Protect Yoself - Data Privacy Day 2017
January 29, 2017
On Data Privacy Day 2017 (Jan 28th) the emerging meet-up group Make-a-Diff held a conference for journalists, activists, and developers called Protect Yoself. At only 3 months old, I was pleasantly surprised to hear that they were hosting a $20 ticketed event already and had Microsoft step forward to offer the venue!
Upon arriving, we chose four out of seven workshops to attend that day with topics as broad as privacy or encryption and as specific as PGP. After choosing workshops, I joined everyone else in the main room for the opening keynote. As I settled in, I realized the turnout was substantial. In only 3 months, the Make-a-Diff group has built quite a following though it’s not hard to see why - they’re tremendously generous, open-minded people.
Some fellow students from Flatiron and I attended the meetup with varying intentions, similar to the whole crowd. Split between the crowd were people who were learning about tracking cookies for the first time, several who saw it as a ‘must’ in light of the current administration, some who were developers that were concerned with the amount of information they had about users, and others who were focused on the technology for their line of work. Privacy seems to be for everyone now and not just the nerd, hacker, or criminal.
Privacy and Encryption
Though all the workshops had a common theme, two of the workshops that I attended were the most tightly knit - privacy & encryption. The privacy workshop was the most ground level, newbie friendly course of the day with highlights about how/why we’re being tracked. We reviewed tools from the EFF like Privacy Badger and Panopticlick then went on to install them. We also explored open-source software that could replace our proprietary software through a resource called Prism Break. Using open-source software is a movement that has been growing for some time now and is a topic that is out of scope for this post but there is one specific perk as it related to privacy. Since open-source software makes it’s code available for anybody to review, as users we don’t have to be curious if there is a backdoor (which history shows is trouble) to the software or that something malicious is happening when we use it. This provides an immense benefit to those looking to be private on the internet.
In the other two workshops we went over more of a security theme. The first was a technology called PGP which is what Dread Pirate Roberts (it wasn’t Ross Ulbricht) & Edward Snowden both used to verify their identity to reporters. It can be used to encrypt/decrypt messages, files, whole disk drives, or to sign messages. This was my first go at it and it seemed not entirely user-friendly but it is also not very difficult if you have a comprehensive guide to get started.
The last workshop was tailored more toward developers and was hosted by Stephen Kapp who is the CTO of a threat and vulnerability management company called Cortex Insight. Stephen shared with us that he had been doing this for over 20 years and had seen all types of attacks on the code that we make as developers. After outlining the top 10 most frequent attacks, Stephen demonstrated the most common, and easiest, type called a SQL Injection attack. These kind of attacks attributed to several big data leaks we’ve seen in the past decade including Sony’s Playstation Network, Dpt of Veteran Affairs, Gawker, Verisign, and AOL. It’s incredible, in a scary and intriguing way, that this attack has been around for ages yet continues to be unquestionably effective.
Privacy & Security for All
Regardless of knowledge level, I believe everyone left the Protect Yoself conference with a fresh piece of knowledge about privacy and encryption. Personally, I learned about threat modeling and what that means for different people, the 8-day data cleanse, browser fingerprinting, Web of Trust, and vastly more about topics that were familiar.
Thank you to Make-a-Diff for putting together this event and for welcoming people of all knowledge/skill/professions. It is important, and has always been important, to be aware of the data we are giving to companies. As one of the all-time best cartoons exclaims, “knowledge is power!”