 Next up, it's Petro Balcha Correa. That's right. His title is Protecting a Web Privacy with Free Software and the description. Web tracking is a common practice used to monitor the behavior of a particular user on a website. This kind of data is frequently unauthorizedly collected all over the web by big corporations and used or sold for targeted advertising, which is a huge privacy concern. In this short talk, we are going to briefly cover the most common fingerprinting methods used for tracking purposes. Subsequently, we are going to explain how to fight them by enhancing your web browser with several free software solutions. Petro, we look forward to hearing you. Thank you. So as she said, I'm going to talk about how to protect your web privacy with free softwares. First of all, let's explain what free software is. It is not necessarily free of charges. So a free software might be paid or not. But what it's actually about is allowing users to have the freedom to run, copy, distribute, study, change, and improve the software. So this is the freedom that we're talking about here. And in order to accomplish all of those points here, we need free software to be open source. So every free software is also open source, which means that anyone can go to its code and understand what's going on there. So when we're talking about privacy, this is vital, because if a free software is said to be privacy-friendly, it means that the community around it, the programmers, can read its code and guarantee that it's actually privacy-friendly. So on the other hand, we have closed source, which are those pieces of software that do not allow you to access its code. So no programmer can read it and guarantee that nothing shady is going on behind the scenes. You cannot know for sure what closed source is doing with users' data. So true privacy cannot be reached with closed source software. And OK, with that explained, let's address one of the big problems that I want to talk here, which is target advertising. So target advertising is the kind of ad that tries to reach as many people as possible by choosing those that are more likely to have interest in a specific product. So pregnant women, for example, are more likely to buy maternity pants, so they are more likely of receiving this kind of ad as well. And well, I suppose that most people here have gone through a similar situation in which you get an ad that seems to perfectly fit you in your current situation, with perfect timing. And to me, that's kind of annoying because sometimes I don't really know how advertisers knew that that ad would catch my interest so well. And well, one of the reasons for that is because of these guys here, so data brokers. Data brokers collect information about individuals from different sources. So maybe from public sources like public recordings or maybe from private sources like social media and web pages that the person visits and the apps that this person uses. So what data brokers do is they get all of the pieces of information from different places. They put them together to make a profile about you, about this person. And this profile it might contain, for example, this person's age, purchasing power, religious beliefs and political affiliations, for example. And the fact is that every piece of information is valuable to them because this is what tells them what kind of product or service you might be interested in. And I don't know, often I hear people saying, well, I don't really care about targeted advertising because I prefer to get an ad that might be interesting to me than getting an ad of a random product. So I don't really care about giving them my information, I don't care what they'll do with it. And I don't know, I think that this kind of thought is a little bit dangerous because, well, I'll show my point with an example. So let's take, for example, this company, let's call it A. And let's say that A sells alcoholic drinks, okay? And then company A wants to target advertise its product. So what it is going to do, it is going to hire an advertising company to do that for it. So keep that in mind. And now, let's suppose that we have this, this pretty guy here. Let's call him B. And let's say that B has an alcohol abuse problem. And maybe he's trying to quit it, so he searches online how to stop drinking. And then now data brokers know that B has an alcohol abuse problem and we're going to talk how they know it later. But, so now they know it and they'll sell it, they'll sell this information to advertising companies. Or another thing that might happen is that this data broker company might be the same advertising company. So many times they're the same. But what matters here is that now this advertising company knows that B drinks a lot and what it is going to do, it is going to try to show B. It's going to try to show to be A's product. So products like this, so it's basically trying to sell alcohol to a person that has an alcohol abuse problem. And I don't know, I think that this is questionable. And this is only one of the possible scenarios because data brokers here, they could sell this information from B to his healthcare insurance company. And then this healthcare insurance company now knows that B might develop some kind of cirrhosis or something like that. So what it is going to do, it's going to make B's healthcare plan more expensive. And this might sound like some kind of conspiracy but this is the kind of thing that is happening. In Brazil, this has been happening a lot. And also I've read about this happening a lot in the United States as well. But let's now talk about how data brokers know about this information from B. How they know that B searched how to stop drinking. So what they use are these things called web trackers which they basically put it everywhere in the internet. So a lot of web pages contain web trackers and they're hidden. The user has no idea that it is there. And according to a study that was published last month, web trackers are present on more than 94% of web pages around, at least those that they have studied. And I don't want to get too technical here but I'm going to explain some of the techniques that they use. And one of the most common ones is tracking pixels. So tracking pixels are present on web pages and emails and they're usually invisible pixels, one by one pixels that the data brokers send to you this image request and in the moment that you accept this request, you send back your IP address. So they know that you're there. A similar approach is done with cookies. So briefly explaining cookies are small text files that are placed on your system when you visit a website and they store your preferences. So if you go to a web store, for example, and you put an item on your cart and then you close that web page and you open it another day and your item is still there, that's because of cookies. So cookies are nice. But the problem comes when third parties use cookies because they don't use it to store your preferences. They use it to track you. So it works more or less like this. A web page cannot see cookies from another web page. So if you visit a web page and then a third party puts a cookie on your system through this web page and then you visit another web page and then the same third party puts another cookie on your system through this other web page, then this third party can see this two cookies because it belongs to them. And so it has information about you from these two websites and it can use to make target advertising to you. And I'd like to show, because I don't know if it's clear, it's too clear to be speaking like this so I'm going to show. This is Curitiba City Hall web page and I have here this extension which is called U-Matrix which basically shows me all the requests that I get on a web page. And according to this extension, these guys here that are in this strong red, they are either ads or trackers or analytics. And analytics are used by web developers to further understand their website. So if I wanted to know if this button here is being effective, I can use analytics to see how many clicks it has and maybe if it's not being effective, I can put it here and then check if people are clicking more there. So, okay, so analytics are cool so you can improve your website. But again, the problem comes when you use closed-source analytics because you can't know for sure what they're doing with users' data. You can't know if they're storing it, if they're sending it back to the analytics provider. And, well, there is another website here that I really want to show to you guys. This is Brazilian Government web page and remember, strong red are ads, analytics are trackers. So take a look at this. It doesn't end. Okay, so we have many of those here and I wasn't expecting to find those because, well, it's from Brazilian Government but let's take a closer look of what's happening here. We have images, so all of these images here are probably either ads or pixel trackers. And we also have a lot of cookies. So these cookies might be tracking cookies as well. And, well, what can a regular user do to prevent it? How can I block all of these trackers? So first of all, I recommend using Firefox because it is free software and because it has been releasing a lot of privacy-oriented features lately. So I recommend using Firefox and going here to preferences, privacy and security. And the first thing that we want to change is accept third-party cookies, never. And a little bit, okay, here tracking protection, using tracking protection to block known trackers, always. So what's happening here, I'm basically blocking all third parties so I won't get web trackers, cookie web trackers and I'm blocking known trackers that Firefox know that might stalk you. And, okay, in the future just for the record, this is going to change tracking protection will be called browser content, so for those in the future. And one thing that Firefox said is that in a few months, so right now tracking protection is only used by default if you're in private windows. But Firefox, Mozilla said that in the future, it's going to be always for everyone as default, which is awesome. And another thing that I recommend is going here to add-ons, extensions and download, downloading this guy here, you block origin. So this one is an ad blocker, it blocks ads and trackers and analytics and you don't really have to do anything. It is free software as well and you just have to leave it there and it will do all the job for you. And for those that have never used an ad blocker before, the internet is going to seem like something really totally new because you won't see ads everywhere displayed in your screen and you won't get those annoying ads in the middle of your video when you're listening to music and so on. So, okay, so these three changes, I recommend doing that. And, okay, another thing. Here at you block origin, I recommend coming here, open the dashboard, filter lists and coming here to privacy and adding another cool list which is thumb boys enhanced tracking list. This is really nice and then apply the changes. Okay, so moving on. There is another third technique which I haven't mentioned yet which is done by using Javascript. So if you pay attention here, there's a lot of JavaScript injection here and this might be for web tracking. So, is it, okay. So fingerprinting is when you use Javascript to retrieve the user's information about its hardware and browser and operating system so you can get a lot of information about that guy's computer. And then if you combine all of those and this combination is unique, it means that your fingerprint is unique as well. And this means that if you allow those web trackers to send you this Javascript request, you're basically allowing them to see that you are you. So it's a signature of your computer basically and your browser. And five minutes, okay. So if we have five minutes, I'd like to show this really quickly. We have this website from Electronic Frontier Foundation which allows you to see if your browser is safe against tracking. So I'm going to run it here in the Firefox which we made the changes. And then in a new Firefox, brand new Firefox and then on tar browser, which I haven't explained but briefly explaining it's used to anonymize you. People use it to browse in the deep web but you can use it for regular browsing too. So okay, the tests are running. And for this one, wait, this is the regular one. So we get that your browser has a nearly unique fingerprint. And if we go here, we have that only one in 98,000 browsers have the same fingerprint as yours. So it basically means that I'm not disguised. What I want is for this number to be low because I want to be disguised. I want to have a fingerprint that is similar to many people so the web trackers don't know if that's me or him or him or him. So this is a high number. This is for a brand new Firefox profile. If we go to the one that we made the changes, we get no results probably because they cannot load the trackers, okay? And finally for a browser, for a tar browser, do you have any idea of what this number is going to be, one in any guess at all? Well it's 98,000. For a tar browser we go to 75. So we're really disguised. So if you want to make a really private search online, you can go for tar but doing these changes is good enough as well. So what happens is sometimes these changes that I said about you block origin and et cetera, well they use a list of non-trackers to block them but sometimes a tracker might not be present on that list so the tracker will be able to send the JavaScript request and the only work around would be to turn off JavaScript which I do not recommend for almost anyone because it will break most sites. But the thing is I am a crazy person and I do not use JavaScript on my browser and I want to share something really interesting that happened. I was going to register for depthconf and I got this. This registration form uses JavaScript. Without it you'll have to navigate the validation dragons without any help. So I turned on JavaScript because I have no suspicions I have no suspicions about that conf but the fact is and I would like to talk a little bit with developers here because I'm a developer too but as a user it is frustrating that I have to do all these work arounds and turn off JavaScript to try to protect my privacy. This is an absurd because regular users will never do that. So the thing is our privacy it should be ours by default and I don't know if we have to struggle to have it back it means that it was taken from us and the cold truth is that if it was taken from us it is because us developers let it happen because everyday web pages and apps and tools that use closed search that are shady are being released and everyday millions and millions and millions of people are using these tools without realizing that every time that they do it they are killing their privacy again and again and again. So this is I don't know I don't know all I'm asking here is for us developers to stop a little bit and think about our responsibility in this process because when we're developing we're kind of used to quickly look for the solution and sometimes we forget to think about the consequences of that solution to the user. So it is common for a developer to use the to go strictly to the obvious solution in the market which might be closed searched and it might not respect the user. So I think that instead of doing that we should create a habit of going after alternatives looking for alternatives that are free software and that are privacy friendly because after all users' privacy is in our hands. It is up to us to protect it. Thank you. Oh there's one? Okay sorry. Is it working? Okay first of all thank you for your presentation. It was really really interesting and at the beginning we're just saying the convenience sometimes it has for the advertising the content of the advertising that sometimes feels convenient for you. You want to see exactly the things you want and do you see any in this spectrum of just have total privacy and you have such things as advertising convenience. Do you see any like middle between in this spectrum that would work? Well actually that's something that nowadays it's hard to have a balance of that because every time that you look for more and more privacy you left convenience aside. And not only that because the thing is that to have privacy you also have to, you need the knowledge and sometimes money for example if you want to really protect yourself you might go after a VPN and things like that. So this is the kind of thing that regular users don't have access to usually. So that's why I think that the biggest change needs to come from the developers because after all we're giving them the product and we should guarantee that it concerns their privacy but yeah this is always the trickiest part to balance these two guys. Actually like this question comes mostly for the regular user right? The ones that are not really aware of this kind of situation we're leaving and how to manage with that. I can imagine some more privacy and more transparency but most of all I think that developers may be an answer to make easy for the user to understand and be able to also get advertising because like maybe a second question for you but we usually relate data with advertising but would that be maybe the answer to have no relation between data and advertising at all? Like the main reason for like the thing is would you say that like there should be no relation between data and advertising at all? Maybe like what I'm suggesting is maybe other ways. Consider like I'm trying to be as most neutral as possible okay considering that not only the convenience but the techniques for the advertising to understand the user. Would there be maybe other paths and maybe it's the same question I just bring to you. Well, can we have a personal conversation? Of course. Can we take this to the break? Let's discuss it. Thank you. And then in the interest of time could we also take your question to IRC please? Thank you. Thank you so much Pedro. Thank you. Thank you. Thank you all too.