 Jeg er også den moderateren av denne sesjonen, og det var et tal før meg, men jeg tror du eller jeg decide ikke å komme. Så jeg startet timer først, så jeg ikke vil... Kan noen ta en timer og berre meg før 5 minutter? Så jeg skulle ikke talte mer enn 25 minutter. OK. Hallo, velkommen. Så når jeg først tar denne timeren... Ah, greit, takk. Jeg har tatt noe i min, så taler jeg om privateer og sekuritet i generelt. Men når jeg startet å prøve præsentasjonen, så vil jeg snakke om noe. Det ting jeg vil snakke om er over tre timer, så jeg har tatt til å snakke om det så mye som möjligere. Men det kan se litt ekvæktisk nå, men please, please go with it. Så, min name er Emin. Jeg har tatt til å snakke om det her. Jeg er en stor entusiast, en entusiast i åpne kultur og åpne sår software, og jeg har tatt til å protekte min privateer, og jeg vil snakke om privateer i dag. Så, namen av to talk er å ta inn internetet. Hva er det? Hva er det? Hvorfor tar vi internetet? Så, internetet er blitt gammelt. Så du må si, hva er det? Så det er å bli mer og mer centralisert. Det er en av de grønste problemene. Hvis du remer det første internetet, så er det en annen internet? Nei, det var R-net. Darp-net, sorry. Du vet at det er et triangelt ting. Så det ideet av internetet er å keep everything connected. Mange, mange connections. Men nå ser vi at det er 3, 4, maybe atmost 10 veldig gammel player. Veldig gammel websites, og mest av trackpikken går over dem. Så Facebook er selvfølgelig en av de grønste. Amazon, ikke Amazon website, men S3 er Amazon S3. Web services, AWS, har mest trafikk nå. Når noet går dårlig, med Amazon S3. Mange sider har blitt gammelt. Cloudflare, jeg vet ikke om du har hørt om det. Det er en av de grønste. Så mest av det du ser på internetet kommer fra dem. De hadde en seguret issue. Det var en hdps-problem. Så mange av de login informasjoner har blitt gammelt, fordi alle går fra dem. Google og DNS. Hvem bruker Google DNS på telefonene? På computerene? Google, ja. Så DNS og Google er også veldig centralisert. Og dette blir en problem. Når de er centralisert, er det også gammelt å surveere dem. Rekord alle og bruke dem oppi dem eller ikke oppi dem. Det er noen annen problem, men jeg tror det er de ting jeg vil snakke om. Hva er det vi skal gjøre? Det er problemet. Når vi ser problemet, må det være en solusjon. Vi kan, som userer, nage internetet til denne direkte. Det er en stor maskin, og det er løsene av naturen. Det er løsene av fri markedet. Vi kan ikke egentlig preventere det. Vi kan bare pushe det til denne måten. Hvordan? Nå er det valget av personlige data. Så alt du gjør, personlige dataet har valget. Og det er mange companyer som trynger å kapitalisere det. Nå er det trenger. Trenger her er et teknisk term av sekuritet. Det betyr at det er noen som du vil protekte seg fra. Gå hva du kan gjøre om det, hvordan du protekter seg, og aktie på det. Jeg skal tala om dette. Hva er personlige dataet? Hva er din dataet? Identitet, namen, foto, ID-nummer. Hva som unikerer deg er din identitet, er din dataet. Kontaktinformasjon, telefonnummer, adresset, Twitter-accounts, Facebook-handelser, e-mailser. Det er alle som kan gjøre deg. Dette er klippene. Fremdene, fællene, fællene som du føler. Det er også personlige dataet. Hva som unikerer deg er din personlige informasjon. Hvis du ikke har et kopi til dem, så er det noe du har på komputeret. Lokasjon, borglokasjon, håndlokasjon, restauranser du vil gå. Shops du vil gå til. Hva du lyser, hatt, hatt, hatt, hatt, hatt, hatt, hatt, hatt. Det er alle personlige informasjon. Jeg gikk på denne listen ved å se på kompene som trykker å kapitalisere denne kind av dataet. Så for alle av dataet kan jeg finne en kompene som trykker å sammenle dem. Så de er alle virkelige, virkelige informasjoner, og det er gjørt av deg. Så nå må du decide noe. Hva vil du protekte? Jeg vil ikke protekte min effekt. Jeg tar fotoer av meg. Jeg vil ikke protekte, men jeg vil ikke få folk til å ha min telefonnummer eller kontent av min komputer. Eller jeg tar min Twitter account publisk. Så du må decide hva du vil protekte. Og du må decide hvem du vil protekte. Så det kan være din familie. Du må kjøre et beskrikel fra din parents eller vise, om du vil kjøre en opptrykning for hende. Du må kjøre noe av vores vanske. De er samarbeider. Jeg tror at dette er mer publisk. Det er mer relativt. Big companies, Google, Facebook, or insurance companies, it may be problematic to know some of your sicknesses, for example. You may want to... So government, this is... I'm not talking about Singapore government. I cannot talk about Singapore government, but governments in general. I'm from Turkey and then Turkey government surveillance is a big issue, because it's very unjust recently. So if you say something about government, or one of the peoples of the government, you can be prosecuted in a very strong way. So you may want to keep something out of your government, not Singapore government. So this sounds scary, but let's take a break. It's not about paranoia, because we have to share some information. We are using some services, right? And we exchange our data with some service. So Facebook, for example, we give our data, but they provide us a platform for connecting with its... Mostly family members, in my case. I keep track of my cousins and my parents. YouTube is my main source of entertainment, actually. I use it a lot. So Google Search, Google Scholar. I don't think the academic research can go on without Google Scholar, for example, or Google Image Search. So internet newspaper, basically any website that shows ads that is free, capitalises on some kind of information. Basically, we are exchanging our personal information for other services. So also there are personal research recommendations. But what matters is this should be our choice. So I can exchange some information for some of the values for services. That's okay for me, but I want to be able to choose which one I want to do. And to do that, we have to learn how to do it, basically. And that's what I want to talk about. So tracking is becoming a big issue on the internet, because the Facebook like buttons, Google Analytics, basically and Chrome, if you are using Chrome browser, they can track every website you visit, everything you do online. This is kind of scary for me, and I try to protect from it. So there are some tools, if you are conscious about that. So there are some plugins, add-ons for the browser. So Privacy Beger is from EFF, it's a pre-organisation. Gustry Gostry is from a private company. I don't use it much, but Privacy Beger is not available for Android, for example, so you can look at it. And feel free to interrupt me anytime if you have more information about any of the topics. Don't connect websites to each other, so giving your Gmail into Facebook or Facebook account into some other website makes them able to connect your accounts, which can create a huge network of information for you, because companies deal in the background to merge some data. And data merging is a very juicy thing for the companies. Heving data and connecting them. Don't log into websites if it's not required. I mean, most of the websites are trying to get your login information. You have to provide a lot of details and then they can track you individually in the companies. Delete old data, this is called data retention in technical terms. So if you don't need the data, delete two years old backup checks. Chats from two years old, for example, because you may change your mind, you may forget what you put there or that can be something dangerous. Basically, if you don't have the data, if there's no recording, nobody can track you. That's the idea here. Turn off Wi-Fi and Bluetooth on your phones, if it's not needed, if you don't use, because there are also many companies capitalizing on this kind of tracking. And I recently learned this, that the Wi-Fi, when there's a search for SSIDs on the phone, your phone also express its megadress. So a uniquely identifiable megadress. So if I have access to access points in this building, I can uniquely track where you are in this building. That is very scary for me, and it's very weird why do they do that. Recently, both iPhone and Android 7, I think, is trying to solve this by spoofing the megadress. So it publishes different megadress every time it makes a scan. Unless you're actively using your Wi-Fi. But it's always a good idea to keep them both closed if you're not using it. If you make yourself harder the track for people, if you want a little bit out of the grid, so you can pay for the services. So host your own services. Email, photoblog, photo information, file server, whatever you need, or social media for your friends. You can prefer cache. This is not internet-related, but it will be, and it's getting more and more internet-related. Because I know that Visa or MasterCard are trying to put up some large data science teams, okay? And when you use Visa or MasterCard, or every transaction goes to Visa or MasterCard again, and get an approval from there. So it's huge. I mean, they have the whole transaction data of the whole world. For me, that's crazy. But cache is still one of the last frontiers of privacy, in a way, that nobody can track what you are doing with your money. So don't put all of your eggs into one basket. So what I mean is don't use all of the apps from one company. So Google Ecosystem, right? So Google Docs, Gmail, Search, Hangouts. I don't think anybody uses it any more. But still, on the other side, there's Facebook, right? Most of the people I know use WhatsApp, Facebook, and Instagram on their phones, which are fully owned by the same company. And when they merge it, they know many things about you. So you can just distribute your online preferences and try to keep them separate. If you encrypt your data, if you make them not visible, what you put in there, then you can convert them just to carriers. And then they cannot really see what's going on. And the key here is encryption. So if you use encrypted emails, for example, or encrypted chats, then they will not be able to see what's going on. So that brought us to the idea of encrypted communication. So strong encryption or strongly encrypted data means that they cannot be seen otherwise and anyone other than the key holder, the intended user. So it cannot be used through. So fortunately, the client server encryption is becoming default. I'm talking about HTTPS, or SSL, or TI transport, they're secure, TLS, so it's becoming default. Many of the applications you use are encrypting their data to the server. So when you use a chat application or a web page, the communication between you and the server cannot be seen by the operator. This is a very good thing. This was not always the case and people had to fight for this right. So nowadays it's kind of default, but the American government decays against using strong encryption, not breakable encryption. So it's interesting, this security or privacy is a right that gained by legal battles. But this is only between the client and the server, and the server to the client. But servers, most of the servers, most of the services can see the data inside their server. And to prevent from that, you can encrypt end to end. So these are some of the messenger's instant messaging applications that don't do end to end encryption. So your data from your client to the server is encrypted, from server to the receiver is encrypted, but they can see the data for these ones. So Facebook messenger, Google Hangouts, Skype, plain email. OK, one more slide. And these are the end to end encrypted communication software, some of the popular ones. What's what's up, of course? I-message from iPhone. Who knows Sino already? Has everyone know? OK, so Sino was the first one to implement that end to end encryption, and then they implemented it on WhatsApp again, so that's a good thing. So PGP-based email. Trima is very popular in Germany, but I don't see people using it there. Did I miss any of the applications? Ah, WeChat, probably. I don't know WeChat. Telegram. Sorry? Telegram. Telegram. Ah, yeah. OK. Telegram goes to both of them, so there are secret chats. I use that a lot, but, OK. Sorry? Anything else? Do we know about WeChat? Is it end to end encrypted? Secret services? It's also by the Chinese government. Ah, OK, so... Even though they say this. OK. So that's the thing, if the source code is not open, we cannot really trust what they are doing. So what WhatsApp is encrypted, so WhatsApp is kind of good, but we don't know for sure that they implement it correctly. We only believe them, we cannot check the code. And I know that they do some weird things, so some of the links are just don't access the receiver. So when I send the telegram link, for example, it's just blocked out. We cannot receive the telegram link. It's very weird. And it also happened during last year, there was a kind of a media battle between Facebook and Indian... Can I say, internet fighters, I should say? Drawers. Yes, yes. So some of the links are blocked by Facebook, Messenger and WhatsApp, as far as I heard. Yeah, so if it's end to end encrypted half, that happens. I am dead, that's why. But even though they say that it's encrypted, it's not good because there's metadata. And metadata is about not what you communicate, but with whom you communicate, and how frequent you communicate. So there's a very nice slide that I just copied, this is from EFF. So probably you saw this before, but please read it, it's very good. I'll take you 20 seconds. So the American government is collecting data, especially NSA, and other governments as well probably, and they argue that this is only metadata. But metadata is very relevant, and I know that it can be used to even unique identify people. So one example is, it's very strange. So Facebook, I don't use Facebook that much. You may understand, but I still keep it for the connection to my family. So I saw a friend's recommendation. The name was familiar, but not the photo. And the name was the real estate agency that we were dealing back then. And I don't have his number on my phone. My wife don't have him on Facebook as a friend, but she was what's happening with him. And probably it's just a name, so Facebook was finding the name and finding the user with the same name and offering that user to me. This is a recommendation. So that's very weird. So now I can track people, if there's a new recommendation. And I can, for example, find the city, let's say someone in Hong Kong. And if I know I have a friend in Hong Kong, I can understand that, yeah, my friend in Hong Kong is communicating with this person. That's a privacy issue in my case. That's why it's good to keep networks separate, basically. So metadata is important. So there are some alternatives to keep track of, to use. So I list some of them here. And my criteria are respects privacy, and they are auditable, basically. Even though they say that they don't track us or they respect our privacy, we should be able to audit. So for messaging, Sino is a good one. It's under still active development, and it looks good. Just install it and check it, basically. Ring is an interesting one. There was a presentation last year here in this room as well. That's a fully distributed network, end-to-end encrypted. And they also have video chat, fully encrypted. XMPP with Tor, who knows XMPP protocol? OK, so XMPP used to be Jabber, and it was default messaging protocol by Google, TOLK, and then Facebook Messenger. But Google tried it, hangouts. They break the XMPP protocol compliance, and they just got that. They are still dying, hangouts. And Facebook Messenger just got stronger with WhatsApp. But you can still host your own server with Jitsi, especially, and meet.jitsi. You should check it. It's a very good website for making conference calls. CryptoCat is a nice application. It's on the web. You can chat privately, secure connection. Telegram, we already mentioned it. Telegram is under a bit arguable because they have their own encryption system, which they say is not breakable, but encryption is a kind of risk-tings of people. Some people don't trust them. And good old IRC. It's not encrypted, but you can host your own server, and nobody needs to know that you are chatting on an IRC. And you should always use it with SSL, transport, air security. OK, I have four minutes. Thank you. So for search, duck-duck-go, I made it default. It took a few days to get used to it, but 90% of the time, I find what I'm looking for. And when I look at my search history on Google, it's too much to give to Google. I only use Google for if I cannot find something on duck-duck-go. And it's working for me. I have a question on the digital. So I'm using the digital as well. Very often I don't find what I want. So I do the PyG, that redirects to Google. The question is, how much Google knows about me when I do that? PyG or exclamation mark G? Bank G. So when you do bank G, it redirects to Google, so you are using Google, basically. It's just a convenience. Is HTTPS to Google? Yes, so if you are logged into Google, they can still... You are basically using Google. So, yeah. But their image search is coming from Bing, as far as I know, that is internal, so they put a proxy for you there. And also there are some applications or websites that put a proxy between you and Google, if you don't want to use Google. They make the search and then come back to you. So you can set up your private cloud. There was a workshop about next cloud yesterday. Sorry. Can you show all the rest of the things in that list I answered? I'm not familiar with Google, okay? So can you elaborate a little bit about that? I don't have much time, but if I have time at the end, I have two more minutes. I will just go through them and their website is there. Sandstorm was a very nice application. They had a private cloud, docker kind of thing, using JavaScript, which is very interesting and it was very easy to install, but they recently announced that they are closing the business company part, so it is possible that they will die soon. Although, check it, it's very easy to install on your server and it's a very nice thing. So for file share, again, next cloud, syncing. I use it to sync between my phone and computer. It's an alternative for bit-syncing, I think, so the syncing system from BitTorrent, which is a proprietary system. Syncing is good. GitNX uses Git, it's very geeky, but it's nice to use. MegaNS, it was MegaCom NZ. It was the product of Kim.com, the mega-upload founder. He founded this company in New Zealand and it uses end-to-end encryption, so they store the files in the cloud encrypted and they give 50 gigs of storage space, which is very nice, but two years ago, I think he announced that the company is sold to the New Zealand government and he himself doesn't trust it anymore. I still use it because it's encrypted and New Zealand, I don't have any problems with New Zealand government, not yet, and they give 50 gigs of free space. It's nice, you can check it as well. For social, there is Habzila. I think this is their third name, as far as I know. It was Frendica, then Red Matrix, now Habzila. It's an interesting project, it's a PHP project, and they try to combine all of the social features. So it's like Facebook board, also you can host websites. Yeah, okay. Genius Social and Pampayo are Twitter clones, basically, but they are federated, so it's like email, you can host your own server and then connect in between. RetroShare is also a very nice project. I don't have many friends to use it, but it's a client application that shares messages, RSS, and file with end-to-end encryption. You can take photos, but I... Okay, just... An encryption, Genie Privacy Guard, GPG, it's the most famous one. Any mail is for email. Keybase IO, they are trying to somehow make using GPG popular again. It's a very nice one for email, enic mail, and Tutanota, maybe you heard about Protonmail, it was very famous and it was featured on Mr. Robot, but it's a closed system, proprietary system. Tutanota is a German initiative company. They are developing and giving services for end-to-end encrypted emails, so you don't have to use PGP. Altough there hasn't been new features for the last one year, so they may go down this soon. Okay, so the Internet, you know Tor, probably Tor is a nice network for privacy. It's a free VPN, basically, which is a very slow one. FreeNet, GNUNet, and I2P, they are private encrypted networks piggybacking on the internet infrastructure. So people cannot see you, people cannot track you, but they are very slow, and you may find some very disturbing stuff there, because they are not regulated, so COVID-19. I2P is for Torrent, it's a privacy-aware anonymous Torrent sharing, but they have their own network now. So this is prism break, actually I have some stickers and the QR code should go there, but one of them is not working, I'm sorry, with the cloud one. They messed up the resolution, but you can find all of these applications on this prism break website, just check it out. I will probably upload the slides later, and stay protected, basically. Thank you. Any questions, and then you can set up.