store or back up this data • Some researchers created a cool tool to demo this – http://petewarden.github.com/iPhoneTracker/ 19
Facebook Timeline and Graph Search • Easier then ever to view where someone has been • Pulls location data from photos, status updates and more… 20
Instagram Photomaps “…you can now much more easily access photos you and others took months or even years ago.” – Kevin Systrom, co-founder and CEO of Instagram Image: Mashable 21
Address Book Harvesting • More apps are doing this • “See if your friends are using this app” • Apple iOS apps could access contact data without permission (fixed in iOS 6) • Install prompt on Android • Developers can notify you on their own… 22
23
Brewster • Takes your: – Address book – LinkedIn contacts – Facebook Friends List – Who you follow on Twitter – Gmail address book – FourSquare Locations – And more… Image: Brewster.com 24
Evolution: Facebook Design Tricks Image: TechCrunch http://techcrunch.com/2012/08/25/5-design-tricksfacebook-uses-to-affect-your-privacy-decisions/ 25
Evolution: Facebook Design Tricks Image: TechCrunch http://techcrunch.com/2012/08/25/5-design-tricks-facebookuses-to-affect-your-privacy-decisions/ 26
Evolution: Facebook Design Tricks Image: TechCrunch http://techcrunch.com/2012/08/25/5-design-tricks-facebookuses-to-affect-your-privacy-decisions/ 27
Evolution: Facebook Design Tricks Image: TechCrunch http://techcrunch.com/2012/08/25/5-design-tricks-facebookuses-to-affect-your-privacy-decisions/ 28
Apple “Find and Call Malware” • First “Trojan” for Apple iOS? • It was a spammy app that sent your contact list to a third-party server • Your friends get SMS spammed from the server • App removed from the App Store and Google Play Image: Kaspersky Labs 29
New Tech: Shopper Tracking • Uses your active WiFi “beacons” to identify you by your MAC address • Google Analytics for “People” http://www.itworld.com/it-management/336828/attention-shoppers-retailers-can-follow-you-around-mall-way-web-trackers-do-onl 30
Evolution: Social Media Integrated into Mobile Operating Systems • Apple iOS 5 – Twitter integrated into the OS • Apple iOS 6 – Facebook integrated into the OS • Apple iOS 7 – Pretty interface integrated in OS 31
32
Evolution: Google Now and Passbook • Google Now: “Predicts” things based on your location and actions you take on your device • Weather, what’s the traffic like on your way to work? • Passbook: Actions are taken when you enter a location: IE: Enter a Target, coupon pops up 33
Evolution: Facebook Home 34
35
Digital Shadow 36
You Don’t Have Any Privacy – Get Over it! http://www.emc.com/digital_universe/downloads/web/personal-ticker.htm 37
Generally Accepted Privacy Principles 38
Privacy in the Wild • Notice – 6,867 word Privacy Policy (LinkedIn, 10-14-13) • Consent – IF offered often buried down 19 screens • 3rd Party access (service provider in China? Pakistan?) – Hey you “consented.” It was on the 19th screen! • Collection – Some collect too much (MyFitnessPal) • Retention – Not typically addressed in the US • Disclosure to 3rd Parties – Almost unilaterally! • Security – Who knows (more on that later) • Quality – I loaned my phone to my son. I never went… 39
Privacy Policies 40
Privacy Policies • Notices Bottom Line – Painful to read, so no one reads. We have no idea what we agree to, I just want to play Angry Birds Star Wars 2… 41
42
Government Data Requests • Policies almost unilaterally allow sharing with authorities – Per Washington Post (as of 9-6-2013) – Yahoo responded 12,444 requests for data from the U.S. government YTD – 40,322 users – YTD Yahoo has rejected 2% of the requests http://www.nydailynews.com/life-style/google-unveils-smart-shoes-sxsw-article-1.1287259#ixzz2eaJBFnfa 43
Government Data Requests (con’t) • Google, Facebook, Apple, Microsoft – Foreign Intelligence Surveillance Act – National Security Agency – Foreign Intelligence Surveillance Court • Sought to release data on the requests they receive from government agencies to release consumer data – Take away: Data is being collected and subject to other possibly accessing. In the US it may NEVER be deleted! 44
More Privacy Control = More Confusion • Consumers: – Take initiative to read the Policies – Understand the legalese Policies – Need to act to protect PPI/PHI • Businesses : – Google munged 60 Privacy Policies into 1! – Opt out check-box is 11 pixels wide! – No incentive to manage if consumers don’t care! 45
Mobile Apps (where’s the security indicators?) 46
Privacy in a Social World • Facebook, Twitter and LinkedIn have grown exponentially! • 900 Million! • Privacy issues have increased as well • Mobile users to top 8 billion by 2016 (1) Image: Ben Foster http://www.benphoster.com/facebook-user-growth-chart-2004-2010/ (1) CNET News, quoting Cisco Forecast from 2-14-2012 47
48
Hot New Tech: Facial Recognition • “Facedeals” – Camera real-time matches face to Facebook – Matches get discounts sent to smartphone 49
Fiction: Minority Report 50
Reality: Disney’s MagicBands (MyMagic+) 51
Google Glass • Camera inconspicuously imbedded in glasses – Pictures and stream video to social networks • Already banned in a Seattle Restaurant (5 Point Cafe) – What about at airports (TSA Security check points) – School yards • Smartphone and video cameras 52
53
Privacy Ramifications • How to deal with new technology – e.g., Facedeals, MagicBands • Opt out of facial scans? • Misuse of technology! • Tracking children • Apple Passbook – iPhone = your wallet • Digital coupons, tickets, loyalty cards • Allow payment with near field chip (NFC). • GPS detects your location and presents coupon • Malware – Nefarious data extractions • GAPP – Can we really apply Privacy Principles? 54
Regulatory Ramifications • International – Appeasing the law patchwork – You think 6000 word Policy is long • Read one that addresses 10 countries! • Now reading page 1 of 101 • United States – Data aggregation and correlation not addressed in US law. • We want ease, we will sacrifice privacy, until it’s too late. 55
On the Horizon • • • • • US Businesses will collect more data and retain Technology will better correlate data Consumers won’t read privacy policies (have you?) Breaches will continue unabated New federal encompassing privacy regulations unlikely – Mobile device data regulations may be looming • Technology outpace regulators • More data in the cloud 56
New Paradigm • Consumers – Personal responsibility • Read Privacy Policies and Security Safeguards – Choice • Select businesses based on privacy – Cognitively execute your preferences – Correct the accuracy of the data, not just when getting a loan (e.g., HIPAA, GLBA, credit bureaus) – Limit the data you provide (do they really need it?) 57
New Paradigm • Businesses need to rethink business model – Capture less data, retain shorter durations – Adopt GAPP principles – Better data protection – De-identify data – Strong encryption • Security/Privacy Professionals – Be aware of the risk – Bad things will happen! – Formally Document the risks for management – Share the risk! (e.g., Annual Risk Posture Statement) – Be a Champion of Privacy and Security 58
Closing Thoughts • Short federal law migrating towards EU Privacy Directive, big business will collect and retain all the data they can gather, including passive data sources we discussed. • Security/Privacy professionals, businesses, and YOU the consumer must be proactive in managing our digital footprints. • Collective responsibly! 59
Links • Link to Tom’s Facebook Privacy & Security Guide – http://www.securestate.com – http://socialmediasecurity.com 60
Tom Eston: teston@securestate.com Twitter: @agent0x0 Brian Dean: bdean@securestate.com [Mostly off the grid ] 61

Recommended

Social Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadSocial Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadTom Eston
 
SUG - Singapore - Use of Social communication in the next generation of business
SUG - Singapore - Use of Social communication in the next generation of businessSUG - Singapore - Use of Social communication in the next generation of business
SUG - Singapore - Use of Social communication in the next generation of businessMark Stokes
 
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewSocial Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewPeter Wood
 
LinkedIn to Your Network - The Social Engineering Threat
LinkedIn to Your Network - The Social Engineering ThreatLinkedIn to Your Network - The Social Engineering Threat
LinkedIn to Your Network - The Social Engineering ThreatLancope, Inc.
 
An Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesAn Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesBlake Carver
 
Social Engineering - By Chris Hills
Social Engineering - By Chris HillsSocial Engineering - By Chris Hills
Social Engineering - By Chris HillsChris Hills CPP, CRMP
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and BadTzar Umang
 

Recommended

Social Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadSocial Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadTom Eston
 
SUG - Singapore - Use of Social communication in the next generation of business
SUG - Singapore - Use of Social communication in the next generation of businessSUG - Singapore - Use of Social communication in the next generation of business
SUG - Singapore - Use of Social communication in the next generation of businessMark Stokes
 
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewSocial Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewPeter Wood
 
LinkedIn to Your Network - The Social Engineering Threat
LinkedIn to Your Network - The Social Engineering ThreatLinkedIn to Your Network - The Social Engineering Threat
LinkedIn to Your Network - The Social Engineering ThreatLancope, Inc.
 
An Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesAn Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesBlake Carver
 
Social Engineering - By Chris Hills
Social Engineering - By Chris HillsSocial Engineering - By Chris Hills
Social Engineering - By Chris HillsChris Hills CPP, CRMP
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and BadTzar Umang
 
Bowhuis Group Ppt Draft5
Bowhuis Group Ppt Draft5Bowhuis Group Ppt Draft5
Bowhuis Group Ppt Draft5lisamulka
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Risk Assessment of Social Media Use v3.01
Risk Assessment of Social Media Use v3.01Risk Assessment of Social Media Use v3.01
Risk Assessment of Social Media Use v3.01overcertified
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
IT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentIT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentNicholas Davis
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media SecurityDel Belcher
 
Character Development, for students, by students!
Character Development, for students, by students!Character Development, for students, by students!
Character Development, for students, by students!mediaplaylab
 
Social Networks And Phishing
Social Networks And PhishingSocial Networks And Phishing
Social Networks And Phishingecarrow
 
Safe and Responsible Use of ICT
Safe and Responsible Use of ICTSafe and Responsible Use of ICT
Safe and Responsible Use of ICTRolly Franco
 
Privacy and Security in Online Social Media : Privacy and Social Media
Privacy and Security in Online Social Media : Privacy and Social MediaPrivacy and Security in Online Social Media : Privacy and Social Media
Privacy and Security in Online Social Media : Privacy and Social MediaIIIT Hyderabad
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
The Ten Commandments of Online Security and Privacy
The Ten Commandments of Online Security and PrivacyThe Ten Commandments of Online Security and Privacy
The Ten Commandments of Online Security and PrivacyJonathan Bacon
 
Internet security
Internet securityInternet security
Internet securityMohammed Adam
 
Social Engineering Techniques
Social Engineering TechniquesSocial Engineering Techniques
Social Engineering TechniquesNeelu Tripathy
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 
Privacy on the Internet
Privacy on the InternetPrivacy on the Internet
Privacy on the InternetPhil Bradley
 
Social engineering
Social engineering Social engineering
Social engineering Abdelhamid Limami
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Infosecurity2010
 
Social computing
Social computingSocial computing
Social computingLynn Johnson
 
Helping Developers with Privacy
Helping Developers with PrivacyHelping Developers with Privacy
Helping Developers with PrivacyJason Hong
 
Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...
Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...
Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...Adam Thierer
 

More Related Content

What's hot

Bowhuis Group Ppt Draft5
Bowhuis Group Ppt Draft5Bowhuis Group Ppt Draft5
Bowhuis Group Ppt Draft5lisamulka
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Risk Assessment of Social Media Use v3.01
Risk Assessment of Social Media Use v3.01Risk Assessment of Social Media Use v3.01
Risk Assessment of Social Media Use v3.01overcertified
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
IT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentIT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentNicholas Davis
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media SecurityDel Belcher
 
Character Development, for students, by students!
Character Development, for students, by students!Character Development, for students, by students!
Character Development, for students, by students!mediaplaylab
 
Social Networks And Phishing
Social Networks And PhishingSocial Networks And Phishing
Social Networks And Phishingecarrow
 
Safe and Responsible Use of ICT
Safe and Responsible Use of ICTSafe and Responsible Use of ICT
Safe and Responsible Use of ICTRolly Franco
 
Privacy and Security in Online Social Media : Privacy and Social Media
Privacy and Security in Online Social Media : Privacy and Social MediaPrivacy and Security in Online Social Media : Privacy and Social Media
Privacy and Security in Online Social Media : Privacy and Social MediaIIIT Hyderabad
 
The Ten Commandments of Online Security and Privacy
The Ten Commandments of Online Security and PrivacyThe Ten Commandments of Online Security and Privacy
The Ten Commandments of Online Security and PrivacyJonathan Bacon
 
Social Engineering Techniques
Social Engineering TechniquesSocial Engineering Techniques
Social Engineering TechniquesNeelu Tripathy
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 
Privacy on the Internet
Privacy on the InternetPrivacy on the Internet
Privacy on the InternetPhil Bradley
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Infosecurity2010
 

What's hot (20)

Bowhuis Group Ppt Draft5
Bowhuis Group Ppt Draft5Bowhuis Group Ppt Draft5
Bowhuis Group Ppt Draft5
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Risk Assessment of Social Media Use v3.01
Risk Assessment of Social Media Use v3.01Risk Assessment of Social Media Use v3.01
Risk Assessment of Social Media Use v3.01
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
IT Security in a Scientific Research Environment
IT Security in a Scientific Research EnvironmentIT Security in a Scientific Research Environment
IT Security in a Scientific Research Environment
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media Security
 
Character Development, for students, by students!
Character Development, for students, by students!Character Development, for students, by students!
Character Development, for students, by students!
 
Social Networks And Phishing
Social Networks And PhishingSocial Networks And Phishing
Social Networks And Phishing
 
Safe and Responsible Use of ICT
Safe and Responsible Use of ICTSafe and Responsible Use of ICT
Safe and Responsible Use of ICT
 
Privacy and Security in Online Social Media : Privacy and Social Media
Privacy and Security in Online Social Media : Privacy and Social MediaPrivacy and Security in Online Social Media : Privacy and Social Media
Privacy and Security in Online Social Media : Privacy and Social Media
 
Social engineering
Social engineering Social engineering
Social engineering
 
The Ten Commandments of Online Security and Privacy
The Ten Commandments of Online Security and PrivacyThe Ten Commandments of Online Security and Privacy
The Ten Commandments of Online Security and Privacy
 
Internet security
Internet securityInternet security
Internet security
 
Social Engineering Techniques
Social Engineering TechniquesSocial Engineering Techniques
Social Engineering Techniques
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
 
Privacy on the Internet
Privacy on the InternetPrivacy on the Internet
Privacy on the Internet
 
Social engineering
Social engineering Social engineering
Social engineering
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
 
Social computing
Social computingSocial computing
Social computing
 

Similar to Privacy Exposed: Ramifications of Social Media and Mobile Technology

Helping Developers with Privacy
Helping Developers with PrivacyHelping Developers with Privacy
Helping Developers with PrivacyJason Hong
 
Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...
Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...
Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...Adam Thierer
 
How Can Policymakers and Regulators Better Engage the Internet of Things?
How Can Policymakers and Regulators Better Engage the Internet of Things? How Can Policymakers and Regulators Better Engage the Internet of Things?
How Can Policymakers and Regulators Better Engage the Internet of Things? Mercatus Center
 
Online Privacy, the next Battleground
Online Privacy, the next BattlegroundOnline Privacy, the next Battleground
Online Privacy, the next BattlegroundSensePost
 
Rosario B. Casas ( www.vramericas.com): If data will be all over the space, w...
Rosario B. Casas ( www.vramericas.com): If data will be all over the space, w...Rosario B. Casas ( www.vramericas.com): If data will be all over the space, w...
Rosario B. Casas ( www.vramericas.com): If data will be all over the space, w...AugmentedWorldExpo
 
[SLIDES] Internet of Things presentation at AEI (Sept 2014)
[SLIDES] Internet of Things presentation at AEI (Sept 2014)[SLIDES] Internet of Things presentation at AEI (Sept 2014)
[SLIDES] Internet of Things presentation at AEI (Sept 2014)Adam Thierer
 
Itri icl 0116_distribute
Itri icl 0116_distributeItri icl 0116_distribute
Itri icl 0116_distributeFuming Shih
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingSecurity Innovation
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingRebecca Leitch
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsSloan Carne
 
Managing Your Digital Footprint - 2012 National BDPA Conference Presentation
Managing Your Digital Footprint - 2012 National BDPA Conference PresentationManaging Your Digital Footprint - 2012 National BDPA Conference Presentation
Managing Your Digital Footprint - 2012 National BDPA Conference PresentationShauna_Cox
 
How People Care about their Personal Datatheir Data Released onReleased on So...
How People Care about their Personal Datatheir Data Released onReleased on So...How People Care about their Personal Datatheir Data Released onReleased on So...
How People Care about their Personal Datatheir Data Released onReleased on So...Kellyton Brito
 
How fluently do you speak data
How fluently do you speak dataHow fluently do you speak data
How fluently do you speak dataMary Aviles
 
Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenienceDon Lovett
 
The Privacy Illusion
The Privacy IllusionThe Privacy Illusion
The Privacy IllusionMary Aviles
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
The CAPrice Initiative: A socio-technical solution to digital privacy
The CAPrice Initiative: A socio-technical solution to digital privacy The CAPrice Initiative: A socio-technical solution to digital privacy
The CAPrice Initiative: A socio-technical solution to digital privacy Ioannis Chrysakis
 
TECHNOLOGY: Solution to our woos not Politicians & INTERNET of THINGS in Nuts...
TECHNOLOGY: Solution to our woos not Politicians & INTERNET of THINGS in Nuts...TECHNOLOGY: Solution to our woos not Politicians & INTERNET of THINGS in Nuts...
TECHNOLOGY: Solution to our woos not Politicians & INTERNET of THINGS in Nuts...Ravi Chandra
 

Similar to Privacy Exposed: Ramifications of Social Media and Mobile Technology (20)

Helping Developers with Privacy
Helping Developers with PrivacyHelping Developers with Privacy
Helping Developers with Privacy
 
Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...
Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...
Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...
 
How Can Policymakers and Regulators Better Engage the Internet of Things?
How Can Policymakers and Regulators Better Engage the Internet of Things? How Can Policymakers and Regulators Better Engage the Internet of Things?
How Can Policymakers and Regulators Better Engage the Internet of Things?
 
Online Privacy, the next Battleground
Online Privacy, the next BattlegroundOnline Privacy, the next Battleground
Online Privacy, the next Battleground
 
Rosario B. Casas ( www.vramericas.com): If data will be all over the space, w...
Rosario B. Casas ( www.vramericas.com): If data will be all over the space, w...Rosario B. Casas ( www.vramericas.com): If data will be all over the space, w...
Rosario B. Casas ( www.vramericas.com): If data will be all over the space, w...
 
[SLIDES] Internet of Things presentation at AEI (Sept 2014)
[SLIDES] Internet of Things presentation at AEI (Sept 2014)[SLIDES] Internet of Things presentation at AEI (Sept 2014)
[SLIDES] Internet of Things presentation at AEI (Sept 2014)
 
Itri icl 0116_distribute
Itri icl 0116_distributeItri icl 0116_distribute
Itri icl 0116_distribute
 
Multimedia Privacy
Multimedia PrivacyMultimedia Privacy
Multimedia Privacy
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be Telling
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be Telling
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU Investigators
 
Managing Your Digital Footprint - 2012 National BDPA Conference Presentation
Managing Your Digital Footprint - 2012 National BDPA Conference PresentationManaging Your Digital Footprint - 2012 National BDPA Conference Presentation
Managing Your Digital Footprint - 2012 National BDPA Conference Presentation
 
How People Care about their Personal Datatheir Data Released onReleased on So...
How People Care about their Personal Datatheir Data Released onReleased on So...How People Care about their Personal Datatheir Data Released onReleased on So...
How People Care about their Personal Datatheir Data Released onReleased on So...
 
How fluently do you speak data
How fluently do you speak dataHow fluently do you speak data
How fluently do you speak data
 
Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenience
 
The Privacy Illusion
The Privacy IllusionThe Privacy Illusion
The Privacy Illusion
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
Judy Taylour's Digital Privacy Day 2014 Presentation
Judy Taylour's Digital Privacy Day 2014 PresentationJudy Taylour's Digital Privacy Day 2014 Presentation
Judy Taylour's Digital Privacy Day 2014 Presentation
 
The CAPrice Initiative: A socio-technical solution to digital privacy
The CAPrice Initiative: A socio-technical solution to digital privacy The CAPrice Initiative: A socio-technical solution to digital privacy
The CAPrice Initiative: A socio-technical solution to digital privacy
 
TECHNOLOGY: Solution to our woos not Politicians & INTERNET of THINGS in Nuts...
TECHNOLOGY: Solution to our woos not Politicians & INTERNET of THINGS in Nuts...TECHNOLOGY: Solution to our woos not Politicians & INTERNET of THINGS in Nuts...
TECHNOLOGY: Solution to our woos not Politicians & INTERNET of THINGS in Nuts...
 

More from Tom Eston

Cash is King: Who's Wearing Your Crown?
Cash is King: Who's Wearing Your Crown?Cash is King: Who's Wearing Your Crown?
Cash is King: Who's Wearing Your Crown?Tom Eston
 
The Android vs. Apple iOS Security Showdown
The Android vs. Apple iOS Security Showdown The Android vs. Apple iOS Security Showdown
The Android vs. Apple iOS Security Showdown Tom Eston
 
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...Tom Eston
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Tom Eston
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesTom Eston
 
Social Zombies Gone Wild: Totally Exposed and Uncensored
Social Zombies Gone Wild: Totally Exposed and UncensoredSocial Zombies Gone Wild: Totally Exposed and Uncensored
Social Zombies Gone Wild: Totally Exposed and UncensoredTom Eston
 
Social Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More BrainsSocial Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More BrainsTom Eston
 
Staying Safe & Secure on Twitter
Staying Safe & Secure on TwitterStaying Safe & Secure on Twitter
Staying Safe & Secure on TwitterTom Eston
 
New School Man-in-the-Middle
New School Man-in-the-MiddleNew School Man-in-the-Middle
New School Man-in-the-MiddleTom Eston
 
Rise of the Autobots: Into the Underground of Social Network Bots
Rise of the Autobots: Into the Underground of Social Network BotsRise of the Autobots: Into the Underground of Social Network Bots
Rise of the Autobots: Into the Underground of Social Network BotsTom Eston
 
Information Gathering With Maltego
Information Gathering With MaltegoInformation Gathering With Maltego
Information Gathering With MaltegoTom Eston
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactTom Eston
 
Automated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkAutomated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkTom Eston
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security AssessmentsTom Eston
 
Online Social Networks: 5 threats and 5 ways to use them safely
Online Social Networks: 5 threats and 5 ways to use them safelyOnline Social Networks: 5 threats and 5 ways to use them safely
Online Social Networks: 5 threats and 5 ways to use them safelyTom Eston
 

More from Tom Eston (16)

Cash is King: Who's Wearing Your Crown?
Cash is King: Who's Wearing Your Crown?Cash is King: Who's Wearing Your Crown?
Cash is King: Who's Wearing Your Crown?
 
The Android vs. Apple iOS Security Showdown
The Android vs. Apple iOS Security Showdown The Android vs. Apple iOS Security Showdown
The Android vs. Apple iOS Security Showdown
 
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetratio...
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS Devices
 
Social Zombies Gone Wild: Totally Exposed and Uncensored
Social Zombies Gone Wild: Totally Exposed and UncensoredSocial Zombies Gone Wild: Totally Exposed and Uncensored
Social Zombies Gone Wild: Totally Exposed and Uncensored
 
Social Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More BrainsSocial Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More Brains
 
Staying Safe & Secure on Twitter
Staying Safe & Secure on TwitterStaying Safe & Secure on Twitter
Staying Safe & Secure on Twitter
 
New School Man-in-the-Middle
New School Man-in-the-MiddleNew School Man-in-the-Middle
New School Man-in-the-Middle
 
Rise of the Autobots: Into the Underground of Social Network Bots
Rise of the Autobots: Into the Underground of Social Network BotsRise of the Autobots: Into the Underground of Social Network Bots
Rise of the Autobots: Into the Underground of Social Network Bots
 
Information Gathering With Maltego
Information Gathering With MaltegoInformation Gathering With Maltego
Information Gathering With Maltego
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core Impact
 
Automated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkAutomated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit Framework
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security Assessments
 
Online Social Networks: 5 threats and 5 ways to use them safely
Online Social Networks: 5 threats and 5 ways to use them safelyOnline Social Networks: 5 threats and 5 ways to use them safely
Online Social Networks: 5 threats and 5 ways to use them safely
 

Recently uploaded

The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 

Recently uploaded (20)

The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 

Privacy Exposed: Ramifications of Social Media and Mobile Technology

  • 1. Privacy Exposed: Ramifications of Social Media and Mobile Technology Brian Dean and Tom Eston
  • 2. Agenda • Privacy in a Mobile World – – – – – Apps and Your Data Location Based Services Data Harvesting Hot New Mobile Technology Mobile Application Privacy Policies • Privacy in a Social World – – – – Evolution of Social Technology More Privacy Controls = More Confusion Hot New Social Technology Comparison of Social Network Privacy Policies • Regulatory Ramifications 1,000,000,000,000,000,000,000,000 bytes 2
  • 3. About Your Presenters • Brian Dean – Audit and Compliance Team Manager, Privacy Officer – PCI QSA, PMP, PCIP, ACE, Certified Information Privacy Professional – Privacy Officer, HIPAA Officer, and GLBA Officer for $100 billion bank.  Over 13 years in privacy – Frequent Speaker at IAPP, Info Security Summit, ACI, INFOSEC World • Tom Eston – Attack & Defense Team Manager – Web Applications, Mobile Applications and Device Security – Founder of SocialMediaSecurity.com – OWASP Mobile Threat Model Project Lead – SANS Mentor – SEC542 Web Application Penetration Testing – Frequent Speaker at Black Hat, DEF CON, ShmooCon, DerbyCon, SANS, OWASP AppSec, InfoSec World 3
  • 4. Disclaimer • This presentation is for informational purposes only. • Before implementing or executing on any ideas presented, it would be prudent to seek council from your technical, security, compliance, and Legal representation. • Always perform adequate due diligence, including a formal risk assessment. • Views and opinions presented today are not necessarily that of SecureState or other entities we may represent. – Good chance it doesn’t represent our opinions either. 4
  • 5. Privacy in a Mobile World • Mobile Data: Storage – Mobile devices have become “virtual wallets” – Personal data via social networks and email are easily stored and shared with others – Smartphone are personal tracking devices that just happen to also take phone calls – Smartphones are one expensive wallet to lose! 5
  • 7. 7
  • 8. Trivial to Access Private Data • With physical access…it’s “game over” – Rooting or Jailbreaking of the device – Passcode bypass (iOS 7- several!) – Circumvention of “remote wipe” controls – Malware can harvest personal data (especially on Android) * Subject to the security policies or MDM (Mobile Device Management) enforcement! 8
  • 9. Example: MyFitnessPal • Application stores (too much) PPI on the device 9
  • 10. Phone Stored Data Date of Birth 10
  • 11. Mobile Data: Transmission • Do you know what your apps are sending? – To the app developers? – To third-party ad/marketing companies? • Do mobile apps send your data securely? – Is SSL being used? – In our research of the Top 20 Apps…very few use SSL! 11
  • 12. Example: UDID • What is UDID? – Unique Device IDentifier for the hardware – Apple iOS (iPhone/iPad) • Found to be transmitted from mobile apps – To third party ad and marketing companies – To the mobile app company – Usually transmitted with other personal information (user name, IP, geolocation, etc.) 12
  • 17. 1 Million UDIDs Exposed? • Hackers said it’s from the FBI. FBI denies… • This was actually a third-party breach! 17
  • 18. Location Based Services • Also known as “geolocation” • Coordinates are frequently sent via third party services • GPS coordinates sometimes stored locally or sent back to the company • Apple had a problem with storing location data without user approval in 2011 18
  • 19. Apple iOS Location Data Storage Issue • Fixed in iOS 4.3.3 – When turning off location services, iOS will not store or back up this data • Some researchers created a cool tool to demo this – http://petewarden.github.com/iPhoneTracker/ 19
  • 20. Facebook Timeline and Graph Search • Easier then ever to view where someone has been • Pulls location data from photos, status updates and more… 20
  • 21. Instagram Photomaps “…you can now much more easily access photos you and others took months or even years ago.” – Kevin Systrom, co-founder and CEO of Instagram Image: Mashable 21
  • 22. Address Book Harvesting • More apps are doing this • “See if your friends are using this app” • Apple iOS apps could access contact data without permission (fixed in iOS 6) • Install prompt on Android • Developers can notify you on their own… 22
  • 23. 23
  • 24. Brewster • Takes your: – Address book – LinkedIn contacts – Facebook Friends List – Who you follow on Twitter – Gmail address book – FourSquare Locations – And more… Image: Brewster.com 24
  • 25. Evolution: Facebook Design Tricks Image: TechCrunch http://techcrunch.com/2012/08/25/5-design-tricksfacebook-uses-to-affect-your-privacy-decisions/ 25
  • 26. Evolution: Facebook Design Tricks Image: TechCrunch http://techcrunch.com/2012/08/25/5-design-tricks-facebookuses-to-affect-your-privacy-decisions/ 26
  • 27. Evolution: Facebook Design Tricks Image: TechCrunch http://techcrunch.com/2012/08/25/5-design-tricks-facebookuses-to-affect-your-privacy-decisions/ 27
  • 28. Evolution: Facebook Design Tricks Image: TechCrunch http://techcrunch.com/2012/08/25/5-design-tricks-facebookuses-to-affect-your-privacy-decisions/ 28
  • 29. Apple “Find and Call Malware” • First “Trojan” for Apple iOS? • It was a spammy app that sent your contact list to a third-party server • Your friends get SMS spammed from the server • App removed from the App Store and Google Play Image: Kaspersky Labs 29
  • 30. New Tech: Shopper Tracking • Uses your active WiFi “beacons” to identify you by your MAC address • Google Analytics for “People” http://www.itworld.com/it-management/336828/attention-shoppers-retailers-can-follow-you-around-mall-way-web-trackers-do-onl 30
  • 31. Evolution: Social Media Integrated into Mobile Operating Systems • Apple iOS 5 – Twitter integrated into the OS • Apple iOS 6 – Facebook integrated into the OS • Apple iOS 7 – Pretty interface integrated in OS 31
  • 32. 32
  • 33. Evolution: Google Now and Passbook • Google Now: “Predicts” things based on your location and actions you take on your device • Weather, what’s the traffic like on your way to work? • Passbook: Actions are taken when you enter a location: IE: Enter a Target, coupon pops up 33
  • 35. 35
  • 37. You Don’t Have Any Privacy – Get Over it! http://www.emc.com/digital_universe/downloads/web/personal-ticker.htm 37
  • 38. Generally Accepted Privacy Principles 38
  • 39. Privacy in the Wild • Notice – 6,867 word Privacy Policy (LinkedIn, 10-14-13) • Consent – IF offered often buried down 19 screens • 3rd Party access (service provider in China? Pakistan?) – Hey you “consented.” It was on the 19th screen! • Collection – Some collect too much (MyFitnessPal) • Retention – Not typically addressed in the US • Disclosure to 3rd Parties – Almost unilaterally! • Security – Who knows (more on that later) • Quality – I loaned my phone to my son. I never went… 39
  • 41. Privacy Policies • Notices Bottom Line – Painful to read, so no one reads. We have no idea what we agree to, I just want to play Angry Birds Star Wars 2… 41
  • 42. 42
  • 43. Government Data Requests • Policies almost unilaterally allow sharing with authorities – Per Washington Post (as of 9-6-2013) – Yahoo responded 12,444 requests for data from the U.S. government YTD – 40,322 users – YTD Yahoo has rejected 2% of the requests http://www.nydailynews.com/life-style/google-unveils-smart-shoes-sxsw-article-1.1287259#ixzz2eaJBFnfa 43
  • 44. Government Data Requests (con’t) • Google, Facebook, Apple, Microsoft – Foreign Intelligence Surveillance Act – National Security Agency – Foreign Intelligence Surveillance Court • Sought to release data on the requests they receive from government agencies to release consumer data – Take away: Data is being collected and subject to other possibly accessing. In the US it may NEVER be deleted! 44
  • 45. More Privacy Control = More Confusion • Consumers: – Take initiative to read the Policies – Understand the legalese Policies – Need to act to protect PPI/PHI • Businesses : – Google munged 60 Privacy Policies into 1! – Opt out check-box is 11 pixels wide! – No incentive to manage if consumers don’t care! 45
  • 46. Mobile Apps (where’s the security indicators?) 46
  • 47. Privacy in a Social World • Facebook, Twitter and LinkedIn have grown exponentially! • 900 Million! • Privacy issues have increased as well • Mobile users to top 8 billion by 2016 (1) Image: Ben Foster http://www.benphoster.com/facebook-user-growth-chart-2004-2010/ (1) CNET News, quoting Cisco Forecast from 2-14-2012 47
  • 48. 48
  • 49. Hot New Tech: Facial Recognition • “Facedeals” – Camera real-time matches face to Facebook – Matches get discounts sent to smartphone 49
  • 52. Google Glass • Camera inconspicuously imbedded in glasses – Pictures and stream video to social networks • Already banned in a Seattle Restaurant (5 Point Cafe) – What about at airports (TSA Security check points) – School yards • Smartphone and video cameras 52
  • 53. 53
  • 54. Privacy Ramifications • How to deal with new technology – e.g., Facedeals, MagicBands • Opt out of facial scans? • Misuse of technology! • Tracking children • Apple Passbook – iPhone = your wallet • Digital coupons, tickets, loyalty cards • Allow payment with near field chip (NFC). • GPS detects your location and presents coupon • Malware – Nefarious data extractions • GAPP – Can we really apply Privacy Principles? 54
  • 55. Regulatory Ramifications • International – Appeasing the law patchwork – You think 6000 word Policy is long • Read one that addresses 10 countries! • Now reading page 1 of 101 • United States – Data aggregation and correlation not addressed in US law. • We want ease, we will sacrifice privacy, until it’s too late. 55
  • 56. On the Horizon • • • • • US Businesses will collect more data and retain Technology will better correlate data Consumers won’t read privacy policies (have you?) Breaches will continue unabated New federal encompassing privacy regulations unlikely – Mobile device data regulations may be looming • Technology outpace regulators • More data in the cloud 56
  • 57. New Paradigm • Consumers – Personal responsibility • Read Privacy Policies and Security Safeguards – Choice • Select businesses based on privacy – Cognitively execute your preferences – Correct the accuracy of the data, not just when getting a loan (e.g., HIPAA, GLBA, credit bureaus) – Limit the data you provide (do they really need it?) 57
  • 58. New Paradigm • Businesses need to rethink business model – Capture less data, retain shorter durations – Adopt GAPP principles – Better data protection – De-identify data – Strong encryption • Security/Privacy Professionals – Be aware of the risk – Bad things will happen! – Formally Document the risks for management – Share the risk! (e.g., Annual Risk Posture Statement) – Be a Champion of Privacy and Security 58
  • 59. Closing Thoughts • Short federal law migrating towards EU Privacy Directive, big business will collect and retain all the data they can gather, including passive data sources we discussed. • Security/Privacy professionals, businesses, and YOU the consumer must be proactive in managing our digital footprints. • Collective responsibly! 59
  • 60. Links • Link to Tom’s Facebook Privacy & Security Guide – http://www.securestate.com – http://socialmediasecurity.com 60
  • 61. Tom Eston: teston@securestate.com Twitter: @agent0x0 Brian Dean: bdean@securestate.com [Mostly off the grid ] 61