Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
No Surveillance:
How, and how easily, can the privacy of Internet
access and usage be improved for desktop
computers, laptops, and mobile devices?
Abstract .............................................................................. 3
Introduction ......................................................................... 4
Objectives ........................................................................... 7
Hypotheses ........................................................................... 7
Methodology and Process
Stage 1 – Descriptive Study ........................................... 8
Stage 2 – Explanatory Study .......................................... 16
Results and Discussion .......................................................... 19
Conclusion ........................................................................... 19
Appendices .......................................................................... 20
References ........................................................................... 37
page 2 of 37
Abstract
Almost all desktop, laptop and mobile device users of the Internet regularly
and inadvertently compromise their privacy, and thus increase their risk to
“security of person”.
There is also a trend, both within Canada, and in many other countries
throughout the world, to enable and to make legal the monitoring and
recording of essentially all Internet access, usage, and content.
Legitimate and legal use of the Internet, however, deserves and needs
greater protection of privacy and the corollary security of person. This
research study proposes to quantify how, and how easily, the privacy of
Internet access and usage can be improved for desktop computers, laptops,
and mobile devices.
page 3 of 37
Introduction
Almost all desktop, laptop and mobile device users of the Internet regularly
and inadvertently compromise their privacy, and thus increase their risk to
“security of person”. Security of person refers to the right to live in safety,
free from violence, free from harassment, and free from abuse.
There is also a trend, both within Canada, and in many other countries
throughout the world, to enable and to make legal the monitoring and
recording of essentially all Internet access, usage, and content.
One recent example of this trend in Canada is the introduction of Bills C-46
and C-47 by the Federal Government in June 2009. These proposed laws,
among other things, would require Internet Service Providers to keep details
of all communications by all of their subscribers in case the police ever want
this information.
Legitimate and legal use of the Internet, however, deserves and needs
greater protection of privacy and the corollary security of person. In fact,
security of person and privacy are basic legal rights, enshrined in Sections 7
and 8 of the Canadian Charter of Rights and Freedoms.
page 4 of 37
• Activists and whistleblowers are concerned about their own and their
family’s safety and protection from repercussions.
This research study proposes to quantify how, and how easily, the privacy of
Internet access and usage can be improved for desktop computers, laptops,
and mobile devices. A search and review of existing literature [2,3,4,5] found a
profound lack of data on this subject.
page 5 of 37
This first stage of study will also include an overview of the legal and
regulatory environment as it pertains to Internet access and usage, in order
to describe the broader, societal context and constraints.
In the second stage, an explanatory study will be done with specific tests
performed to measure the effectiveness and usability of different
enhancements to improve or protect privacy. The same target Use Cases,
target categories of users, and target hardware and software platforms will
be studied as in the first stage. In fact, the first stage results will be used as
the control group for the second stage results.
page 6 of 37
Objectives
There are three primary objectives to this research study in the context of
Internet access and usage. First, the current state of privacy will be
extensively described and measured, so that, for example, users of each
major browser will be shown what information they disclose to both passive
and active observers when they browse the Internet. This objective will also
be met by an enumeration of current laws and regulations that form the
context and constraints of societies in a variety of countries around the
world.
Hypotheses
This research study will show that users of desktop computers, laptops and
mobile devices compromise their privacy when using the Internet, and that
there are many ways to better protect this privacy. A secondary hypothesis
is that privacy vulnerabilities vary in extent and in significance depending on
the task that is being performed, and the tools being used.
page 7 of 37
The sample frames for the user categories are also listed in Table 5. In the
case of the “Teen” category, for example, a list of students will be used from
a randomly selected high school and college in each of the 4 geographic
locations. The sample frame for the “Senior” category will be from a list of
residential addresses on randomly selected streets in each of the locations.
Due to the enormous number of possible Use Cases and Software Platform
combinations, however, development of a set of “test, measure, and record”
software applications is also proposed. These programs would be developed
to ensure there is testing and measurement coverage for each hardware and
software combination. These applications will be open source licensed, and
distributed to anyone who will agree to run them on their own computer,
laptop or mobile device for testing and research purposes. They will be
known as the “No Surveillance” sampling test suite. This will greatly expand
the sample size, improve the significance of results, and it is expected that
additional insights into vulnerabilities will be discovered.
page 8 of 37
For our purposes in Stage 1, the No Surveillance sampling test suite will be
made available for a period of no less than 12 months, after which the test
results will be combined for analysis with data from the initial personal
interviews. Individual participants will be asked to use the test suite software
for at least one day, and will be allowed to end their participation at any
time after that.
This first stage will also include an overview of the legal and regulatory
environment as it pertains to Internet access and usage, in order to describe
the broader, societal context and constraints. This overview will cover North
America, Europe, Australia, Japan, India, Israel, and the 13 countries listed
as “enemies of the Internet” by the Paris-based non-governmental
organization “Reporters Without Borders” [6], which advocates for freedom of
the press.
page 9 of 37
Definitions
page 10 of 37
page 11 of 37
The actual vulnerability testing will be done using a variety of testing tools,
based on the specific vulnerability being tested. These testing tools are listed
in Table 1 beside each of these vulnerabilities. This study proposes using
multiple testing tools in order to not be limited or biased by any single
testing tool. More importantly, none of these testing tools has been created
to cover all possible situations.
Testing Tools
Packet capture works by sniffing the IP traffic between the computer, laptop,
or mobile device and the router being used to connect to the Internet via the
Internet Service Provider. Sniffing in this context refers to the capturing of
Internet Protocol packets being sent and received. This packet capturing will
be done using programs similar to or based on libpcap and tcpdump, such as
Wireshark. Captured packets can potentially contain IP addresses, MAC
addresses, and leaked personal data such as login names, passwords, and
the actual contents of any correspondence or shared files.
Wireshark can capture packets both on the wire, and wirelessly. Kismet will
also be used for wireless sniffing. Both of these programs are open source
licensed software applications that can be run on almost any version of
Windows, Linux or Mac OS X. In this study, both will be used, along with
Scapy, Ettercap, Dsniff, and Core Impact to compare results and ease of
use. The packet capture software will be installed on a separate laptop that
will be connected to the same subnet (and router) as the target computer,
laptop or mobile device so that it can “listen” to all IP communications on
that subnet.
Other vulnerability tests will be done using remote scanning software Nmap
and Scapy, which can be run on almost any version of Windows, Linux or
Mac OS X. Both Nmap and Scapy send raw IP packets over IP
communication links to test ports, services, and other characteristics of a
computer, laptop or mobile device. Remote scanning works similarly to OS
fingerprinting, by sending probe IP packets to test for known exploits, or
flaws, that exist in the operating system or application software being used.
page 12 of 37
These exploits are usually fixed by the software developer as soon as they
are able to, but there is a failure in many cases - by the user - to ensure
that these fixes are installed on their computer or device. Other vulnerability
scans and exploit discovery will be done using Nessus, Metasploit
Framework, Core Impact and Nbtscan.
page 13 of 37
Use Cases
For this same Use Case 2.1, packet capture and intercepting proxy tests
would also be run to test Vulnerabilities 1.4 “Visited IP address leak”, 1.5
“DNS lookup leak”, 1.6, 1.7, 1.10, 1.11, 1.12, etc.
Sampling
Presuming there will be sufficient time and resources made available, there
will be 40 users selected from each User Category listed in Table 5, for a
total of 280 users to be sampled. Geographically, this would mean 70 users
selected from each of the four geographic locations. This works out to 10
users from each User Category in each geographic location.
Candidates will be selected randomly from each of the sample frames listed
in Table 5 until sufficient candidates have accepted the opportunity and
agreed to participate. Each potential candidate must be capable of
participating, and have access to at least one of the hardware and software
platforms listed in Tables 3 and 4. When the candidate has access to more
than one potential hardware and software platform, then they will be asked
to participate based on a hardware and software platform not already
selected for their geographic location and User Category. This will result in
an uneven distribution of hardware and software platforms, but it is
presumed that this bias will be reflective of the general population in these
geographic locations.
page 14 of 37
Any bias amongst these 280 candidates will be made clear when compared
to the larger, random sampling via the self-administered testing.
Development of the No Surveillance software test suite is to be completed
after the initial 280 sample results are compiled, in order to better
understand the limitations and opportunities of self-administered testing. It
is expected that 5-6 months of development effort will be required to
complete development of this software, which will include a web site and
web service to allow aggregation of the collected data. Individual
participants in this part of the study will also be provided with their
individual results, which will form part of the motivation for them to
participate and to continue participating. Their ability to monitor their own
vulnerabilities as they use the Internet is expected to be an attractive
opportunity for them, although it is expected there will be a bias in this
larger sample towards more sophisticated users who are more concerned
about their privacy.
The majority of Internet users who are less concerned about their privacy
will be largely absent from this study, other than those randomly selected in
the 280 personal interview testing phase.
page 15 of 37
For example, using Tor, Vidalia and polipo (Existing Privacy Protection 6.1)
to protect privacy will be measured in terms of how many seconds it takes to
use Firefox (Software Platform 4.14) on a PC (Hardware Platform 3.1)
running Microsoft Windows (Software Platform 4.1) to do a search on Google
(Use Case 2.5). These Timing measurements will be compared to the same
scenario without use of the privacy protection.
page 16 of 37
Testing Tools
The same testing tools used in Stage 1 will be used in Stage 2 to test the
same Vulnerabilities listed in Table 1.
Sampling
page 17 of 37
This customized privacy protection should address both the initially identified
vulnerabilities and any others that may have been discovered along the way.
In particular, one potential new class of vulnerabilities that might come to
the surface at this point will be those associated with “cloud computing”
platforms. Google Gmail and Google Docs are two current cloud computing
services that are included as Software Platforms in this study, but not
enough is currently known about this class of software to directly address all
possible vulnerabilities they may enable.
page 18 of 37
It is hoped that software developers will also take note, and use the results
of this study to provide better privacy protection for their customers and
users.
Conclusions
page 19 of 37
Appendices
1.1 Own public IP Can be used to learn the name of the Packet capture,
address leak Internet Service Provider (“ISP”) intercepting proxy
connecting this IP address to the Internet;
the name of the Organization (“Org”)
owning this IP address; the continent,
country, state, city, latitude and longitude
geographical location of this IP address;
the Autonomous System Number (“ASN”)
network this IP address is part of; and the
domain name which this IP address
resolves to.
1.2 Own private IP Can be used to identify the specific Packet capture,
address leak computer or device being used behind the remote scanning
public IP address.
1.3 Own MAC Same as “Own private IP address leak” Packet capture,
address leak vulnerability, and can be used to identify remote scanning,
the unique network interface card (“NIC”) malware
hardware being used.
1.4 Visited IP Can be used to learn the Internet web Packet capture,
address leak site(s) and service(s) being used, or intercepting proxy
previously were used; and what software
may be in use.
1.6 User login leak Can be used to learn authentication Packet capture,
or weak user credentials for access to controlled or password
login restricted content or services. analysis, remote
scanning,
intercepting
proxy, keylogging,
malware
page 20 of 37
1.7 User password Same as “User login leak” vulnerability. Packet capture,
leak or weak password
password analysis,
intercepting
proxy, keylogging,
malware
1.8 Name leak Can be used to personally identify you, Packet capture,
your employment, interests, place of remote scanning,
residence, and other activities. keylogging,
malware
1.9 Alias leak Same as “Name leak” and “User login Packet capture,
leak” vulnerability, though not with the remote scanning,
same level of certainty. password
analysis, malware,
keylogging
1.12 Employer name Can be used to learn about place of Packet capture,
or address or employment, job responsibilities, or intercepting
phone number employer’s business activities. proxy, keylogging
or email
address leak
1.14 Application Can be used to learn what software may Packet capture,
software leak be in use; and what tasks the software remote scanning,
has been used for. intercepting proxy
1.15 Router leak Can be used to learn about the identity of Packet capture,
the router used to connect the computer remote scanning,
or device to the Internet. malware
page 21 of 37
1.16 SSID leak Can be used to learn the name(s) of Packet capture,
wireless routers that were previously malware
being used or are currently being used.
1.17 Mapped drive Can be used to learn what remote Packet capture,
leak systems were previously being used or are keylogging
currently being used. Remote systems
could identify an employer or school or
client.
1.19 Clipboard data Can be used to learn what data has Keylogging,
leak previously been copied or cut and pasted. malware
1.20 Recycle bin leak Can be used to learn what data files have Malware
previously been deleted.
1.25 Cookie leak Same as “Visited IP address leak” and Packet capture,
“Alias leak” vulnerabilities but in addition remote scanning,
can be used to identify when each web intercepting
site or service was first or last visited. proxy, malware
page 22 of 37
page 23 of 37
2.1 Power on Turn power on and wait for starting sequence to finish. Auto
hardware startup programs should be kept to a minimum for initial
platform testing and measurement, but then added to emulate a variety
of standard configurations.
2.3 Read email Start email client or other software and fetch email from POP or
IMAP email server. This would include popular web-based email
such as Gmail, Hotmail, and Yahoo!, as well as client-server
email such as Outlook and Thunderbird.
2.4 Send email Send email message using email client or other software.
2.5 Use search Start Internet browser software and perform search on Google,
engine Bing, Yahoo!, and other search engines.
2.9 Share local file Share local file for access by acquaintance.
2.10 Purchase Make online purchase of software using credit card and then
software and proceed to download to a local hard drive.
then download
2.11 Install new Install operating system and application software programs
program on from CD or DVD or ISO image. Testing and measurement of OS
local hard installations will be done by tools external to the computer,
drive laptop or device. Testing and measurement of application
software programs will be done by both external tools and tools
running concurrently on the same computer, laptop or device.
2.12 Open email Open file attachment received via email for testing and
spam virus measurement purposes. This should be done only on a
computer, laptop or mobile device that can be reformatted and
reinstalled afterwards.
page 24 of 37
2.13 Install and use Thousands of third-party add-ons, plugins, and ActiveX controls
Internet extend the functionality of Internet Explorer, Firefox, and other
browser add- browsers.
ons, plugins
and ActiveX
controls
2.14 Run Java Many Internet web sites make use of Java applets to perform
applet special functions. There are also multiple Java Virtual Machines
(“JVM”) used to run these applets.
2.15 Run Java Many software applications make use of Java running in a JVM
application on the client computer, laptop or device.
2.16 Run ECMA- Millions of different Javascript, Jscript, Actionscript, and other
262, edition 3 ECMA-262, edition 3 client-side scripts are used throughout the
client-side Internet.
scripts
2.17 Send Twitter Twitter.com is a micro blogging service, which allows up to 140
update characters of text to be entered in response to the question
“What’s happening?”
2.18 Receive Twitter Anyone with a twitter.com account can “follow” other twitter
update users, and receive updates on all new “What’s happening?”
posts they make.
2.22 Receive RSS RSS is a simple method of automatically receiving updates from
update any web site or Internet service that you are subscribed to.
page 25 of 37
2.24 Receive instant Instant messages and SMS (“small message service”) can be
message and received on a number of hardware platforms and software
SMS platforms.
2.26 Upload Subscribers to YouTube.com can upload their own videos for
YouTube video sharing with others.
2.27 Backup files on Making copies (“backups”) of data files from local hard drives to
local hard to remote servers can be done with a wide variety of Internet
remote server backup services.
2.28 Enable auto Many software applications and operating systems now make
update use of “auto update” functionality in order to use the Internet
for version checking, new version downloading, and patch
installation. Each program with this capability enabled must be
tested and measured.
2.29 Manual auto Rather than “auto update”, many software applications allow
update manually initiated update functionality for version checking,
new version downloading, and patch installation. Each program
with this capability must be tested and measured.
2.30 From home Where a home office exists, testing some of the Use Cases
office listed in this Table should be done from there.
2.31 From coffee Testing some of the Use Cases listed in this Table should be
shop done from a local coffee shop as well.
2.32 From Where a user has a workplace office, and permission has been
workplace obtained from the employer, testing some of the Use Cases
office listed in this Table should be done from there.
2.33 From public Testing some of the Use Cases listed in this Table should be
transportation done from some form of local public transportation as well.
page 26 of 37
2.34 From grocery Testing some of the Use Cases listed in this Table should be
store or done from a local grocery store or shopping centre as well.
shopping
centre
2.35 From school Where a user has access to a school library or public library,
library or and permission has been obtained from the school or library
public library operator, testing some of the Use Cases listed in this Table
should be done from there.
page 27 of 37
3.6 Video game The Sony PlayStation 2, 3 and Portable, the Microsoft Xbox and
console Xbox 360, and the Nintendo Wii and DS are the only game
consoles with the hardware and connectivity capable of
consideration in this study.
3.7 Appliances and Some devices and appliances like the TiVo DVR access the
other Internet in order to provide enhanced services. These hardware
platforms are varied and do not fit any of the other categories
in this Table. Smart cards and RFID technology are not
considered in this study.
3.8 USB storage Removable USB storage devices can be plugged into many of
devices the hardware platforms in this Table.
page 28 of 37
3.9 Optical storage Removable optical storage discs like CD, DVD and Blu-ray can
devices be used to transfer data between many of the hardware
platforms in this Table.
3.10 Flash memory Removable flash memory cards can be used to transfer data
devices between many of the hardware platforms in this Table.
page 29 of 37
4.3 Apple Mac OS Apple has a single operating system, Mac OS X, which runs on
X all its computers and laptops.
4.4 Apple iPhone This is the operating system based on Apple Mac OS X which
OS runs on the iPhone and iPod devices.
4.5 Linux Linux OS is the poster child open source operating system that
runs on almost all hardware platforms. It is at the core of a
number of Linux “distributions” from Red Hat, Debian, Ubuntu,
openSUSE, Gentoo, Oracle, and nearly 300 other organizations.
4.7 Symbian Symbian OS currently has the largest market share in the
smartphone market, but its owner, Nokia, has announced that
it will be replaced by Maemo. Both Symbian and Maemo are
owned by Nokia.
4.8 Maemo Nokia runs the open source Maemo operating system on its
high-end smartphones and its Internet tablet hardware
platforms.
page 30 of 37
4.13 Internet The most popular Internet browser in use today. Runs only on
Explorer Windows software platform.
4.14 Firefox The second most popular Internet browser in use today, and
the most popular open source browser. Runs on most of the
software OS platforms listed in this Table.
4.17 Opera Popular Internet browser which runs on many software and
hardware platforms. Multiple versions of this software must be
tested and measured.
4.19 Google Toolbar Google has developed a useful toolbar that can be installed into
for IE Internet Explorer.
4.20 Yahoo Toolbar Yahoo has also developed a useful toolbar that can be installed
for IE into Internet Explorer.
page 31 of 37
4.25 AOL Instant AIM is America Online’s instant messaging software application
Messenger for real-time chat and sharing.
4.27 Adobe Flash Flash is a ubiquitous standard interactive file format developed
by Adobe.
4.31 Google Gmail Google has a very popular and free email service that is web-
based, rather than client-based or server-based.
page 32 of 37
4.32 Google Docs Google Docs is a suite of web-based applications that allow
collaborative creation and use of document, spreadsheet, and
presentation files.
page 33 of 37
page 34 of 37
6.1 Tor, Vidalia, This open source software application protects TCP protocol-
and polipo based communications from traffic analysis. Vidalia functions as
an optional controller application for the Tor software. Polipo
functions as a caching proxy to allow faster access to repeated
Internet resources.
6.7 GNU Privacy Open source file and email encryption software application.
Guard
6.9 LogMeIn Web-hosted VPN service with both free and commercial
Hamachi2 licenses.
page 35 of 37
6.14 Safari Private Feature of Apple Safari browser which prevents storage of data
Browsing which might compromise privacy.
page 36 of 37
References
[1] The Tor Project, Who uses Tor?, Reference found on November 25, 2009
at http://www.torproject.org/torusers.html.en
[5] Carnegie Mellon, Data Privacy Lab Research Results, Reference found on
November 26, 2009 at
http://privacy.cs.cmu.edu/dataprivacy/projects/index.html
page 37 of 37