Commit 1c165306 authored by JindraZPrahy's avatar JindraZPrahy
Browse files

phone p a s update

parent ddd1f34d
......@@ -65,6 +65,21 @@
\graphicspath{{fig/}}
%%%% Macros
\makeatletter
\newcommand*{\shifttext}[2]{%
\settowidth{\@tempdima}{#2}%
\makebox[\@tempdima]{\hspace*{#1}#2}%
}
\makeatother
\newcommand{\cheatbox}[3]{%
\shifttext{#1}{\raisebox{#2}[0pt][0pt]{%
#3%
}}%
}
\begin{document}
{
......@@ -100,6 +115,16 @@ discussion will also be possible.
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background2.png}}
\begin{frame}[plain]
\centering
\vspace*{4cm}
\Huge
Threat models
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_green.png}}
\begin{frame}[plain]
......@@ -110,17 +135,42 @@ Privacy vs. Security
\begin{itemize}
\item Privacy: only people you trust have access
\item Security: you can trust the implementation
\pause
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_green.png}}
\begin{frame}[plain]
\begin{slidetitle}
Privacy vs. Security
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\only<+>{
\item Example 1: A piece of paper wih passwords you have at home: private
(only you can see it), but not secure (thieves can easily steal it).
\pause
\begin{figure}[h]
\centering
\includegraphics[width=6cm]{./fig/password.jpeg}
\end{figure}
}
\only<+>{
\item Example 2: Passwords stored on a server of a password manager: secure
(they probably have security experts), but not private (if not e2e encrypted).
\begin{figure}[h]
\centering
\includegraphics[width=8cm]{./fig/data-centre.jpeg}
\end{figure}
}
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_green.png}}
\begin{frame}[plain]
......@@ -133,34 +183,63 @@ Threat models
\begin{itemize}
\item The most private \& secure option after all is to not have a~phone at all.
\end{itemize}
\begin{figure}[h]
\centering
\includegraphics[width=10cm]{trade-offer.jpeg}
\end{figure}
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_green.png}}
\begin{frame}[plain]
\begin{slidetitle}
Threat models
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item To determine if the tradeoff is worth it you have to consider your
specific situation.
\item The model which helps you determine this is called a {\color{red}threat model}.
\pause
\item Threat model: you need to determine
\begin{itemize}
\item who you can trust
\item who you have to defend against (who is your threat)
\end{itemize}
\begin{figure}[h]
\centering
\includegraphics[width=8cm]{hacker-threat.jpeg}
\end{figure}
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_green.png}}
\begin{frame}[plain]
\begin{slidetitle}
Threat models
Definition
%\shifttext{3cm}{\raisebox{-1.5cm}[0pt][0pt]{
%\includegraphics[height=3cm]{math-definition.jpeg}
%}}
\cheatbox{3cm}{-1.5cm}{
\includegraphics[height=3cm]{math-definition.jpeg}
}
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item Threat models are THE most important aspect of (cyber)security.
\item Without a proper threat model the info you read online will seem
contradictory.
\item It {\color{red}is} possible to improve your (cyber)security: only you are
probably going to have to do it {\color{red}gradually}.
\item Threat modelling is a structured approach of identifying and prioritizing
potential threats to a system, and determining the value that potential
mitigations would have in reducing or neutralizing those threats.
\pause
\item The process:
\begin{itemize}
\item[{\color{black}1.}] Who do you have to defend against (who is your threat)?
\pause
\item[{\color{black}2.}] What can you do to mitigate the threats and how difficult it is to do it?
\pause
\item[{\color{black}3.}] What combination of measures to choose so that they synergise well and are feasible to accomplish?
\end{itemize}
\end{itemize}
\end{slidecontent}
\end{frame}
......@@ -171,24 +250,62 @@ probably going to have to do it {\color{red}gradually}.
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_green.png}}
\begin{frame}[plain]
\begin{slidetitle}
Example threat models
Example threats
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\only<+->{
\item I am afraid someone might start stalking me due to X.
\only<.>{\vspace{6cm}}
}
\only<.>{
{\centering
\cheatbox{0cm}{-6cm}{
\includegraphics[width=8cm]{stalker.jpeg}}
}
}
%
\only<+->{
\item I am afraid the government might go after me due to X.
\begin{itemize}
\item i.\,e. if you are considering an abortion in Poland, or are sans-papier.
\end{itemize}
\only<.>{\vspace{4cm}}
}
\only<.>{
{\centering
\cheatbox{2cm}{-1cm}{
\includegraphics[width=6cm]{mcafee.jpeg}}
}
}
%
\only<+->{
\item I am afraid big corporations might exploit me due to X.
\begin{itemize}
\item i.\,e. they might collect my medical data and make my insurance more
expensive.
\end{itemize}
\pause
}
\only<.>{
{\centering
\cheatbox{12cm}{2cm}{
\includegraphics[width=5cm]{evil-corp.jpeg}}
}
}
%
\only<+->{
\item You can also endanger your friends by using insecure services.
\pause
}
\only<.>{
{\centering
\cheatbox{6cm}{-3cm}{
\includegraphics[width=4cm]{endanger-friends.png}}
}
}
%
\only<+->{
\item Rule of thumb: ask yourself, If I were my adversary, what strategy would I use?
}
\end{itemize}
\end{slidecontent}
\end{frame}
......@@ -198,48 +315,93 @@ expensive.
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_green.png}}
\begin{frame}[plain]
\begin{slidetitle}
Threat models
What to do?
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\only<+->{
\item Ultimately, you have to create your own threat model by at least thinking about
it. You can also discuss it with your friends or write it down.
\item I am going to list the most common security threats and then try
to say how to mitigate them.
\end{itemize}
\end{slidecontent}
\end{frame}
}
\only<.>{
\cheatbox{4cm}{-3cm}{
\includegraphics[width=4cm]{thinking.jpeg}}
}
%
\only<+->{
\item Develop a threat mitigation strategy and start applying it.
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background2.png}}
\begin{frame}[plain]
\only<.>{
\centering
\vspace*{4cm}
\Huge
Apps \& services overview
\cheatbox{0cm}{-2.5cm}{
\includegraphics[width=4cm]{jenga.jpeg}}
}
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_blue.png}}
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_green.png}}
\begin{frame}[plain]
\begin{slidetitle}
Communication
Disclaimer
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item E-mail
\item Social media
\item Instant messaging applications
\item Phone \& SMS
\item Threat models are THE most important aspect of (cyber)security.
\item Without a proper threat model the info you read online will seem
contradictory.
\item It {\color{red}is} possible to improve your (cyber)security: only you are
probably going to have to do it {\color{red}gradually}.
\only<+>{
\centering
\cheatbox{0cm}{-2.5cm}{
\includegraphics[width=4cm]{zen.jpeg}}
}
\end{itemize}
\end{slidecontent}
\end{frame}
}
%{
%\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background2.png}}
%\begin{frame}[plain]
%\centering
%\vspace*{4cm}
%\Huge
%Apps \& services overview
%\end{frame}
%}
%
%{
%\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_blue.png}}
%\begin{frame}[plain]
%\begin{slidetitle}
%Communication
%\end{slidetitle}
%\begin{slidecontent}
%\begin{itemize}
%\item E-mail
%\item Social media
%\item Instant messaging applications
%\item Phone \& SMS
%
%\only<+>{
%\cheatbox{14cm}{-3cm}{
%\includegraphics[width=2.2cm]{communication.jpeg}}
%}
%
%\end{itemize}
%\end{slidecontent}
%\end{frame}
%}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_blue.png}}
\begin{frame}[plain]
......@@ -248,21 +410,33 @@ E-mail
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\only<+->{
\item It is possible to have end to end encrypted (e2e) e-mail with PGP, but
you need to exchange keys with everyone separately.
\pause
you need to exchange keys with everyone separately. :(
\only<.>{\vspace{0cm}}
}
\only<.>{\rotatebox{-25}{\Large More like pretty bad privacy amirite}}
\only<+->{
\item e2e can be automated if you exchange messages under one provider
who supports it
\begin{itemize}
\item Sending e-mails from address1@protonmail.ch to address2@protonmail.ch is e2e.
\item But sending e-mails from address1@protonmail.ch to address1@gmail.com isn't.
\end{itemize}
\pause
}
\only<.>{
\centering
\cheatbox{4cm}{3.5cm}{
\includegraphics[width=4cm]{automation.jpeg}}
}
%
\only<+->{
\item My recommendation: always treat e-mail as inherently unsafe; always
assume what you send through e-mail can be read by the government and/or big
corporations and then leaked
\item Note: having a @gmail.com address can make you less easily
fingerprintable because you don't stand out that much.
}
\end{itemize}
\end{slidecontent}
\end{frame}
......@@ -287,12 +461,16 @@ determined through your contacts.
\begin{itemize}
\item Set hard limits on what kind of information you are willing to disclose
(e.\,g. I won't talk about my romantic relationships online).
\pause
\item Delete your posts after some time delay (they are probably going
to stay archived, but won't be publicly seen).
\pause
\item Periodically delete your account and start a new one.
\pause
\item Use specialised add blockers (you can use Firefox add-ons which work on
mobile).
\end{itemize}
\pause
\item Always assume that the U. S. government can read your every message and
conduct data analysis on your behaviour. (this has already happened, see the
story of Edward Snowden)
......@@ -394,6 +572,8 @@ Data harvesting
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item Definition: Massive collection of data about you and their analysis.
\pause
\item Why it is a problem at all:
\begin{itemize}
\item John Oliver: \url{https://www.youtube.com/watch?v=wqn3gR1WTcA}
......@@ -404,9 +584,10 @@ Data harvesting
\pause
\item Rising authoritarian tendencies (even in Europe)
\begin{itemize}
\item You can endanger your friends without even knowing it.
\item E.\,g. violence against queer people in Hungary, genocide on trans people
in Texas, or abortion bans in Poland.
in Texas, or abortion bans in Poland (and the U.S.!).
\item You can endanger your friends without even knowing it: 1/4 women in the
U.S. have had an abortion: $(3/4)^n$ chance of not knowing one.
\end{itemize}
\pause
\item Even if it's OK now, the data remains stored for posterity $\Rightarrow$
......@@ -417,20 +598,32 @@ future regimes can exploit it.
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_pink.png}}
\begin{frame}[plain]
\begin{slidetitle}
Data harvesting
Types of harvestable data
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item By individual applications
\item By the OS
\item What apps you are using, when and for how long.
\pause
\item You will hear Google or Apple talking about how secure their latest phones are.
In reality, they are creating a monopoly on surveillance. Secure $\neq$ private!
\item Your location (can be determined precisely through wi-fi, or through 5G).
\pause
\item Microphone recordings
\begin{itemize}
\item It is in practice possible for an application with permissions to
listen to what is happening around you and understand what you are saying.
\url{https://www.makeuseof.com/tag/your-smartphone-listening-or-coincidence/}
\item Cross-device tracking
\url{https://tinyurl.com/2f3pyuh3}
\end{itemize}
\pause
\item Analysis of files you use (for example photos in Google Cloud).
\pause
\item Analysis of your behaviour in apps.
\pause
\item ??? (we don't know the full extent of data harvesting)
\end{itemize}
\end{slidecontent}
\end{frame}
......@@ -441,30 +634,24 @@ In reality, they are creating a monopoly on surveillance. Secure $\neq$ private!
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_pink.png}}
\begin{frame}[plain]
\begin{slidetitle}
Types of harvestable data
Data harvesting
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item What apps you are using and for how long.
\pause
\item Your location (can be determined precisely through wi-fi, or through 5G).
\pause
\item Microphone recordings
\begin{itemize}
\item It is in practice possible for an application with permissions to
listen to what is happening around you and understand what you are saying.
\url{https://www.makeuseof.com/tag/your-smartphone-listening-or-coincidence/}
\item Cross-device tracking
\url{https://tinyurl.com/2f3pyuh3}
\end{itemize}
\item By individual applications
\item By the OS
\pause
\item ??? (we don't know the full extent of data harvesting)
\item You will hear Google or Apple talking about how secure their latest phones are.
In reality, they are creating a monopoly on surveillance. Secure $\neq$ private!
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_pink.png}}
\begin{frame}[plain]
......@@ -519,6 +706,7 @@ or /e/.
\pause
\item The user experience is comparable to Android, since most OS's are based
on AOSP (Android open source project)
\pause
\item Not only good for privacy, but also for security -- OS's include more security
updates and make the device last longer.
\end{itemize}
......@@ -582,7 +770,7 @@ Google Services (gapps)
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item ``The proprietary Google-branded applications that come pre-installed with
\item Gapps: ``The proprietary Google-branded applications that come pre-installed with
most Android devices, such as the Play Store, Gmail, Maps, etc.''
\pause
\item ``Google Play Services is a software layer between the Android OS and your
......@@ -619,9 +807,11 @@ Life without Gapps
\item Certain apps require Google Services
\item Google Pay won't be possible (but for payment cash is the only\footnote{Most cryptocurrencies aren't anonymous either,
perhaps only Monero.} anonymous option anyway).
\pause
\item Banking apps won't work!
\pause
\item Usually the apps that break aren't privacy-respecting anyway. Sometimes
only the privacy-ignoring part doesn't work (Uber).
\item Banking apps won't work!
\end{itemize}
\end{slidecontent}
\end{frame}
......@@ -712,6 +902,34 @@ Pegasus (spyware)
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_yellow.png}}
\begin{frame}[plain]
\begin{slidetitle}
Burner phones
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item Bringing your phone to demonstrations?
\begin{itemize}
\item[{\color{black}+}] You can record the police and organise.
\item[{\color{black}-}] Your geolocation WILL be recorded and accessible in posterity.
\pause
\item[{\color{black}$\Rightarrow$}] Use a camera without internet access. {\color{red}Leave your phone at home}.
\end{itemize}
\pause
\item Burner phones: once you put the sim card in, the location is being
recorded. Don't store your burner phone in proximity to your real phone.
\pause
\item Can your phone track you if it's shut down? Probably yes, because you
can't know if it really is turned off.
\begin{itemize}
\item Windows already does this: \url{https://www.youtube.com/watch?v=OBGxt8zhbRk&ab_channel=Techquickie}
\end{itemize}
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment