Member of The Internet Defense League

Wednesday, 12 February 2014

Privacy and Security - A practical perspective

Following the interest shown in by the attendees at the Privacy and Security Session at 
CMCS college Nasik, Mozilla Nasik Community decided to cumulate all the interest and 
serve it with a more detailed workshop.


The approach:
   The community members met over a coffee and decided to be more specific on the type of 
audience for the workshop. A set of audience who would be interested in maintaining their 
privacy and security over the internet and would like the hands-on of all the methods one 
should follow to do so.

Result:
   A registration form was published and responses were analysed. Interestingly the 
form worked well. With questions like,
Will breach of your online privacy matter to you?
What methods do you use to secure your online presence?
What if all you read write and all your online activity is being watched, will it bother you?
gave some interesting responses with a mixed YES* and No*.
We ended up calling each participant who had registered, but the questionnaire did give us 
an insight on what the audience is thinking before attending the workshop.

Agenda:
The coffee did serve one more purpose, that of deciding on the agenda. I wanted the Nasik 
community members to take the reins in their hands and drive the workshop. Hence we listed out our workshop bullets(topics to cover) and delegated responsibility of each.



Bullets:
  • Hack the web using Webmking tool X-ray goggles.
  • Follow The Privacy and Security Teaching Kit.
  • about:permissions
  • about:privatebrowsing
  • about:config - overview
  • http vs https
  • Understanding Cookies
  • Lightbeam addon Handons.


The Workshop:
   We started with a brief introduction to Mozilla, the mozilla mission and how it merges 
with importance of privacy and security of the online users.



* Hack the web using Webmking tool X-ray goggles:
   X-ray goggles serve the basic purpose of understanding the web's basic building blocks. 
Even a non-technical person feels at home and understands the web if he/she tries to remix 
a website using x-ray goggles (X-ray being the most popular tool for remixing, we decided 
to go with them).

"If we understand and know, what something is made of, we have a better control over it.
 was the basic principal we followed at the start of the workshop. Making the audience 
aware of the Html, Css and JS used to build that something on the web using X-ray 
remixing.

Consider an example: Your friend throws two planes at you, one made of paper and other of 
steel. Which one would you trust (considering you have option of dodging only one).


Its the paper plane you will trust, because you know it will not hurt you 
compared to the unknown steel plane which may have anything disastrous inside its 
structure. The same thing applies to the web. Understanding it, not being afraid of it and using it 
for the betterment and openness of the web is the thing we wanted to teach though this 
exercise.

Useful links:
https://support.mozilla.org/en-US/kb/x-ray-goggles
https://support.mozilla.org/en-US/products/webmaker/x-ray-goggles

Exercise facilitated by Mayur Patil.

* about:permissions
   It is very important for all the users of the web to understand the basics behind the 
"about:permissions" facility provided in Mozilla Firefox.
This is the Permissions Manager, using which you can give certain websites the ability to 
store passwords, set cookies and more.
To view, change the preferences regarding permissions in the Firefox browser, type 
'about:permissions' into the Location Bar (address bar) and press Enter.

Understand the about:permissions.



 Useful links:
https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-passwords
https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
https://support.mozilla.org/en-US/kb/pop-blocker-settings-exceptions-troubleshooting

Exercise facilitated by Khushal Kariya.

* about:privatebrowsing :
   Private Browsing - Browse the web without saving information about the sites you visit.
Many a times you need the browser not to store the information(history) of sites you visit 
or the text entered, password and other choices made on the web.
Private Browsing allows you to browse the Internet without saving any information about 
which sites and pages you’ve visited.
To start private browsing mode in the Firefox browser, type 'about:privatebrowsing' into the 
Location Bar (address bar) and press Enter.



Useful links:
https://support.mozilla.org/en-US/kb/private-browsing-browse-web-without-saving-info? redirectlocale=en-US&redirectslug=Private+Browsing
http://www.wikihow.com/Do-Private-Browsing-in-Mozilla-Firefox

Exercise facilitated by Vishal Chavan.

about:config - overview :
   To control the browser you use while using the web is the most basic right one deserves 
over the open web. "about:config" gives user the complete freedom and opportunity to 
control his/her's presence over the internet. Mozilla Firefox is highly customizable, and 
there are a number of ways to change its appearance and behaviour.
To modify a preference in the Firefox browser, type 'about:config' into the Location Bar 
(address bar) and press Enter.

Useful Links:
http://kb.mozillazine.org/About:config
http://kb.mozillazine.org/Firefox_:_FAQs_:_About:config_Entries
http://mozilla.gunnars.net/mozilla_howto_aboutconfig.html

Exercise facilitated by Ankit Gadgil.

http vs https :
   "You wouldn't write your username and passwords on a postcard and mail it for the world to 
see, so why are you doing it online? Every time you log in to any service that uses a 
plain HTTP connection that's essentially what you're doing.
" says Scott Gilbertson in his blog HTTPS is more secure, so why isn’t the Web using it?

There is a better way, the secure version of HTTP—HTTPS. That extra "S" in the URL means 
your connection is secure and it's much harder for anyone else to see what you're doing.
Hyper Text Transfer Protocol Secure (HTTPS) is a secure version of the Hyper Text Transfer 
Protocol (http). HTTPS allows secure eCommerce transactions, such as online banking. 

Why do we need this extra 'S'?
   The Web presents a unique set of trust issues, which businesses must address at the outset 
to minimize risk. Consumers submit information and purchase goods or services via the Internet only when they are confident that their personal information, such as credit card numbers and financial data, is secure. The solution for businesses reliant upon e-commerce is to implement a complete e-commerce trust infrastructure based on encryption technology.

Useful links:
http://arstechnica.com/business/2011/03/https-is-more-secure-so-why-isnt-the-web-using-it
http://www.instantssl.com/ssl-certificate-products/https.html
http://www.wisegeek.org/what-is-the-difference-between-http-and-https.htm

Understanding Cookies :
    "Cookie" is a type of message that is given to a Web browser by a Web server. 
The main purpose of a cookie is to identify users and possibly prepare customized Web pages or to save site login information for you. 

Can Cookies be malicious?
   Yes, Cookies normally do not compromise security, but there is a growing trend of malicious cookies. These types of cookies can be used to store and track your activity online.
Cookies that watch your online activity are called malicious or tracking cookies.
These are the bad cookies to watch for, because they track you and your surfing habits, over time, to build a profile of your interests. Once that profile contains enough information there is a good chance that your information can be sold to an advertising company who then uses this profile information to target you with interest specific adverts.
more..

Useful links:
https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
https://blog.mozilla.org/theden/2012/05/02/what-are-internet-cookies
http://www.cookiecentral.com/faq.htm

Lightbeam Addon:
   It is important that everyone should have the tools to make their own decisions about 
their online privacy and who collects data on them.
With the Lightbeam add-on and database server, Mozilla is providing a valuable (and open) 
community research platform that aims to – Raise awareness – Promote analysis – Affect 
policy change in the areas of tracking and privacy.
Lightbeam is one step in a larger, concerted effort by Mozilla and its partners to provide 
Web users with greater control and transparency of their personal data. - from about Lightbeam.


"One of the most invisible things about the Internet is that there are hordes of robots constantly scrutinizing your aggregate online behavior and determining whether you fit a certain profile." says Atul Verma in his argument about Does Privacy Matter?

He further adds: "These robots don’t have to be working for the government, either. They could be working  for, say, your health insurance company, looking for prior conditions that you might be hiding from them. The robots might even ostensibly work for “the people” in the name of transparency and openness."





Lightbeam download: http://www.mozilla.org/en-US/lightbeam
Exercises facilitated by Ankit Gadgil

Conclusion:
   This event format is contemporary, essential and practical. Discussing Privacy & Security with peers, students, teachers and netizens is the need of the day. Shielding our online lives from undesired surveillance is what the world is fighting for now. Understanding and getting to know about this is the 1st step towards securing the HEALTH of the web.
   
Event Photo stream: http://www.flickr.com/photos/ankitgadgil/sets/72157640763860995
Event Reps page: https://reps.mozilla.org/e/privacy-and-secuirty-workshop-cmcs
Prequel Blog: http://ankitgadgil.blogspot.in/2014/01/security-and-privacy-being-important.html

Useful Slides:
http://www.slideshare.net/ankitgadgil/privacy-and-security-mozilla-firefox-30239914
http://www.slideshare.net/umeshagarwal92102/lightbeam-30635161?from_search=1

Mozillians at the event:
 
FSAs:
Mayur Patil
Vishal Chavan
Khushal Kariya
Dhanashree Chaudhary
Ronit Jadhav


Reps:
Ankit Gadgil

References:
http://www.toolness.com/wp/2014/01/does-privacy-matter/
https://laura.makes.org/thimble/protect-your-privacy
https://laura.makes.org/thimble/privacy-introductions-and-setup

3 comments:

  1. Hello, Great info. I like all your post. I will keep visiting this blog very often. It is good to see you verbalize from the heart and your clarity on this important subject can be easily observed.
    Data privacy and security

    ReplyDelete
  2. This is very informative post for the computer users to protect their pc from unauthorized access. Thanks to share this information...

    Mozilla Firefox Tech Support, Firefox Tech Support

    ReplyDelete