Digital Log

    Csep-564-Lec-8

    2FA

    • Failures
      • SIM swap, or anyone who can intercept your SMS messages
    • Hardware security key is vastly superior to SMS / device prompts
    • Pass keys are a new system built off FIDO
      • Password replacement
      • Google/Apple/Microsoft working together on this to make it seamless across OSes.

    Graphical Passwords

    • An interesting idea, but suffers from the same thing as normal passwords: low entropy.

    Unlock patterns

    • Predictable
    • Smear side channels

    Privacy and Web Tracking

    The web is essentially funded by ads that follow you. But what about your privacy?

    • The ad provider can link your visits between sites, even if you never click their ads!
    • Most of the time, ad tech is not that accurate.
      • There's the popular story of the teenage girl getting pregnancy advertisements, but this level of accuracy is rare.
    • CA and EU has passed some laws regarding privacy.

    Cookies

    • We've mostly discussed first-party cookies, which belong to the top-level domain.
    • But there are also third-party cookies, which belong to domains of embedded content, such as an image or iframe.
      • These are how trackers work; trackers use cookies containing unique identifiers to create browsing profiles.
    • Tracking requires:
      • re-identifying a user
      • communicating id + visited site back to tracker
        and this is quite easy with cookies.

    Tracking

    • Technologies used in tracking:
      • HTTP cookies / auth / etags
      • Content cache
      • HTML5 protocol and content handlers
      • TLS session ID & resume
      • Browsing history
      • window.name
      • DNS cache
    • Tracking is not anonymous it is inked to you.
    • Prevalency:
      • 2011 top 500 websites:
        • 524 unique trackers
        • 91% embed at least one tracker
        • 50% embed 4-5 trackers

    Defenses

    • "Do Not Track":
      • is not a technical defense; trackers must honor the request.
      • And because it is rarely used, it actually further identifies you!
    • Private browsing mode:
      • protects against local, not network attackers.
      • you visiting websites from your IP is still totally visible on the network level.
    • Third-party cookie blocking:
      • Safari and FF now do this (as of 2019).
      • Chrome said no
        • They argued that by removing third party cookies, ad companies would instead start fingerprinting and overall result in less privacy and control.
        • They later agreed to remove third party cookies by 2024.

    The response to no third-party cookies: cookie ghostwriting.

    1. You go to flickr.com

    2. They load <script src =siftscience.com/s.js />

    3. S.js runs

      fp = fingerprintjs2
setcookie(fp)
hexagon-analytics.com/cookiereciever?cookie=fp

    4. Every time you load flickr.com, you are identified and your cookie is sent to the analytics server.

    5. The same thing happens when you visit patreon.com, with the same fingerprint.

    Fingerprinting

    • It's out there.
    • Better than a voluntary cookie: it's involuntary and you can't change it!
    • But we also use this technique as a security measure
      • Blocking bots
      • Validating users over time

    Privacy preserving personalized ads

    • Google first built FLoC and then Topics (after flak on floc)
    • The browser, not the advertiser, holds in the information about what the advertiser thinks a person is interested in.
    • Advertisers can serve ads based on an interest, but cannot combine that with other info about the person.
    • Web sites the person visits, and the ad networks on those sites, cannot learn about the visitors' ad interests.
    • Perhaps after this is adopted, finger printing could be burnt to the ground, but that would require re-thinking a lot in our browsers.

    Tor Discussion

    • Tor is useful for many things, one of which is getting around censorship.
    • Dark web is just the "hidden services" mentioned in the Tor paper, they are only accessible via Tor and it is very hard to discover any identifying information about these servers.
    • Deep web is just stuff that's not indexed (e.g. like forums).
    • The NSA likely owns some proportion of TOR nodes, but it is unknown how many. They'd be silly not to own any though, as they are probably trying to inspect and analyze traffic.
    • Being an exit node is complicated. Most of the traffic is "yikes" and you'll likely be talking to the FBI at some point.

    Privacy on Public Networks

    Most of the internet happens in the public. So what is anonymity in this context?

    • Anonymity is the state of not being identifiable within a set of subjects
      • In particular, you are not anonymous by yourself.
    • Unlinkability of action and identity
      • e.g., sender and email they send are no more related after observing communication than before
    • Unobservability
      • observer cannot even tell whether a certain action took place or not
      • hard to achieve
    • Applications:
      • Privacy: hide online transactions, web browsing, etc.
      • Untraceable email: e.g. Corporate whistle-blowers
      • Digital cash: electronic currency with properties of paper money (purchases unlinkable to buyer's identity)
      • Anonymous electronic voting

    Anonymity in Datasets

    You can't just remove some private info from your dataset; you have to worry about the intersection with other data sets.

    • k-anonymoity means that each person contained in a dataset cannot be distinguished from at least $k-1$ others in the data.
      • but this does not work for sparse, high-dimensional datasets.

    Netflix challenge

    • Netflix released a non-uniform random sample of user's movie ratings
    • Challenge was to build a better recommendation system.
    • They added some "noise" (or maybe they didn't actually).
    • Result: cross-correlate with IMDB ratings, you end up only needing 6 or fewer ratings of non-top 500 movies.

    Differential Privacy

    • There's a trusted party with a database.
    • We want to allow queries on the database that are useful but preserve the privacy of individual records.
    • Intuition: add noise so that an output is produced with similar probability whether or not any single input is included.
    • Note: this maintains privacy of the computation, not the dataset.

    Mixnets

    Basically there is a "mixing bowl" step between communcation nodes that performs routing, with its own public key that senders use to encrypt.

    • E.g. Anonymous emails
    • This is the technique in Tor routing

    Tor

    • You need to never mess up to maintain anonymity.
      • If ever you end up sending a tracking cookie to an exit node, your identity is revealed.
    • The simple act of using Tor can make one a target for more surveillance, as it is obvious you are using it.
    • Hosting an exit node could result in illegal activity coming from your machine.
    • Tor is not designed to protect against adversaries with the capabilities of a state.