METADATA: TRACKING AND ENCRYPTION
Dec 13, 2015
METADATA:TRACKING AND ENCRYPTION
METADATA EXAMPLES
• Microsoft Word document properties• Telephone/email metadata• Camera/image metadata• Web browser identification and tracking
MICROSOFT WORD – DOCUMENT INSPECTOR
TELEPHONE & EMAIL
• Similar to postal mail:• Information needed to route and deliver the message
• In many cases, content is less valuable than metadata
CAMERA / IMAGE METADATA
• EXIF• Date & time• Camera settings (e.g. aperture, shutter speed, ISO
speed)• GPS location
WEBPAGE METADATA
• Evercookie• Panopticlick• Do Not Track HTTP Header
SOCIAL NETWORKING METADATA
• Sleeping Time• Please Rob Me
INTERLUDE – SHOPPING METADATA
METADATA PRIVACY LAWS
• Video Privacy Protection Act (VPPA)• Driver's Privacy Protection Act of 1994 (DPPA)
ENCRYPTION
• Doesn’t apply to metadata that is needed for routing (in most cases)
TOR – THE ONION ROUTER
• Origin node randomly selects three network nodes• Data is wrapped in three layers
of encryption
TOR - WEAKNESSES
• Tracking cookies• Exit node eavesdropping• Traffic (timing) analysis• Site operators may block Tor traffic• Heartbleed
HEARTBLEED
• Exploits a flaw in TLS “heartbeat” extension• Affects servers and clients• Heartbeat message consists of a payload
and a buffer• Attack consists of sending a maliciously
constructed heartbeat message