Commit 4e0bd0bc authored by JindraZPrahy's avatar JindraZPrahy
Browse files

phone privacy and security lecture added

parent f5562e57
%Kompilujte LuaLaTeXem (lualatex soubor.tex)
\documentclass[11pt,t]{beamer}
%Pozn.: velikost slidu 12.8 cm*9.6 cm
%\usetheme{Warsaw}
\usepackage[utf8]{inputenc}
\usepackage[T1]{fontenc}
\usepackage[english]{babel}
\usepackage{amsmath}
\usepackage{amsfonts}
\usepackage{amssymb}
\usepackage{graphicx}
%\usepackage{dtk-logos}
\usepackage{wrapfig}
\usepackage{color}
\usepackage{natbib}
\renewcommand{\phi}{\varphi}
%Aby fungoval jiný font
\usefonttheme{professionalfonts} % using non standard fonts for beamer
\usefonttheme{serif} % default family is serif
\usepackage{fontspec}
\setmainfont[
Path = ./,
Extension = .ttf,
Ligatures = TeX
]{Helvetica}
\newcommand{\ket}[1]{\rvert #1 \rangle }
\newcommand{\bra}[1]{\langle #1 \lvert }
\newcommand{\braket}[2]{\langle #1 \rvert #2 \rangle }
\usepackage[most]{tcolorbox}
\newtcbtheorem{myTheorem}{THEOREM}{%
enhanced,
arc=5pt,
boxrule=1pt,
oversize=-3em,
colframe=orange,
colback=white,
attach boxed title to top left={xshift=5mm,yshift*=-\tcboxedtitleheight/2},
boxed title style={ colback=orange!10, boxrule=1pt, arc=5pt, left=1mm, right=1mm},
coltitle=black,
separator sign none,
description delimiters={(}{)}
}{th}
\addtobeamertemplate{navigation symbols}{}{%
\usebeamerfont{footline}%
\usebeamercolor[fg]{footline}%
\hspace{1em}%
\raisebox{.25em}{\insertframenumber/\inserttotalframenumber}
}
%Vlastní enviromenty do slidů
\newenvironment{slidecontent}
{\vspace*{\fill}
}
{
\vspace*{\fill}
}
\newenvironment{slidetitle}
{\vspace*{0.5cm}\hspace*{.2cm}\Huge
}
{
\vspace*{0.6cm}
}
\useinnertheme{circles}
\setbeamertemplate{itemize item}{\scriptsize\raise1.25pt\hbox{\color{black}{$\bullet$}}}
\setbeamertemplate{itemize subitem}{\tiny\raise1.5pt\hbox{\color{black}{$\bullet$}}}
\setbeamertemplate{itemize subsubitem}{\tiny\raise1.5pt\hbox{\color{black}{$\bullet$}}}
%Marginy
\setbeamersize{text margin left=0.2cm,text margin right=0.2cm}
%I can redefine pauser to nothing if I want to get rid of duplicate slides
\newcommand{\pauser}{\pause}
\title{\color{black}Privacy and security on phones
%\large
}
\author{Jindřich Dušek}
\date{\today}
\graphicspath{{fig/}}
\begin{document}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background2.png}}
\begin{frame}[plain]
\begin{slidetitle}
\end{slidetitle}
\begin{slidecontent}
\maketitle
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
\begin{frame}[plain]
\begin{slidetitle}
Outline
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item Threat models
\item Apps \& Services overview
\item Conclusion \& Links
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
\begin{frame}[plain]
\begin{slidetitle}
Privacy vs. Security
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item Privacy: only people you trust have access
\item Security: you can trust the implementation
\pause
\item Example 1: A piece of paper with passwords you have at home: private
(only you can see it), but not secure (thiefs can easily steal it)
\item Example 2: Passwords stored on a server of a password manager: secure
(they probably have security experts), but not private (if not e2e encrypted)
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
\begin{frame}[plain]
\begin{slidetitle}
Threat models
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item Usually you have to do tradeoffs: privacy or security for convenience.
\item To determine if the tradeoff is worth it you have to consider your
specific situation.
\item The model which helps you determine this is called a {\color{red}threat model}.
\pause
\item Threat model: you need to determine
\begin{itemize}
\item who you can trust
\item who you have to defend against (who is your threat)
\end{itemize}
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
\begin{frame}[plain]
\begin{slidetitle}
Threat models
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item Threat models are THE most important aspect of (cyber)security.
\item Without a proper threat model the info you read online will seem
contradictory.
\item It {\color{red}is} possible to improve your (cyber)security: only you are
probably going to have to do it {\color{red}gradually}.
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
\begin{frame}[plain]
\begin{slidetitle}
Threat models
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item Threat models are THE most important aspect of (cyber)security.
\item Without a proper threat model the info you read online will seem
contradictory.
\item It {\color{red}is} possible to improve your (cyber)security: only you are
probably going to have to do it {\color{red}gradually}.
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
\begin{frame}[plain]
\begin{slidetitle}
Example threat models
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item I am afraid someone might start stalking me due to X.
\item I am afraid the government might go after me due to X.
\begin{itemize}
\item i.\,e. if you are considering an abortion in Poland, or are sans-papier.
\end{itemize}
\item I am afraid big corporations might exploit me due to X.
\begin{itemize}
\item i.\,e. they might collect my medical data and make my insurance more
expensive.
\end{itemize}
\pause
\item You can also endanger your friends by using insecure services.
\pause
\item Rule of thumb: ask yourself, If I were my adversary, what strategy would I use?
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
\begin{frame}[plain]
\begin{slidetitle}
Threat models
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item Ultimately, you have to create your own threat model by at least thinking about
it. You can also discuss it with your friends or write it down.
\item I am going to list the most common security threats and then try
to say how to mitigate them.
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background2.png}}
\begin{frame}[plain]
\centering
\vspace*{4cm}
\Huge
Apps \& services overview
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
\begin{frame}[plain]
\begin{slidetitle}
Communication
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item E-mail
\item Social networks
\item Instant messaging applications
\item Phone \& SMS
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
\begin{frame}[plain]
\begin{slidetitle}
E-mail
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item It is possible to have end to end encrypted (e2e) e-mail with PGP, but
you need to exchange keys with everyone separately.
\item e2e can be automated if you exchange messages under one provider
who supports it
\begin{itemize}
\item Sending e-mails from address1@protonmail.ch to address2@protonmail.ch is e2e.
\item But sending e-mails from address1@protonmail.ch to address1@gmail.com isn't.
\end{itemize}
\item My recommendation: always treat e-mail as inherently unsafe; always
assume what you send through e-mail can be read by the government and/or big
corporations and then leaked
\item Note: having a @gmail.com address can make you less easily
fingerprintable because you don't stand out that much.
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
\begin{frame}[plain]
\begin{slidetitle}
Social networks
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item They can see what you like and who you interact with, and create targeted
adds based on it.
\item What you can do to limit data collection:
\begin{itemize}
\item Set hard limits on what kind of information you are willing to disclose
(e.\,g. I won't talk about my romantic relationships online).
\item Delete your posts after some time delay (they are probably going
to stay archived, but won't be publicly seen).
\item Periodically delete your account and start a new one.
\item Use specialised add blockers (you can use Firefox add-ons which work on
mobile).
\end{itemize}
\item Your identity will always be more or less known, because it can be
determined through your contacts.
\item Always assume that the U. S. government can read your every message and
conduct data analysis on your behaviour. (this has already happened, see the
story of Edward Snowden)
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
\begin{frame}[plain]
\begin{slidetitle}
Instant messaging
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item {\color{green}Signal}
\begin{itemize}
\item e2e by default
\item private contact discovery (Signal doesn't know your contacts) \url{https://signal.org/blog/contact-discovery/}
\item open source server-side \& client side
\end{itemize}
\item Matrix
\begin{itemize}
\item e2e by default
\item decentralised
\item open-source
\item not so user friendly
\end{itemize}
\item Telegram
\begin{itemize}
\item not e2e by default
\item isn't open source server-side
\item Security-wise probably a bit better then applications from Meta, but probably
not by much. We can expect a backdoor.
\end{itemize}
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
\begin{frame}[plain]
\begin{slidetitle}
SMS \& calls
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item not e2e encrypted
\item The government can most likely listen to them.
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
\begin{frame}[plain]
\begin{slidetitle}
Data harvesting
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item Why it is a problem at all:
\begin{itemize}
\item John Oliver: \url{https://www.youtube.com/watch?v=wqn3gR1WTcA}
\begin{itemize}
\item Data can easily identify you or your friends and get you into trouble.
\end{itemize}
\item Global freedom restricting tendencies: Surveillance capitalism, Technofeudalism
\item Rising authoritarian tendencies (even in Europe)
\item Even if it's OK now, the data remains stored for posterity.
\end{itemize}
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
\begin{frame}[plain]
\begin{slidetitle}
Data harvesting
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item By individual applications
\item By the OS
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
\begin{frame}[plain]
\begin{slidetitle}
Types of harvestable data
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item What apps you are using and for how long.
\item Your location (can be determined precisely through wi-fi, or through 5G).
\item Microphone recordings
\begin{itemize}
\item It is in practice possible for an application with permissions to
listen to what is happening around you and understand what you are saying.
\url{https://www.makeuseof.com/tag/your-smartphone-listening-or-coincidence/}
\item Cross-device tracking
\url{https://tinyurl.com/2f3pyuh3}
\end{itemize}
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
\begin{frame}[plain]
\begin{slidetitle}
Individual applications
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item Don't use shady applications in the first place, find alternatives, for example here
\url{https://prism-break.org/en/}
\item Manage application permissions (can be easily done through the OS
settings)
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
\begin{frame}[plain]
\begin{slidetitle}
OS Spying
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item You can limit data collection by changing user behaviour\dots
\item but this is tricky since the extent of OS data collection is unclear.
\pause
\item An alternative is to install an different OS.
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
\begin{frame}[plain]
\begin{slidetitle}
Alternative OS's
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item AFAIK this cannot be done with Apple devices.
\item Not possible on all devices, you need an {\color{red}unlocked bootloader}.
\item If you have a~compatible device, the installation process is surprisingly
simple.
\item I have experience with LineageOS, but a more secure option is GrapheneOS.
\item The user experience is comparable to Android, since most OS's are based
on AOSP (Android open source project)
\item Not only good for privacy, but also for security -- OS's include more security
updates and make the device last longer.
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
\begin{frame}[plain]
\begin{slidetitle}
Compatible devices
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item You need
\begin{enumerate}
\item[{\color{black}1.}] an unlockable bootloader,
\item[{\color{black}2.}] compatibility with the desired OS.
\end{enumerate}
\item A rough list of available devices: \url{https://wiki.lineageos.org/devices/}
\item It is worth it to buy devices with unlockable bootloaders even if you
don't plan to install a~new OS, since it suggests better device quality.
\item My recommendation: the OnePlus series, for example One Plus 6T costs 150
CHF on Tutti.
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
\begin{frame}[plain]
\begin{slidetitle}
Compatible devices
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item You need
\begin{enumerate}
\item[{\color{black}1.}] an unlockable bootloader,
\item[{\color{black}2.}] compatibility with the desired OS.
\end{enumerate}
\item A rough list of available devices: \url{https://wiki.lineageos.org/devices/}
\item It is worth it to buy devices with unlockable bootloaders even if you
don't plan to install a~new OS, since it suggests better device quality.
\item My recommendation: the OnePlus series, for example One Plus 6T costs 150
CHF on Tutti.
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
\begin{frame}[plain]
\begin{slidetitle}
Resources
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item \url{https://www.youtube.com/c/BraxMe} Rob Braxman Tech
\item \url{https://prism-break.org/en/} Prism Break (find alternatives for your apps)
\item \url{https://riseup.net/} Riseup provides online communication tools for people and groups working on liberatory social change.
\item \url{https://gitlab.ethz.ch/thealternative/courses/-/tree/master/privacy} TheAlternative course on privacy in general
\item \url{https://www.fsf.org/} Free Software Foundation
\end{itemize}
\end{slidecontent}
\end{frame}
}
\end{document}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment