PrivacyGroup: Difference between revisions
Jump to navigation
Jump to search
(→Tools help: added description, fixed cv dazzle link, added mailto for nissey-sabae for privacy visor) |
(→browser tools: update-scanner plugin) |
||
| Line 40: | Line 40: | ||
====browser tools==== | ====browser tools==== | ||
''these all work with Icecat, or Firefox. They may also work with other FF variants; I haven't checked.'' | |||
* Random Agent Spoofer (blocks a variety of fingerprinting attacks) | * Random Agent Spoofer (blocks a variety of fingerprinting attacks) | ||
* RequestPolicy (By Justin Samuel and Beichuan Zhang, of University of Arizona!) | * RequestPolicy (By Justin Samuel and Beichuan Zhang, of University of Arizona!) | ||
| Line 47: | Line 49: | ||
* HTTPS Everywhere (EFF) | * HTTPS Everywhere (EFF) | ||
* BetterPrivacy (removes LSO's -- supercookies -- which survive normal cleaning of cookie cache) | * BetterPrivacy (removes LSO's -- supercookies -- which survive normal cleaning of cookie cache) | ||
* [https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/ decentraleyes] - runs CDN scripts locally, rather than using remote CDNs (which is trackable) | * [https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/ decentraleyes] - runs CDN scripts locally, rather than using remote CDNs (which is trackable) | ||
* [https://addons.mozilla.org/en-us/firefox/addon/update-scanner/ Update Scanner] -- Useful for watching privacy policies for changes (since that is your obligation, as a continuing user of the site. Often such changes are not highlighted; only a new version is posted). | |||
====testing for problems==== | ====testing for problems==== | ||
Revision as of 19:44, 5 January 2017
This page is an effort to maintain an updated collection of important work on privacy. Recommend stuff from this page? Link to us!
Calendar
Events in this calendar are to privacy-related events. Click an event for more details, and links. <EventCalendar> namespace = PrivacyGroup_Event aspectratio = 1.35 </EventCalendar>
News
- Google and government, via the Google Transparency Project. Google lobbies to influence policy to reduce consumer privacy. This article also discusses the NSA-Google relationship. NEW
- Riseup warrant canary expires, Riseup is alerted, but the canary is not updated. NEW
- FBI now can compromise computers outside the jurisdiction of the court issuing the warrant, including overseas. NEW
- Trump pick for CIA head, Mike Pompeo, says in the Wall Street Journal that "the use of strong encryption in personal communications may itself be a red flag" that a person is a terrorist. NEW
- Extreme surevillance via "Snooper's Charter" is now law in the UK. Among other things, requires internet providers to log websites that their customers connect to. NEW
- FCC requires customer opt-in for ISPs to share "sensitive data", opt-out for "other" data. Previously there was no regulation)
- be wary of dictionary sites (dictionary.com, merriam-webster.com). They have high concentrations of trackers -- Part of the "What they Know" coverage in the Wall Street Journal.
- Tucson Police Department has a "Freedom on the Move" Camera, uses it to monitor anti-islamophobia protest on U. Arizona campus (By Tucson-based Strongwatch)
- James Comey tapes his laptop camera, thus creating a "warrant-proof camera."
- Head of FTC won't use fitbit b/c of privacy worries
- Cybersecurity Sharing Act added at the last minute to a 2K page omnibus spending bill
- police and drone use in Baltimore
- U.N. Report on Encryption as a right. "... [T]he present report examines two linked questions. First, do the rights to privacy and freedom of opinion and expression protect secure online communication, specifically by encryption or anonymity? And, second, assuming an affirmative answer, to what extent may Governments, in accordance with human rights law, impose restrictions on encryption and anonymity?"
- CMU study supports that Google cannot police abuse of its ad system, resulting in violation of privacy
- CEO of Hacking Team interviewed on BusinessInsider
Tools help
People often tell me they are unsure about which privacy-enhancing technologies to use, and how to set them up. Here are some suggestions.
operating systems
- Qubes ...OK, not an OS... (also here is a brief description of getting wireless networking working)
- Tails
browsers
- Tor -- (A new version was released the week of 13 Nov). I suggest subscribing to the RSS feed of the blog of the Tor project to be sure you stay up to date with the hardened version. The hardened version includes AddressSanitizer (ASan) to detect memory corruption. To read RSS feeds privately, use Thunderbird with a separate profile for RSS that is set up to use TorBirdy (more to come on this). NEW
- Also who uses Tor?
- Icecat -- It's like Firefox, but better. Does not support DRM with encrypted media extension technology, unlike Firefox.
browser tools
these all work with Icecat, or Firefox. They may also work with other FF variants; I haven't checked.
- Random Agent Spoofer (blocks a variety of fingerprinting attacks)
- RequestPolicy (By Justin Samuel and Beichuan Zhang, of University of Arizona!)
- NoScript
- PrivacyBadger (EFF)
- Self-Destructing Cookies
- HTTPS Everywhere (EFF)
- BetterPrivacy (removes LSO's -- supercookies -- which survive normal cleaning of cookie cache)
- decentraleyes - runs CDN scripts locally, rather than using remote CDNs (which is trackable)
- Update Scanner -- Useful for watching privacy policies for changes (since that is your obligation, as a continuing user of the site. Often such changes are not highlighted; only a new version is posted).
testing for problems
- new fingerprinting technique Uses AudioContext and getClientRects. Recommended defense is NoScript.
- panopticlick
- browserleaks
- dns leak test -- Test whether you're leaking DNS information while on your VPN, and fix it
facial recognition
- Reflectacles try to ignore the goofy promo. video :-) NEW
- Privacy Visor - Can be purchased by emailing this address at Nissey Co., Ltd.
- CV Dazzle NEW (link now works)
- Glamouflage
- Flashback
other tools
- Get an RSS feed reader to keep up to date on privacy-related sites. For example *cough* subscribe to the PrivacyGroup's feed (It's good to use a secure RSS reader. For mobile there is Courier from The Guardian Project).
- Youtube-dl -- Downloads a variety of streaming formats -- not just for youtube! Can be used with torify (see below) to anonymously view streaming video/audio that otherwise compromises privacy (e.g., flash). Note the version in packages is often not up to date--install the latest with pip to get a version that actually works.
- Torify -- A SOCKS proxy to the Tor network, and a wrapper to use it, so you can e.g. look up GPG keys, or perform WHOIS queries, anonymously.
- Get a GPG key
- installing the latest GPG
- secure SSH
- Using gpg-agent instead of ssh-agent
Other Sites with Tools for Protecting Your Digital Rights
- you broke the internet, we'll build a gnu one
- EPIC privacy-related tools
- Surveillance Self Defense (EFF)
- Opt out of datasharing by Whatsapp before the deadline!
- Center for Digital Society and Data Studies -- UA's center emphasizing digital rights.
- Tactical Technology Collective -- Toolkits and guides for digital security and privacy. Includes guides for Human Rights defenders. Security-in-a-box toolkit has a few inclusions that could be improved, including unhardened Tor, and Firefox rather than Icecat.
- Access Now Defending and extending digital rights of at risk users around the world.
Tools for Making Consent to Privacy Policies More Informed
Why care about privacy?
- 5 min recorded presentation I gave to local businesses on why they should care about privacy
- DoNotTrack documentary
- Why privacy matters
- Maciej Ceglowski's excellent talk
- it could happen to you, congress
- MLK Jr. and the history of bulk surveillance against people of color
- a few other reasons to care about privacy
Giving up privacy
- Americans say they want privacy, but act as if they don't
- The End of Privacy on NPR
- Atlantic article on an Arizona man whose anti-privacy views lead him to share everything, including passwords to email, banks, etc.
- Londoners give up their first born in agreeing to privacy policy
- Ai Weiwei, Privacy, and the future of surveillance
- Article in Science, 'Privacy and Human Behavior in the Information Age' -- By Laura Brandimarte, of U. Arizona (et al)! Reviews of multiple topics in privacy including (esp. relevant to this section) why people who profess to care about privacy nevertheless act as though they don't (the "privacy paradox").
How universities can help
- Don't break Tor and tell the FBI before telling the Tor project
- boingboing on online privacy and libraries
- NSF "Dear Collegue" letter on privacy-related research
- Tor exit nodes list. Note the universities hosting! (MIT, UMich, BU, ...)
Videos
- A series of privacy talks recently ended at The University of Arizona. Cached copies of Privacy and Health (comments here), Privacy and the Media ( comments here), and Privacy and Commercial Data Collection (comments here). These will be updated in the coming weeks NEW
- Snowden talked in a startpage.com-hosted interview in the Netherlands about privacy after the election of Trump in the U.S.; his pardon Mirrored here locally, so you can jump around the video (originally live-broadcast) NEW
- Edward Snowden came to the UA to talk privacy with Glen Greenwald and Noam Chomsky. I mirrored the video, originally available only via flash. This is audio only.
- Edward Snowden discusses removing mounted microphones and cameras from cellphones, excesses of U.S. intelligence