phone privacy and security lecture added

phone_privacy_and_security/.gitignore

+*out
+*snm
+*toc
+*log
+*aux

phone_privacy_and_security/pres.tex

+%Kompilujte LuaLaTeXem (lualatex soubor.tex)
+\documentclass[11pt,t]{beamer}
+%Pozn.: velikost slidu 12.8 cm*9.6 cm
+%\usetheme{Warsaw}
+\usepackage[utf8]{inputenc}
+\usepackage[T1]{fontenc}
+\usepackage[english]{babel}
+\usepackage{amsmath}
+\usepackage{amsfonts}
+\usepackage{amssymb}
+\usepackage{graphicx}
+%\usepackage{dtk-logos}
+\usepackage{wrapfig}
+\usepackage{color}
+\usepackage{natbib}
+
+\renewcommand{\phi}{\varphi}
+%Aby fungoval jiný font
+\usefonttheme{professionalfonts} % using non standard fonts for beamer
+\usefonttheme{serif} % default family is serif
+\usepackage{fontspec}
+\setmainfont[
+    Path           = ./,
+    Extension      = .ttf,
+    Ligatures      = TeX
+]{Helvetica}
+
+\newcommand{\ket}[1]{\rvert #1 \rangle }
+\newcommand{\bra}[1]{\langle #1 \lvert }
+\newcommand{\braket}[2]{\langle #1 \rvert #2 \rangle }
+
+
+\usepackage[most]{tcolorbox}
+\newtcbtheorem{myTheorem}{THEOREM}{%
+    enhanced,
+    arc=5pt,
+    boxrule=1pt,
+    oversize=-3em,
+    colframe=orange,
+    colback=white,
+    attach boxed title to top left={xshift=5mm,yshift*=-\tcboxedtitleheight/2},
+    boxed title style={ colback=orange!10, boxrule=1pt, arc=5pt, left=1mm, right=1mm},
+    coltitle=black,
+    separator sign none,
+    description delimiters={(}{)}
+}{th}
+
+\addtobeamertemplate{navigation symbols}{}{%
+    \usebeamerfont{footline}%
+    \usebeamercolor[fg]{footline}%
+    \hspace{1em}%
+    \raisebox{.25em}{\insertframenumber/\inserttotalframenumber}
+}
+
+%Vlastní enviromenty do slidů
+\newenvironment{slidecontent}
+	{\vspace*{\fill}
+	}
+	{
+	\vspace*{\fill}
+}
+\newenvironment{slidetitle}
+	{\vspace*{0.5cm}\hspace*{.2cm}\Huge
+	}
+	{
+	\vspace*{0.6cm}
+}
+
+\useinnertheme{circles}
+\setbeamertemplate{itemize item}{\scriptsize\raise1.25pt\hbox{\color{black}{$\bullet$}}}
+\setbeamertemplate{itemize subitem}{\tiny\raise1.5pt\hbox{\color{black}{$\bullet$}}}
+\setbeamertemplate{itemize subsubitem}{\tiny\raise1.5pt\hbox{\color{black}{$\bullet$}}}
+
+%Marginy
+\setbeamersize{text margin left=0.2cm,text margin right=0.2cm}
+
+%I can redefine pauser to nothing if I want to get rid of duplicate slides
+\newcommand{\pauser}{\pause}
+
+\title{\color{black}Privacy and security on phones
+%\large
+}
+\author{Jindřich Dušek}
+\date{\today}
+
+
+\graphicspath{{fig/}}
+
+
+\begin{document}
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background2.png}}
+\begin{frame}[plain]
+\begin{slidetitle}
+\end{slidetitle}
+\begin{slidecontent}
+\maketitle
+\end{slidecontent}
+\end{frame}
+}
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
+\begin{frame}[plain]
+\begin{slidetitle}
+Outline
+\end{slidetitle}
+\begin{slidecontent}
+\begin{itemize}
+\item Threat models
+\item Apps \& Services overview
+\item Conclusion \& Links
+\end{itemize}
+\end{slidecontent}
+\end{frame}
+}
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
+\begin{frame}[plain]
+\begin{slidetitle}
+Privacy vs. Security
+\end{slidetitle}
+\begin{slidecontent}
+\begin{itemize}
+\item Privacy: only people you trust have access
+\item Security: you can trust the implementation
+\pause
+\item Example 1: A piece of paper with passwords you have at home: private
+(only you can see it), but not secure (thiefs can easily steal it)
+\item Example 2: Passwords stored on a server of a password manager: secure
+(they probably have security experts), but not private (if not e2e encrypted)
+\end{itemize}
+\end{slidecontent}
+\end{frame}
+}
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
+\begin{frame}[plain]
+\begin{slidetitle}
+Threat models
+\end{slidetitle}
+\begin{slidecontent}
+\begin{itemize}
+\item Usually you have to do tradeoffs: privacy or security for convenience.
+\item To determine if the tradeoff is worth it you have to consider your
+specific situation.
+\item The model which helps you determine this is called a {\color{red}threat model}.
+\pause
+\item Threat model: you need to determine
+\begin{itemize}
+\item who you can trust
+\item who you have to defend against (who is your threat)
+\end{itemize}
+\end{itemize}
+\end{slidecontent}
+\end{frame}
+}
+
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
+\begin{frame}[plain]
+\begin{slidetitle}
+Threat models
+\end{slidetitle}
+\begin{slidecontent}
+\begin{itemize}
+\item Threat models are THE most important aspect of (cyber)security.
+\item Without a proper threat model the info you read online will seem
+contradictory.
+\item It {\color{red}is} possible to improve your (cyber)security: only you are
+probably going to have to do it {\color{red}gradually}.
+\end{itemize}
+\end{slidecontent}
+\end{frame}
+}
+
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
+\begin{frame}[plain]
+\begin{slidetitle}
+Threat models
+\end{slidetitle}
+\begin{slidecontent}
+\begin{itemize}
+\item Threat models are THE most important aspect of (cyber)security.
+\item Without a proper threat model the info you read online will seem
+contradictory.
+\item It {\color{red}is} possible to improve your (cyber)security: only you are
+probably going to have to do it {\color{red}gradually}.
+\end{itemize}
+\end{slidecontent}
+\end{frame}
+}
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
+\begin{frame}[plain]
+\begin{slidetitle}
+Example threat models
+\end{slidetitle}
+\begin{slidecontent}
+\begin{itemize}
+\item I am afraid someone might start stalking me due to X.
+\item I am afraid the government might go after me due to X.
+\begin{itemize}
+\item i.\,e. if you are considering an abortion in Poland, or are sans-papier.
+\end{itemize}
+\item I am afraid big corporations might exploit me due to X.
+\begin{itemize}
+\item i.\,e. they might collect my medical data and make my insurance more
+expensive.
+\end{itemize}
+\pause
+\item You can also endanger your friends by using insecure services.
+\pause
+\item Rule of thumb: ask yourself, If I were my adversary, what strategy would I use?
+\end{itemize}
+\end{slidecontent}
+\end{frame}
+}
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
+\begin{frame}[plain]
+\begin{slidetitle}
+Threat models
+\end{slidetitle}
+\begin{slidecontent}
+\begin{itemize}
+\item Ultimately, you have to create your own threat model by at least thinking about
+it. You can also discuss it with your friends or write it down.
+\item I am going to list the most common security threats and then try
+to say how to mitigate them.
+\end{itemize}
+\end{slidecontent}
+\end{frame}
+}
+
+
+
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background2.png}}
+\begin{frame}[plain]
+\centering
+\vspace*{4cm}
+\Huge
+Apps \& services overview
+\end{frame}
+}
+
+
+
+
+
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
+\begin{frame}[plain]
+\begin{slidetitle}
+Communication
+\end{slidetitle}
+\begin{slidecontent}
+\begin{itemize}
+\item E-mail
+\item Social networks
+\item Instant messaging applications
+\item Phone \& SMS
+\end{itemize}
+\end{slidecontent}
+\end{frame}
+}
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
+\begin{frame}[plain]
+\begin{slidetitle}
+E-mail
+\end{slidetitle}
+\begin{slidecontent}
+\begin{itemize}
+\item It is possible to have end to end encrypted (e2e) e-mail with PGP, but
+you need to exchange keys with everyone separately.
+\item e2e can be automated if you exchange messages under one provider
+who supports it
+\begin{itemize}
+\item Sending e-mails from address1@protonmail.ch to address2@protonmail.ch is e2e.
+\item But sending e-mails from address1@protonmail.ch to address1@gmail.com isn't.
+\end{itemize}
+\item My recommendation: always treat e-mail as inherently unsafe; always
+assume what you send through e-mail can be read by the government and/or big
+corporations and then leaked
+\item Note: having a @gmail.com address can make you less easily
+fingerprintable because you don't stand out that much.
+\end{itemize}
+\end{slidecontent}
+\end{frame}
+}
+
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
+\begin{frame}[plain]
+\begin{slidetitle}
+Social networks
+\end{slidetitle}
+\begin{slidecontent}
+\begin{itemize}
+\item They can see what you like and who you interact with, and create targeted
+adds based on it.
+\item What you can do to limit data collection:
+\begin{itemize}
+\item Set hard limits on what kind of information you are willing to disclose
+(e.\,g. I won't talk about my romantic relationships online).
+\item Delete your posts after some time delay (they are probably going
+to stay archived, but won't be publicly seen).
+\item Periodically delete your account and start a new one.
+\item Use specialised add blockers (you can use Firefox add-ons which work on
+mobile).
+\end{itemize}
+\item Your identity will always be more or less known, because it can be
+determined through your contacts.
+\item Always assume that the U. S. government can read your every message and
+conduct data analysis on your behaviour. (this has already happened, see the
+story of Edward Snowden)
+\end{itemize}
+\end{slidecontent}
+\end{frame}
+}
+
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
+\begin{frame}[plain]
+\begin{slidetitle}
+Instant messaging
+\end{slidetitle}
+\begin{slidecontent}
+\begin{itemize}
+\item {\color{green}Signal}
+\begin{itemize}
+\item e2e by default
+\item private contact discovery (Signal doesn't know your contacts) \url{https://signal.org/blog/contact-discovery/}
+\item open source server-side \& client side
+\end{itemize}
+\item Matrix
+\begin{itemize}
+\item e2e by default
+\item decentralised
+\item open-source
+\item not so user friendly
+\end{itemize}
+\item Telegram
+\begin{itemize}
+\item not e2e by default
+\item isn't open source server-side
+\item Security-wise probably a bit better then applications from Meta, but probably
+not by much. We can expect a backdoor.
+\end{itemize}
+\end{itemize}
+\end{slidecontent}
+\end{frame}
+}
+
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
+\begin{frame}[plain]
+\begin{slidetitle}
+SMS \& calls
+\end{slidetitle}
+\begin{slidecontent}
+\begin{itemize}
+\item not e2e encrypted
+\item The government can most likely listen to them.
+\end{itemize}
+\end{slidecontent}
+\end{frame}
+}
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
+\begin{frame}[plain]
+\begin{slidetitle}
+Data harvesting
+\end{slidetitle}
+\begin{slidecontent}
+\begin{itemize}
+\item Why it is a problem at all:
+\begin{itemize}
+\item John Oliver: \url{https://www.youtube.com/watch?v=wqn3gR1WTcA}
+\begin{itemize}
+\item Data can easily identify you or your friends and get you into trouble.
+\end{itemize}
+\item Global freedom restricting tendencies: Surveillance capitalism, Technofeudalism
+\item Rising authoritarian tendencies (even in Europe)
+\item Even if it's OK now, the data remains stored for posterity.
+\end{itemize}
+\end{itemize}
+\end{slidecontent}
+\end{frame}
+}
+
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
+\begin{frame}[plain]
+\begin{slidetitle}
+Data harvesting
+\end{slidetitle}
+\begin{slidecontent}
+\begin{itemize}
+\item By individual applications
+\item By the OS
+\end{itemize}
+\end{slidecontent}
+\end{frame}
+}
+
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
+\begin{frame}[plain]
+\begin{slidetitle}
+Types of harvestable data
+\end{slidetitle}
+\begin{slidecontent}
+\begin{itemize}
+\item What apps you are using and for how long.
+\item Your location (can be determined precisely through wi-fi, or through 5G).
+\item Microphone recordings
+\begin{itemize}
+\item It is in practice possible for an application with permissions to
+listen to what is happening around you and understand what you are saying.
+\url{https://www.makeuseof.com/tag/your-smartphone-listening-or-coincidence/}
+\item Cross-device tracking
+\url{https://tinyurl.com/2f3pyuh3}
+\end{itemize}
+\end{itemize}
+\end{slidecontent}
+\end{frame}
+}
+
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
+\begin{frame}[plain]
+\begin{slidetitle}
+Individual applications
+\end{slidetitle}
+\begin{slidecontent}
+\begin{itemize}
+\item Don't use shady applications in the first place, find alternatives, for example here
+\url{https://prism-break.org/en/}
+\item Manage application permissions (can be easily done through the OS
+settings)
+\end{itemize}
+\end{slidecontent}
+\end{frame}
+}
+
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
+\begin{frame}[plain]
+\begin{slidetitle}
+OS Spying
+\end{slidetitle}
+\begin{slidecontent}
+\begin{itemize}
+\item You can limit data collection by changing user behaviour\dots
+\item but this is tricky since the extent of OS data collection is unclear.
+\pause
+\item An alternative is to install an different OS.
+\end{itemize}
+\end{slidecontent}
+\end{frame}
+}
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
+\begin{frame}[plain]
+\begin{slidetitle}
+Alternative OS's
+\end{slidetitle}
+\begin{slidecontent}
+\begin{itemize}
+\item AFAIK this cannot be done with Apple devices.
+\item Not possible on all devices, you need an {\color{red}unlocked bootloader}.
+\item If you have a~compatible device, the installation process is surprisingly
+simple.
+\item I have experience with LineageOS, but a more secure option is GrapheneOS.
+\item The user experience is comparable to Android, since most OS's are based
+on AOSP (Android open source project)
+\item Not only good for privacy, but also for security -- OS's include more security
+updates and make the device last longer.
+\end{itemize}
+\end{slidecontent}
+\end{frame}
+}
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
+\begin{frame}[plain]
+\begin{slidetitle}
+Compatible devices
+\end{slidetitle}
+\begin{slidecontent}
+\begin{itemize}
+\item You need
+\begin{enumerate}
+\item[{\color{black}1.}] an unlockable bootloader,
+\item[{\color{black}2.}] compatibility with the desired OS.
+\end{enumerate}
+\item A rough list of available devices: \url{https://wiki.lineageos.org/devices/}
+\item It is worth it to buy devices with unlockable bootloaders even if you
+don't plan to install a~new OS, since it suggests better device quality.
+\item My recommendation: the OnePlus series, for example One Plus 6T costs 150
+CHF on Tutti.
+\end{itemize}
+\end{slidecontent}
+\end{frame}
+}
+
+
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
+\begin{frame}[plain]
+\begin{slidetitle}
+Compatible devices
+\end{slidetitle}
+\begin{slidecontent}
+\begin{itemize}
+\item You need
+\begin{enumerate}
+\item[{\color{black}1.}] an unlockable bootloader,
+\item[{\color{black}2.}] compatibility with the desired OS.
+\end{enumerate}
+\item A rough list of available devices: \url{https://wiki.lineageos.org/devices/}
+\item It is worth it to buy devices with unlockable bootloaders even if you
+don't plan to install a~new OS, since it suggests better device quality.
+\item My recommendation: the OnePlus series, for example One Plus 6T costs 150
+CHF on Tutti.
+\end{itemize}
+\end{slidecontent}
+\end{frame}
+}
+
+{
+\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background.png}}
+\begin{frame}[plain]
+\begin{slidetitle}
+Resources
+\end{slidetitle}
+\begin{slidecontent}
+\begin{itemize}
+\item \url{https://www.youtube.com/c/BraxMe} Rob Braxman Tech
+\item \url{https://prism-break.org/en/} Prism Break (find alternatives for your apps)
+\item \url{https://riseup.net/} Riseup provides online communication tools for people and groups working on liberatory social change.
+\item \url{https://gitlab.ethz.ch/thealternative/courses/-/tree/master/privacy} TheAlternative course on privacy in general
+\item \url{https://www.fsf.org/} Free Software Foundation
+\end{itemize}
+\end{slidecontent}
+\end{frame}
+}
+
+
+
+\end{document}