(missed the beginning of this, but apparently not too much. it was standing room only; was lucky to get a seat)
speaker: Robert Hansen
What is wanted
- Google wants higher ad spend
- Advertisers want to monetize users
- Users want quality products and better search results
- Everyone wants faster performance
Goal: protect sensitive info
Why Tor browser not solution
- admitted to 100 hacked nodes. know there are more
- “Grandpa” sends info over http instead of https and then hacked node hass it
- Can’t do everything anonymously. Anonomous != privacy
What willing to give up for security
- Usability – speed, bookmarks, autodfill,prefetching
- Most popups and warnings (“do you want to allow scripts” is useless)
Problems/Current Solutions
- XDomain – request domain,no script. port locking,, remove credentials upon logout (limits what CSRF can do), split horizon dns (don’t let internet to see internal dns)
- command execution – nocript plugin, quickjava plugin, remove protocol handlers (“are you sure you want to run”), sandboxie (for windows), antivirus (incremental gain if have extra cpu; just don’t rely on it), whitelisting. Many techniques are like an onion. Protection in layers. VM, sandbox, striped down browser.
- Data exfiltration and privacy – disable Aero tranparency on Windows 7 so can’t see what behind window
- Man in the iddle – SSH, proxies, VN tunnel
- Pretext/phishing – NoScript, education. If don’t reuse passwords, it isn’t tgat helpful for someone to get it.
Plugins the speaker users
- NoScript
- FoxyProxy
- RequestPolicy
- QuickJava
However, to actually be secure, the web looks like 1996 – everything is text. But Lynx isn’t enough because nneed the ability to turn on.
Do Not Track
- Sends a signal to websites that don’t want to be tracked
- Three states
- #1 complaint about IE 10 is that doesn’t respect the spec
- Most browsers implement only 2 states – track or not at all
- Firefox follows spec – do no track, track do not tell sites about my security preferences (which is confusing)
Future
- More than 95% of browser revenue now comes from ads. Google paying almost $1B to be default search in Firefox.
- Google attacking ad blockers.
- locally sourced ads, require JavaScript to view websites, regulation in response to consumers.
Tool: Aviator for Mac to make more secure/private
My take on this
This was a lot of information in the part about his browser setup. I’m glad I know enough to be able to understand most of it! Some of it felt theoretical in that the perfect browser doesn’t actually. But I was surprised at how much technology exists to solve the problems we have. And the parts about advertisers influence were interesting.