0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/412 Thanks! 1 00:00:09,630 --> 00:00:12,299 And so I have the pleasure 2 00:00:12,300 --> 00:00:14,549 to announce the 3 00:00:14,550 --> 00:00:17,279 talk about track free, 4 00:00:17,280 --> 00:00:18,749 you never read alone. 5 00:00:18,750 --> 00:00:20,909 And as speakers we have Maria, 6 00:00:20,910 --> 00:00:23,369 as I know, who is a research 7 00:00:23,370 --> 00:00:25,949 researcher at technically 8 00:00:25,950 --> 00:00:28,709 I'm so sorry, technical tech 9 00:00:28,710 --> 00:00:29,699 collective. 10 00:00:29,700 --> 00:00:31,979 And there's Claudio Agosti, who's 11 00:00:31,980 --> 00:00:34,019 also with the Technical Tech Collective. 12 00:00:34,020 --> 00:00:35,339 And apparently we're going to have a 13 00:00:35,340 --> 00:00:37,469 premiere tonight because they're going 14 00:00:37,470 --> 00:00:39,119 to show us Tretyakov for you, which is a 15 00:00:39,120 --> 00:00:41,189 software which will illustrate where 16 00:00:41,190 --> 00:00:43,679 all this data is going that the websites 17 00:00:43,680 --> 00:00:44,939 are collecting about us. 18 00:00:46,020 --> 00:00:47,249 The zaal is yours. 19 00:00:54,780 --> 00:00:56,669 Hi, thank you very much for being here 20 00:00:56,670 --> 00:00:58,019 today. 21 00:00:58,020 --> 00:01:00,509 Claudia and I work with tactical tech, as 22 00:01:00,510 --> 00:01:02,639 you just mentioned, tactical tech as an 23 00:01:02,640 --> 00:01:03,869 NGO based in Berlin. 24 00:01:03,870 --> 00:01:05,909 But we work internationally and we are 25 00:01:05,910 --> 00:01:07,619 super excited today because we are 26 00:01:07,620 --> 00:01:09,629 launching one of our new projects, which 27 00:01:09,630 --> 00:01:11,879 is called Truckle Graphy and is all about 28 00:01:11,880 --> 00:01:12,880 online tracking. 29 00:01:14,070 --> 00:01:16,349 So when we think about surveillance, very 30 00:01:16,350 --> 00:01:18,329 often we think about governments because 31 00:01:18,330 --> 00:01:19,979 a lot of it is carried out by them and 32 00:01:19,980 --> 00:01:21,479 rightfully so. We do think about 33 00:01:21,480 --> 00:01:23,579 governments. However, in most 34 00:01:23,580 --> 00:01:25,679 cases, I think that companies, 35 00:01:25,680 --> 00:01:27,359 corporations make a lot of surveillance 36 00:01:27,360 --> 00:01:29,579 possible. A lot of our daily browsing 37 00:01:29,580 --> 00:01:31,709 activities, like reading the news online, 38 00:01:31,710 --> 00:01:33,539 is what enables governments to have 39 00:01:33,540 --> 00:01:35,099 access to the states so they can monitor 40 00:01:35,100 --> 00:01:36,149 us to begin with. 41 00:01:36,150 --> 00:01:37,889 So, for example, when you think about 42 00:01:37,890 --> 00:01:40,139 PRISM and a whole bunch of other systems 43 00:01:40,140 --> 00:01:42,149 used by the NSA and other intelligence 44 00:01:42,150 --> 00:01:44,279 agencies, we can see that a lot of their 45 00:01:44,280 --> 00:01:46,349 monitoring is possible because 46 00:01:46,350 --> 00:01:48,179 a whole bunch of companies like Google 47 00:01:48,180 --> 00:01:50,429 and Facebook collected data based 48 00:01:50,430 --> 00:01:52,019 on their tracking that they do on a daily 49 00:01:52,020 --> 00:01:53,729 basis. And this is something we would 50 00:01:53,730 --> 00:01:54,929 really like to draw your attention to 51 00:01:54,930 --> 00:01:55,930 through this project. 52 00:01:57,220 --> 00:02:00,089 Basically, what we understand is that 53 00:02:00,090 --> 00:02:02,279 this whole world of data collection 54 00:02:02,280 --> 00:02:04,409 is creating a new sort of power around 55 00:02:04,410 --> 00:02:06,869 the world. And why we created Tachograph, 56 00:02:06,870 --> 00:02:08,939 because we want to corroborate 57 00:02:08,940 --> 00:02:11,189 what is that data geopolitics at 58 00:02:11,190 --> 00:02:13,469 the moment. If you know that one 59 00:02:13,470 --> 00:02:15,659 country has a larger pipe of gas 60 00:02:15,660 --> 00:02:17,759 and this gas permits you to be warm 61 00:02:17,760 --> 00:02:19,619 in the winter, you understand the Sanjuro 62 00:02:19,620 --> 00:02:22,349 political relationship. 63 00:02:22,350 --> 00:02:23,759 But what about the data? 64 00:02:23,760 --> 00:02:25,829 Who is the owner of whom we talk, the 65 00:02:25,830 --> 00:02:27,419 country that are depending more from 66 00:02:27,420 --> 00:02:29,479 harder? This kind of answer are 67 00:02:29,480 --> 00:02:30,959 the things that I was thinking inside of 68 00:02:30,960 --> 00:02:33,059 us and try to 69 00:02:33,060 --> 00:02:35,299 be on elsewhere is a project intended 70 00:02:35,300 --> 00:02:37,769 basically for advocator 71 00:02:37,770 --> 00:02:39,959 lawyer, analyst or researcher 72 00:02:39,960 --> 00:02:42,179 sorpasso that to make this about this 73 00:02:42,180 --> 00:02:43,180 phenomena. 74 00:02:44,570 --> 00:02:46,639 We are focused on the media website 75 00:02:46,640 --> 00:02:49,249 for the website, we mean websites 76 00:02:49,250 --> 00:02:51,439 providing news media, because if 77 00:02:51,440 --> 00:02:53,389 someone is able to understand and to 78 00:02:53,390 --> 00:02:55,489 study how our population, 79 00:02:55,490 --> 00:02:57,569 our region account is access 80 00:02:57,570 --> 00:02:59,479 into the media and what is more more 81 00:02:59,480 --> 00:03:01,549 interesting, what is, 82 00:03:01,550 --> 00:03:03,709 said the researcher, 83 00:03:03,710 --> 00:03:06,259 in fact, a way to perceive 84 00:03:06,260 --> 00:03:08,609 and to study the Venetian itself, 85 00:03:08,610 --> 00:03:09,679 the target itself. 86 00:03:09,680 --> 00:03:11,419 We also see by the Facebook experiment 87 00:03:11,420 --> 00:03:13,579 that based on what 88 00:03:13,580 --> 00:03:15,169 you are reading, your influence, your 89 00:03:15,170 --> 00:03:17,479 influence in your mood to be 90 00:03:17,480 --> 00:03:19,669 more positive or negative. 91 00:03:19,670 --> 00:03:21,919 And that is why 92 00:03:21,920 --> 00:03:24,019 the media are the subject of this test. 93 00:03:24,020 --> 00:03:25,699 That theory can be applied to every 94 00:03:25,700 --> 00:03:26,700 website. 95 00:03:27,840 --> 00:03:30,629 So basically, we develop 96 00:03:30,630 --> 00:03:33,269 a softer script that emulates 97 00:03:33,270 --> 00:03:35,609 the behavior of a user connected 98 00:03:35,610 --> 00:03:37,859 to a website. 99 00:03:37,860 --> 00:03:40,019 This group them perform HTP connection 100 00:03:40,020 --> 00:03:41,039 using phantoms. 101 00:03:41,040 --> 00:03:42,199 Yes. 102 00:03:42,200 --> 00:03:44,429 Yes. These browser that ran that without 103 00:03:44,430 --> 00:03:46,439 a display window. 104 00:03:46,440 --> 00:03:48,629 Every time you connect to 105 00:03:48,630 --> 00:03:50,909 a media website, you have many 106 00:03:50,910 --> 00:03:52,979 third party content, like 107 00:03:52,980 --> 00:03:55,259 if a video came from a third party 108 00:03:55,260 --> 00:03:57,509 or a banner at a display 109 00:03:57,510 --> 00:04:00,509 of advertising or some static picture 110 00:04:00,510 --> 00:04:02,819 or some hidden tracker like it, keep the 111 00:04:02,820 --> 00:04:04,799 inclusion that the just put the same 112 00:04:04,800 --> 00:04:06,929 cookie and read your behavior. 113 00:04:06,930 --> 00:04:09,029 The third party is what our 114 00:04:09,030 --> 00:04:10,649 script to automatically detect. 115 00:04:10,650 --> 00:04:13,169 Then we perform at Resprout throughout 116 00:04:13,170 --> 00:04:14,489 it. For every included. 117 00:04:14,490 --> 00:04:17,249 Third party is it can lead to 118 00:04:17,250 --> 00:04:19,499 figure out which is the network path 119 00:04:19,500 --> 00:04:21,569 needed to reach the 120 00:04:21,570 --> 00:04:22,979 server included. 121 00:04:22,980 --> 00:04:25,199 And then we perform IP. 122 00:04:25,200 --> 00:04:27,449 So a resolution from every 123 00:04:27,450 --> 00:04:29,939 hopper in the path 124 00:04:29,940 --> 00:04:32,099 to a geographical location 125 00:04:32,100 --> 00:04:33,989 in order to figure it out, which are in 126 00:04:33,990 --> 00:04:35,279 fact involved. 127 00:04:36,610 --> 00:04:39,039 At the moment, whoever collected the 128 00:04:39,040 --> 00:04:41,379 30 Kountry in the complete analysis 129 00:04:41,380 --> 00:04:43,479 of whether 130 00:04:43,480 --> 00:04:45,789 directly on our GitHub repository 131 00:04:45,790 --> 00:04:47,829 with the Middle East, because the Middle 132 00:04:47,830 --> 00:04:49,059 East are changing at the time and the 133 00:04:49,060 --> 00:04:51,219 required local knowledge to be Junette 134 00:04:51,220 --> 00:04:53,289 so everyone can contribute to putting 135 00:04:53,290 --> 00:04:54,939 is on a country. 136 00:04:54,940 --> 00:04:57,099 And we have a more than 3000 137 00:04:57,100 --> 00:04:59,409 media actually analyzed 138 00:04:59,410 --> 00:05:00,789 and there are some special media that 139 00:05:00,790 --> 00:05:02,709 arise from every country. 140 00:05:04,860 --> 00:05:07,349 So let's have a look at your graphy, 141 00:05:07,350 --> 00:05:09,479 as I just mentioned, we 142 00:05:09,480 --> 00:05:11,549 collected data for 30 countries. 143 00:05:11,550 --> 00:05:13,139 We did this essentially by running the 144 00:05:13,140 --> 00:05:15,209 script and these countries based on 145 00:05:15,210 --> 00:05:16,919 lists of media websites that we collected 146 00:05:16,920 --> 00:05:18,239 for each one of them. 147 00:05:18,240 --> 00:05:20,759 If your country is not blue in the map, 148 00:05:20,760 --> 00:05:22,169 don't feel discriminated. 149 00:05:22,170 --> 00:05:23,699 It just that we don't happen to have 150 00:05:23,700 --> 00:05:25,409 partners in that country or we just don't 151 00:05:25,410 --> 00:05:27,569 happen to have someone who could run 152 00:05:27,570 --> 00:05:28,649 the script there. 153 00:05:28,650 --> 00:05:30,539 So as you can see, these blue countries 154 00:05:30,540 --> 00:05:31,739 are the ones that we have data for. 155 00:05:31,740 --> 00:05:33,869 So if we click on Germany, for 156 00:05:33,870 --> 00:05:36,209 example, since we're in Germany 157 00:05:36,210 --> 00:05:37,949 on the side of the panel, you can see 158 00:05:37,950 --> 00:05:40,289 that we have lists of media websites 159 00:05:40,290 --> 00:05:41,249 by global media. 160 00:05:41,250 --> 00:05:43,109 Essentially, we mean media websites which 161 00:05:43,110 --> 00:05:44,909 cover the news internationally and which 162 00:05:44,910 --> 00:05:46,379 are accessed globally. 163 00:05:46,380 --> 00:05:48,569 If we click on The Wall Street 164 00:05:48,570 --> 00:05:50,729 Journal, for example, what we can see 165 00:05:50,730 --> 00:05:52,889 now is what happens when we access 166 00:05:52,890 --> 00:05:54,779 the Wall Street Journal, The Wall Street 167 00:05:54,780 --> 00:05:56,130 Journal in Germany. 168 00:05:57,310 --> 00:05:58,869 As you can see on the map, the green 169 00:05:58,870 --> 00:06:00,399 country is Germany, the country we're 170 00:06:00,400 --> 00:06:02,769 accessing the Wall Street Journal from 171 00:06:02,770 --> 00:06:04,989 the blue country in this case is 172 00:06:04,990 --> 00:06:06,819 the United States, which hosts the server 173 00:06:06,820 --> 00:06:08,139 of the Wall Street Journal. 174 00:06:08,140 --> 00:06:09,849 The purple countries are the ones which 175 00:06:09,850 --> 00:06:12,339 host the network infrastructure required 176 00:06:12,340 --> 00:06:14,169 to access the server and the red 177 00:06:14,170 --> 00:06:15,459 countries, which in this case, as the 178 00:06:15,460 --> 00:06:17,499 U.K. and the Netherlands are the 179 00:06:17,500 --> 00:06:19,869 countries which are hosting the servers 180 00:06:19,870 --> 00:06:21,939 of the companies which can track us when 181 00:06:21,940 --> 00:06:23,410 we access the Wall Street Journal. 182 00:06:24,640 --> 00:06:26,049 What's noteworthy in this case, 183 00:06:26,050 --> 00:06:28,149 essentially, is that this is the way 184 00:06:28,150 --> 00:06:29,589 that these companies track is because 185 00:06:29,590 --> 00:06:31,449 every single website, or at least most 186 00:06:31,450 --> 00:06:33,639 media websites include an embedded 187 00:06:33,640 --> 00:06:36,279 image and code which belong to 188 00:06:36,280 --> 00:06:37,779 third party companies. 189 00:06:37,780 --> 00:06:39,849 And yeah, we can see that we have 190 00:06:39,850 --> 00:06:41,829 a lot of Internet connections above. 191 00:06:42,920 --> 00:06:43,920 Yes. 192 00:06:44,710 --> 00:06:46,539 So the one Internet connection is 193 00:06:46,540 --> 00:06:48,279 basically to the media website, the 194 00:06:48,280 --> 00:06:50,079 unintended connections, which in this 195 00:06:50,080 --> 00:06:52,329 case are sixty seven, are the connections 196 00:06:52,330 --> 00:06:54,459 to the servers of third party companies. 197 00:06:54,460 --> 00:06:56,199 That means that while we were planning to 198 00:06:56,200 --> 00:06:58,029 connect to the Wall Street Journal, in 199 00:06:58,030 --> 00:06:59,979 reality, we are also actually connecting 200 00:06:59,980 --> 00:07:01,839 to the servers of third party companies 201 00:07:01,840 --> 00:07:03,399 which can track us and which can collect 202 00:07:03,400 --> 00:07:04,809 data about us in the process. 203 00:07:07,250 --> 00:07:09,409 If we spoke to more 204 00:07:09,410 --> 00:07:11,629 media, you get some of the legislation 205 00:07:11,630 --> 00:07:13,699 agreed with others and 206 00:07:13,700 --> 00:07:13,969 right. 207 00:07:13,970 --> 00:07:16,069 So you can feel free to when you get 208 00:07:16,070 --> 00:07:17,629 access to this map, you can feel free to 209 00:07:17,630 --> 00:07:19,639 select the media websites that you 210 00:07:19,640 --> 00:07:21,769 access, the media that you read either 211 00:07:21,770 --> 00:07:23,719 from the globalist or if you scroll down 212 00:07:23,720 --> 00:07:25,999 below, you can also click from 213 00:07:26,000 --> 00:07:28,099 the national list in your country or the 214 00:07:28,100 --> 00:07:29,899 regional list, which covers the regional 215 00:07:29,900 --> 00:07:31,999 news. And by clicking on every single one 216 00:07:32,000 --> 00:07:33,349 of these media websites, essentially you 217 00:07:33,350 --> 00:07:35,449 can see which the party trackers, 218 00:07:35,450 --> 00:07:37,129 which third party companies can track you 219 00:07:37,130 --> 00:07:39,139 every time you access them, but not only 220 00:07:39,140 --> 00:07:41,029 which companies track you, but also where 221 00:07:41,030 --> 00:07:42,559 your data travels to every time you 222 00:07:42,560 --> 00:07:43,699 access these websites. 223 00:07:44,840 --> 00:07:45,840 Judge. 224 00:07:52,590 --> 00:07:53,879 The reason why I would say to show you 225 00:07:53,880 --> 00:07:55,169 this is because this is one of the very 226 00:07:55,170 --> 00:07:57,479 few examples of not only the only one 227 00:07:57,480 --> 00:07:59,369 where there's a media website where you 228 00:07:59,370 --> 00:08:01,439 access it from Germany and no one 229 00:08:01,440 --> 00:08:03,359 trusts you, or at least according to our 230 00:08:03,360 --> 00:08:04,919 results, there are no Third-Party 231 00:08:04,920 --> 00:08:05,999 trackers included. 232 00:08:06,000 --> 00:08:07,439 And this is WikiLeaks. 233 00:08:07,440 --> 00:08:08,440 So. 234 00:08:13,960 --> 00:08:15,489 So, again, our results show that when you 235 00:08:15,490 --> 00:08:17,739 access WikiLeaks, sure, your data does 236 00:08:17,740 --> 00:08:19,899 travel to Norway because based on one 237 00:08:19,900 --> 00:08:22,029 of our results, the survey of WikiLeaks 238 00:08:22,030 --> 00:08:24,069 is based. But as you can see, there are 239 00:08:24,070 --> 00:08:25,959 zero unintended connections, which means 240 00:08:25,960 --> 00:08:27,369 that poll trackers, which I think is 241 00:08:27,370 --> 00:08:28,370 quite interesting. 242 00:08:33,159 --> 00:08:35,229 Beside the study, who is the third 243 00:08:35,230 --> 00:08:37,158 party that is present on your navigation 244 00:08:37,159 --> 00:08:39,279 is also important to understand what is 245 00:08:39,280 --> 00:08:41,408 the network topology, because every time 246 00:08:41,409 --> 00:08:43,509 you are connected to another server, your 247 00:08:43,510 --> 00:08:45,309 connection passthrough and infrastructure 248 00:08:45,310 --> 00:08:47,439 and this infrastructure, it is owned 249 00:08:47,440 --> 00:08:49,909 by someone that is analyzing activity. 250 00:08:49,910 --> 00:08:52,059 Your content can 251 00:08:52,060 --> 00:08:54,279 create the collection of the 252 00:08:54,280 --> 00:08:56,499 of your behavior or the content 253 00:08:56,500 --> 00:08:57,500 you are exchanging. 254 00:08:59,410 --> 00:09:01,079 If the connection is encrypted, that 255 00:09:01,080 --> 00:09:03,159 stops. The third party in the middle has 256 00:09:03,160 --> 00:09:05,889 no power to modify or dampen 257 00:09:05,890 --> 00:09:07,089 the collective traffic. 258 00:09:07,090 --> 00:09:09,669 But commonly this kind of interaction 259 00:09:09,670 --> 00:09:12,399 is not encrypted and that we saw 260 00:09:12,400 --> 00:09:13,599 with the Snowden revelations about the 261 00:09:13,600 --> 00:09:14,859 Angry Birds. 262 00:09:14,860 --> 00:09:17,089 This was was one of the example because 263 00:09:17,090 --> 00:09:19,209 the Angry Birds was just a game 264 00:09:19,210 --> 00:09:21,369 with some advertising embedded, 265 00:09:21,370 --> 00:09:23,409 but the advertising server was running in 266 00:09:23,410 --> 00:09:25,539 the US. Therefore, the infrastructure 267 00:09:25,540 --> 00:09:27,999 needed to reach the server 268 00:09:28,000 --> 00:09:29,769 was touching the US. 269 00:09:29,770 --> 00:09:31,989 And the NSA has got to be a good idea 270 00:09:31,990 --> 00:09:33,379 to monitor our traffic. 271 00:09:34,900 --> 00:09:37,029 That is why the subject 272 00:09:37,030 --> 00:09:38,030 matter. 273 00:09:38,790 --> 00:09:40,469 Another reason why the network topology 274 00:09:40,470 --> 00:09:42,449 matters is because you never really know 275 00:09:42,450 --> 00:09:44,399 who has access to these cables, you never 276 00:09:44,400 --> 00:09:46,199 know you never really know who has access 277 00:09:46,200 --> 00:09:47,579 to the network infrastructure when you're 278 00:09:47,580 --> 00:09:49,409 accessing websites and when your 279 00:09:49,410 --> 00:09:50,819 connections travel through them. 280 00:09:50,820 --> 00:09:52,619 So this is an example from the Snowden 281 00:09:52,620 --> 00:09:54,689 leaks. This document 282 00:09:54,690 --> 00:09:57,239 illustrates Rampart 283 00:09:57,240 --> 00:09:59,489 program through which the NSA 284 00:09:59,490 --> 00:10:01,139 collaborates with a whole bunch of third 285 00:10:01,140 --> 00:10:03,089 party countries which provide them direct 286 00:10:03,090 --> 00:10:04,829 access to the fiber optic cables, which 287 00:10:04,830 --> 00:10:06,839 make up the backbone of the Internet. 288 00:10:06,840 --> 00:10:08,729 And also these third party countries, 289 00:10:08,730 --> 00:10:10,829 which include Ethiopia, Saudi 290 00:10:10,830 --> 00:10:12,989 Arabia, Tunisia and so forth, they also 291 00:10:12,990 --> 00:10:14,489 are hosting US equipment. 292 00:10:14,490 --> 00:10:16,379 So this is just one example to illustrate 293 00:10:16,380 --> 00:10:18,809 that while you might say, OK, right, OK, 294 00:10:18,810 --> 00:10:20,999 so I'm accessing this website, my data 295 00:10:21,000 --> 00:10:22,979 goes through, I don't know, Azerbaijan, 296 00:10:22,980 --> 00:10:25,109 for example, to reach the server 297 00:10:25,110 --> 00:10:26,129 while it's not a big deal. 298 00:10:26,130 --> 00:10:27,899 Well, actually, it might be a big deal 299 00:10:27,900 --> 00:10:30,269 because maybe, you know, agencies 300 00:10:30,270 --> 00:10:31,649 which you wouldn't want to have access 301 00:10:31,650 --> 00:10:33,629 your data do have access to data because, 302 00:10:33,630 --> 00:10:34,709 you know, they're tapping into that 303 00:10:34,710 --> 00:10:36,179 particular network infrastructure. 304 00:10:38,570 --> 00:10:40,759 And besides that and passive 305 00:10:40,760 --> 00:10:42,949 collection, we already saw that a lot 306 00:10:42,950 --> 00:10:44,779 of attacks that exploit this kind of 307 00:10:44,780 --> 00:10:46,909 communication, if you fly, is a 308 00:10:46,910 --> 00:10:49,129 one kind of the implied threat on 309 00:10:49,130 --> 00:10:50,779 the fly can just to change the way 310 00:10:50,780 --> 00:10:53,209 download we are performing and put 311 00:10:53,210 --> 00:10:55,279 the future Trojan on on 312 00:10:55,280 --> 00:10:56,839 your download. But this can also be 313 00:10:56,840 --> 00:10:58,859 applied to some exploit. 314 00:10:58,860 --> 00:11:00,479 For example, if you're downloading a 315 00:11:00,480 --> 00:11:02,899 Macromedia Flash content and 316 00:11:02,900 --> 00:11:05,159 your browser is going to go to some 317 00:11:05,160 --> 00:11:07,549 flesher exploit 318 00:11:07,550 --> 00:11:09,389 the person in the middle congestions are 319 00:11:09,390 --> 00:11:10,639 to substitute the content you are 320 00:11:10,640 --> 00:11:12,289 receiving in order to exploit the 321 00:11:12,290 --> 00:11:13,469 computer. 322 00:11:13,470 --> 00:11:15,079 Um. 323 00:11:15,080 --> 00:11:17,299 That was a similar attacks performed 324 00:11:17,300 --> 00:11:19,969 by starting from the same kind of 325 00:11:19,970 --> 00:11:22,130 privilege to the point of view. 326 00:11:23,160 --> 00:11:24,439 So one of the reasons why we developed 327 00:11:24,440 --> 00:11:25,939 Tachograph is because we want to think 328 00:11:25,940 --> 00:11:27,559 about the geopolitics of data. 329 00:11:27,560 --> 00:11:29,809 What does it mean today when through 330 00:11:29,810 --> 00:11:31,969 the Internet, your data literally travels 331 00:11:31,970 --> 00:11:33,889 to various servers all over the world? 332 00:11:33,890 --> 00:11:35,749 Now, if we look at a small comparison 333 00:11:35,750 --> 00:11:38,599 between what happens in the so-called 334 00:11:38,600 --> 00:11:40,369 global west and the so-called global 335 00:11:40,370 --> 00:11:43,059 south, one example here is where 336 00:11:43,060 --> 00:11:45,469 you were accessing three national 337 00:11:45,470 --> 00:11:46,969 media websites in Italy. 338 00:11:46,970 --> 00:11:48,829 And what we can see here is that Italy 339 00:11:48,830 --> 00:11:51,709 owns the servers of these media websites. 340 00:11:51,710 --> 00:11:53,209 Of course, the red countries, as you can 341 00:11:53,210 --> 00:11:54,739 see here, are the ones which are hosting 342 00:11:54,740 --> 00:11:56,479 the servers, the tracking companies. 343 00:11:56,480 --> 00:11:58,429 But what's important to note here is that 344 00:11:58,430 --> 00:12:00,589 there are no blogs in the sense that 345 00:12:00,590 --> 00:12:01,610 they own their own 346 00:12:02,930 --> 00:12:04,849 servers of their own media websites, on 347 00:12:04,850 --> 00:12:05,509 the other hand. 348 00:12:05,510 --> 00:12:07,639 However, if we look at a country 349 00:12:07,640 --> 00:12:09,469 in the global south, like Nigeria, for 350 00:12:09,470 --> 00:12:11,599 example, what we can see here is that 351 00:12:11,600 --> 00:12:13,879 Nigeria does not host the servers of 352 00:12:13,880 --> 00:12:15,259 its national media websites. 353 00:12:15,260 --> 00:12:17,329 Instead, they are hosted in the USA 354 00:12:17,330 --> 00:12:18,979 and the network infrastructure required 355 00:12:18,980 --> 00:12:21,919 to access them is based in South Africa. 356 00:12:21,920 --> 00:12:23,899 And the Blue Dogs essentially show like 357 00:12:23,900 --> 00:12:25,969 how the weather data 358 00:12:25,970 --> 00:12:27,559 has to travel to every time they want to 359 00:12:27,560 --> 00:12:29,779 do something as simple as their national 360 00:12:29,780 --> 00:12:30,679 news online. 361 00:12:30,680 --> 00:12:32,449 Now, I think one of the reasons why this 362 00:12:32,450 --> 00:12:34,189 is particularly interesting is because 363 00:12:34,190 --> 00:12:35,659 how can they do? And all the Nigers in 364 00:12:35,660 --> 00:12:37,969 the world kind of protect their citizens 365 00:12:37,970 --> 00:12:39,799 data and practice when they don't even 366 00:12:39,800 --> 00:12:41,719 own their own infrastructure. 367 00:12:41,720 --> 00:12:43,459 How can they how can they make sure that 368 00:12:43,460 --> 00:12:44,899 their citizens data is actually, in 369 00:12:44,900 --> 00:12:47,299 practice protected when they do not own 370 00:12:47,300 --> 00:12:48,799 then the kind of control what happens to 371 00:12:48,800 --> 00:12:50,779 it? I'm not implying that we should have 372 00:12:50,780 --> 00:12:52,939 some type of autonomous system like China 373 00:12:52,940 --> 00:12:54,409 or so forth, but I do think that's 374 00:12:54,410 --> 00:12:55,339 something we should think about 375 00:12:55,340 --> 00:12:56,749 carefully. It maybe it raises debates 376 00:12:56,750 --> 00:12:57,750 about. 377 00:13:02,550 --> 00:13:04,739 Another aspect to this other 378 00:13:04,740 --> 00:13:06,869 study is that when you see someone, 379 00:13:06,870 --> 00:13:08,159 that investor on a foreign 380 00:13:08,160 --> 00:13:10,349 infrastructure, for example, the 381 00:13:10,350 --> 00:13:12,629 format of the telephony 382 00:13:12,630 --> 00:13:14,599 monopoly standard Telecom Italia as a 383 00:13:14,600 --> 00:13:16,709 portfolio of investment in Brazil, 384 00:13:16,710 --> 00:13:18,749 in this case, it has been has gone to 385 00:13:18,750 --> 00:13:20,279 South America to create the network 386 00:13:20,280 --> 00:13:21,419 infrastructure. 387 00:13:21,420 --> 00:13:23,669 This means that in a certain case 388 00:13:23,670 --> 00:13:25,279 of the test performed, 389 00:13:26,680 --> 00:13:28,829 the connection to that is traveling 390 00:13:28,830 --> 00:13:31,169 from your Brazilian carrier 391 00:13:31,170 --> 00:13:33,329 to reassure us, but through some 392 00:13:33,330 --> 00:13:34,469 Italian infrastructure. 393 00:13:34,470 --> 00:13:36,839 This does not mean that the 394 00:13:36,840 --> 00:13:39,809 connection actually go down the ocean 395 00:13:39,810 --> 00:13:41,639 in Rome and then come back to Washington. 396 00:13:41,640 --> 00:13:43,739 It just because on the field 397 00:13:43,740 --> 00:13:46,109 in Brazil is present some Italian 398 00:13:46,110 --> 00:13:48,629 infrastructure and the IP addresses 399 00:13:48,630 --> 00:13:50,759 are associated to an Italian company. 400 00:13:50,760 --> 00:13:53,849 Therefore, the system recognizes 401 00:13:53,850 --> 00:13:56,029 the ownership and and 402 00:13:56,030 --> 00:13:58,259 the person and entity owning the 403 00:13:58,260 --> 00:13:59,260 infrastructure. 404 00:14:04,040 --> 00:14:06,109 Now, again, another example, 405 00:14:06,110 --> 00:14:08,569 given the political tension 406 00:14:08,570 --> 00:14:10,489 in Ukraine with regards to Russia 407 00:14:10,490 --> 00:14:12,589 throughout 2014 and the revolution 408 00:14:12,590 --> 00:14:14,269 in February, we decided to read the 409 00:14:14,270 --> 00:14:15,270 script in Ukraine. 410 00:14:16,250 --> 00:14:18,439 As you can see in the map, a lot 411 00:14:18,440 --> 00:14:20,329 of connections go to Russia. 412 00:14:20,330 --> 00:14:23,119 This is because essentially by accessing 413 00:14:23,120 --> 00:14:25,219 two of the main media websites 414 00:14:25,220 --> 00:14:27,349 in Ukraine, Pravda and Vesti, we can 415 00:14:27,350 --> 00:14:28,999 see that one of the main companies which 416 00:14:29,000 --> 00:14:30,979 tracks users is Yandex. 417 00:14:30,980 --> 00:14:33,319 And Yandex is sort of like the Google 418 00:14:33,320 --> 00:14:34,490 equivalent in Russia. 419 00:14:35,600 --> 00:14:37,700 Now, this raises a whole bunch of 420 00:14:39,080 --> 00:14:39,889 a whole bunch of questions. 421 00:14:39,890 --> 00:14:41,689 But essentially what I think is quite 422 00:14:41,690 --> 00:14:43,579 interesting is regardless of whether 423 00:14:43,580 --> 00:14:45,019 Ukrainians are, you know, pro-Russian or 424 00:14:45,020 --> 00:14:47,209 not, it really comes down to do 425 00:14:47,210 --> 00:14:49,099 they really want to have a lot of their 426 00:14:49,100 --> 00:14:50,959 data ending in Russia or do they really 427 00:14:50,960 --> 00:14:53,089 want Russia to have access to them? 428 00:14:53,090 --> 00:14:54,679 And do they really want a company like 429 00:14:54,680 --> 00:14:56,989 Yandex, which likely works 430 00:14:56,990 --> 00:14:58,549 hand in hand with Russian intelligence 431 00:14:58,550 --> 00:15:00,649 agencies to have access to the type of 432 00:15:00,650 --> 00:15:02,809 news they read and or other activities? 433 00:15:02,810 --> 00:15:04,879 And more or less a lot of things they 434 00:15:04,880 --> 00:15:05,880 do online. 435 00:15:06,500 --> 00:15:08,689 When you click on our country's colorada, 436 00:15:08,690 --> 00:15:10,969 you can see why is Colorado and 437 00:15:10,970 --> 00:15:13,429 which are the party 438 00:15:13,430 --> 00:15:15,019 running in there or their connection 439 00:15:15,020 --> 00:15:16,020 passing through? 440 00:15:18,280 --> 00:15:21,439 And with I close here, 441 00:15:21,440 --> 00:15:23,529 OK, but the goal here when 442 00:15:23,530 --> 00:15:24,999 we start to collectively talk was not to 443 00:15:25,000 --> 00:15:27,099 generate, uh, just a 444 00:15:27,100 --> 00:15:29,319 major and interesting things that 445 00:15:29,320 --> 00:15:31,389 we have created an API that is permitted 446 00:15:31,390 --> 00:15:33,309 to every researcher to collect this data 447 00:15:33,310 --> 00:15:35,559 and make an ISIS is an example 448 00:15:35,560 --> 00:15:36,909 of the, uh. 449 00:15:38,380 --> 00:15:40,839 Percentage exposure that is 450 00:15:40,840 --> 00:15:43,719 facing every country tested 451 00:15:43,720 --> 00:15:45,429 for these explosive. 452 00:15:45,430 --> 00:15:49,059 I mean, is enough that the one connection 453 00:15:49,060 --> 00:15:50,979 between the very many that are performing 454 00:15:50,980 --> 00:15:53,589 there when you are accessing that website 455 00:15:53,590 --> 00:15:55,779 is passing through a country 456 00:15:55,780 --> 00:15:58,059 to put to a sign 457 00:15:58,060 --> 00:16:00,279 you a presence of the counter, 458 00:16:00,280 --> 00:16:02,289 because if is running some program that 459 00:16:02,290 --> 00:16:04,029 analyzes the traffic of the foreigner in 460 00:16:04,030 --> 00:16:05,030 order to 461 00:16:06,310 --> 00:16:07,869 analyze their behavior. 462 00:16:09,150 --> 00:16:11,249 Need to be taken into account 463 00:16:11,250 --> 00:16:12,149 in this matter. 464 00:16:12,150 --> 00:16:14,309 We see, for example, in Russia 465 00:16:14,310 --> 00:16:17,309 on one test that ran on a certain 466 00:16:17,310 --> 00:16:19,019 carrier that the answer to the autonomous 467 00:16:19,020 --> 00:16:21,479 system with this number, 468 00:16:21,480 --> 00:16:23,549 because every 469 00:16:23,550 --> 00:16:26,069 Internet access provider has different 470 00:16:26,070 --> 00:16:27,839 contracts with other international 471 00:16:27,840 --> 00:16:29,189 carrier, there are four different 472 00:16:29,190 --> 00:16:30,989 international carriers, bring different 473 00:16:30,990 --> 00:16:31,990 routes. 474 00:16:32,720 --> 00:16:35,129 And so we can see that in Russia, 475 00:16:35,130 --> 00:16:36,779 one percent of the connection back to 476 00:16:36,780 --> 00:16:39,179 Russia, it is 85 477 00:16:39,180 --> 00:16:39,869 percent attached. 478 00:16:39,870 --> 00:16:42,119 USC, 77 to 479 00:16:42,120 --> 00:16:44,249 seventy seven percent. 480 00:16:44,250 --> 00:16:46,349 That's a great writer, Extra. 481 00:16:46,350 --> 00:16:48,749 And in this way, we can take a look 482 00:16:48,750 --> 00:16:50,519 at which are the country that are most 483 00:16:50,520 --> 00:16:52,799 present in our navigation, 484 00:16:52,800 --> 00:16:54,929 because we are we are 485 00:16:54,930 --> 00:16:57,059 seeing Nigeria, 486 00:16:57,060 --> 00:16:59,669 Italy, Philippines, Germany, 487 00:16:59,670 --> 00:17:02,249 Austria, etc.. 488 00:17:02,250 --> 00:17:04,379 For example, we have in 489 00:17:04,380 --> 00:17:06,598 Testor in Italy, different 490 00:17:06,599 --> 00:17:08,520 autonomous system means different 491 00:17:09,630 --> 00:17:11,489 provider involved and also different 492 00:17:11,490 --> 00:17:13,588 exposure of, uh, of the user, in 493 00:17:13,589 --> 00:17:16,419 this case, Europe. 494 00:17:16,420 --> 00:17:18,669 The idea to Europe without 495 00:17:18,670 --> 00:17:21,779 our specific meaning, our present 496 00:17:21,780 --> 00:17:23,848 that USA, as always, either. 497 00:17:33,300 --> 00:17:35,609 And that was 498 00:17:35,610 --> 00:17:36,820 when we started collecting 499 00:17:38,050 --> 00:17:40,239 all the tracker representa on 500 00:17:40,240 --> 00:17:43,149 a reciter, we figured out how to 501 00:17:43,150 --> 00:17:45,299 to to declare a Rostami 502 00:17:45,300 --> 00:17:46,359 the website. 503 00:17:46,360 --> 00:17:47,909 But this is impossible because we 504 00:17:47,910 --> 00:17:50,189 discovered that the amount of Trócaire 505 00:17:50,190 --> 00:17:52,439 injected by the website that changed 506 00:17:52,440 --> 00:17:54,299 it during the time and maybe also in the 507 00:17:54,300 --> 00:17:55,799 same day, they are changing at the 508 00:17:55,800 --> 00:17:56,069 moment. 509 00:17:56,070 --> 00:17:58,319 We are just analyzing every homepage 510 00:17:58,320 --> 00:17:59,320 that 511 00:18:00,630 --> 00:18:03,539 we see in this heat map 512 00:18:03,540 --> 00:18:05,849 on the X certain 513 00:18:05,850 --> 00:18:08,039 amount of media and 514 00:18:08,040 --> 00:18:10,469 on the Epsilon Vitez stranded 515 00:18:10,470 --> 00:18:11,459 in the trees. 516 00:18:11,460 --> 00:18:13,709 Yes, I'm a goat. 517 00:18:13,710 --> 00:18:16,049 And so if someone can help us to develop 518 00:18:16,050 --> 00:18:18,479 a better visualization is welcome. 519 00:18:18,480 --> 00:18:20,669 But I'm also aware of their 520 00:18:20,670 --> 00:18:21,689 overall squarer. 521 00:18:21,690 --> 00:18:23,679 You can see how many tracker represent 522 00:18:23,680 --> 00:18:26,129 that when the test has been performed. 523 00:18:26,130 --> 00:18:28,559 These are heat mapper was intended to see 524 00:18:28,560 --> 00:18:30,869 if some media 525 00:18:30,870 --> 00:18:33,209 dependently on the source 526 00:18:33,210 --> 00:18:35,309 of the user provide a different 527 00:18:35,310 --> 00:18:37,269 tracker and varsities. 528 00:18:37,270 --> 00:18:38,270 Yes. 529 00:18:43,480 --> 00:18:45,759 So when we access media websites, 530 00:18:45,760 --> 00:18:47,079 we're not only vulnerable because our 531 00:18:47,080 --> 00:18:49,209 data travels to various servers all over 532 00:18:49,210 --> 00:18:51,249 the world, which we cannot control, but 533 00:18:51,250 --> 00:18:54,069 also because a whole bunch of third party 534 00:18:54,070 --> 00:18:56,169 companies, which we haven't 535 00:18:56,170 --> 00:18:57,969 given our consent to and which we don't 536 00:18:57,970 --> 00:18:59,979 know trackers track us in the process. 537 00:19:01,270 --> 00:19:03,339 We have collected some figures which 538 00:19:03,340 --> 00:19:05,319 illustrates which are the primary 539 00:19:05,320 --> 00:19:07,299 companies which track us in every case. 540 00:19:07,300 --> 00:19:09,069 So we can see, for example, that in 541 00:19:09,070 --> 00:19:11,139 Germany, based on the media 542 00:19:11,140 --> 00:19:13,269 websites that we run the script on in 543 00:19:13,270 --> 00:19:15,579 most cases and 80 percent of the cases, 544 00:19:15,580 --> 00:19:17,649 Google is the company which 545 00:19:17,650 --> 00:19:19,719 tracks us. And if we scroll down, 546 00:19:19,720 --> 00:19:21,519 we can also see that Google actually is 547 00:19:21,520 --> 00:19:23,589 the dominant company in almost all 548 00:19:23,590 --> 00:19:26,049 of the countries that we run the test 549 00:19:26,050 --> 00:19:28,119 on, actually over 30 550 00:19:28,120 --> 00:19:30,429 countries that we have analyzed in twenty 551 00:19:30,430 --> 00:19:32,529 eight of them. Google is the main company 552 00:19:32,530 --> 00:19:35,049 which tracks users in almost 553 00:19:35,050 --> 00:19:37,149 90 percent of all cases, except 554 00:19:37,150 --> 00:19:38,049 for two exceptions. 555 00:19:38,050 --> 00:19:40,149 The one is South Africa, where 556 00:19:40,150 --> 00:19:42,009 effective measure is in the first place. 557 00:19:42,010 --> 00:19:44,349 And the second example is Russia, where 558 00:19:44,350 --> 00:19:46,479 Yandex does the most tracking, which is 559 00:19:46,480 --> 00:19:48,549 sort of like the Google equivalent in 560 00:19:48,550 --> 00:19:50,589 Russia, as mentioned earlier, but still 561 00:19:50,590 --> 00:19:52,659 is a very small difference with Google. 562 00:19:52,660 --> 00:19:54,009 So what we can say is that Google is the 563 00:19:54,010 --> 00:19:55,839 main company. And then again, this raises 564 00:19:55,840 --> 00:19:57,759 questions as to whether Google should 565 00:19:57,760 --> 00:19:59,589 have this type of monopoly and so forth. 566 00:19:59,590 --> 00:20:01,299 But then again, it's not a simple 567 00:20:01,300 --> 00:20:03,429 question, of course, because a 568 00:20:03,430 --> 00:20:04,779 lot of media web, a lot of media 569 00:20:04,780 --> 00:20:06,399 organizations use Google Analytics. 570 00:20:06,400 --> 00:20:08,139 And that's why that's one of the reasons 571 00:20:08,140 --> 00:20:09,459 why Google ends up tracking you. 572 00:20:09,460 --> 00:20:10,839 And then the question is, you know, what 573 00:20:10,840 --> 00:20:11,979 alternatives are there to Google 574 00:20:11,980 --> 00:20:13,629 Analytics and whether we should work with 575 00:20:13,630 --> 00:20:15,219 media organizations to help them find 576 00:20:15,220 --> 00:20:17,439 alternatives so that all data doesn't end 577 00:20:17,440 --> 00:20:18,609 up with Google in the end. 578 00:20:18,610 --> 00:20:20,679 And we can bring some type of end to this 579 00:20:20,680 --> 00:20:21,680 Google Germany. 580 00:20:28,580 --> 00:20:30,649 So when you 581 00:20:30,650 --> 00:20:32,449 read the script identified hundreds, if 582 00:20:32,450 --> 00:20:34,729 not thousands of companies, of course, we 583 00:20:34,730 --> 00:20:36,199 don't in these last four months, we don't 584 00:20:36,200 --> 00:20:38,269 have time to analyze and go through every 585 00:20:38,270 --> 00:20:39,979 single one of them. So we decided, for 586 00:20:39,980 --> 00:20:41,689 starters, to look at the so-called 587 00:20:41,690 --> 00:20:43,699 globally prevailing tracking companies. 588 00:20:43,700 --> 00:20:45,859 By that we mean the companies which track 589 00:20:45,860 --> 00:20:47,629 you the most based on the media websites 590 00:20:47,630 --> 00:20:48,589 that we analyzed. 591 00:20:48,590 --> 00:20:50,299 So basically the companies like Google, 592 00:20:50,300 --> 00:20:52,579 which presents the highest percentages 593 00:20:52,580 --> 00:20:54,259 as illustrated in visualization 594 00:20:54,260 --> 00:20:56,659 previously, by looking at the websites, 595 00:20:56,660 --> 00:20:58,309 we can see that their main business model 596 00:20:58,310 --> 00:21:01,249 is based on advertising and profiling. 597 00:21:01,250 --> 00:21:03,199 Profiling and web analytics kind of feeds 598 00:21:03,200 --> 00:21:04,459 into advertising. 599 00:21:04,460 --> 00:21:06,409 And, you know, a lot of people have said 600 00:21:06,410 --> 00:21:07,549 to us, especially over the last month 601 00:21:07,550 --> 00:21:09,139 when we've been working on this, is that, 602 00:21:09,140 --> 00:21:11,479 you know, I don't care if Google or 603 00:21:11,480 --> 00:21:13,609 Facebook or any company is tracking me 604 00:21:13,610 --> 00:21:15,139 for the sake of advertising. 605 00:21:15,140 --> 00:21:17,209 I mean, an end of the day, you know, 606 00:21:17,210 --> 00:21:19,249 they improve my Web experience, they 607 00:21:19,250 --> 00:21:20,599 provide me service and so forth. 608 00:21:20,600 --> 00:21:21,709 What's the big deal? 609 00:21:21,710 --> 00:21:23,269 That's a lot of arguments we've been 610 00:21:23,270 --> 00:21:24,289 getting over the last month. 611 00:21:24,290 --> 00:21:25,909 It's kind of hard supposedly to tackle 612 00:21:25,910 --> 00:21:27,589 that, but we think it's a bit more 613 00:21:27,590 --> 00:21:28,579 political than that. 614 00:21:28,580 --> 00:21:29,580 And here's why. 615 00:21:30,950 --> 00:21:33,319 So last night, Jake 616 00:21:33,320 --> 00:21:35,419 and Laura Poitras gave a fantastic 617 00:21:35,420 --> 00:21:38,479 talk about reconstructing the artists. 618 00:21:38,480 --> 00:21:40,279 I'm guessing most of you attended, right? 619 00:21:41,480 --> 00:21:42,409 Yeah, cool. 620 00:21:42,410 --> 00:21:45,529 OK, so following their talk, 621 00:21:45,530 --> 00:21:47,989 how many of you accessed Der Spiegel 622 00:21:47,990 --> 00:21:50,449 Slash International to read, 623 00:21:50,450 --> 00:21:52,189 you know, the latest revelations about 624 00:21:52,190 --> 00:21:54,379 attacks on crypto SSL and 625 00:21:54,380 --> 00:21:56,180 targeted killings in Afghanistan? 626 00:21:57,650 --> 00:21:59,689 But that can lower the hand who, as you 627 00:21:59,690 --> 00:22:00,690 said, Tara. 628 00:22:02,630 --> 00:22:05,269 Because we're actually OK, so who 629 00:22:05,270 --> 00:22:07,729 who access this while using Tor 630 00:22:07,730 --> 00:22:08,689 without. 631 00:22:08,690 --> 00:22:10,279 OK, so who's with Tor? 632 00:22:10,280 --> 00:22:11,280 Who accesses with Tor? 633 00:22:12,530 --> 00:22:14,509 OK, so who accessed the latest 634 00:22:14,510 --> 00:22:16,579 revelations on the Spiegel without 635 00:22:16,580 --> 00:22:17,580 using Tor? 636 00:22:19,150 --> 00:22:20,109 Oh, wow. 637 00:22:20,110 --> 00:22:21,939 OK, so great. 638 00:22:21,940 --> 00:22:23,739 Well, not great, but actually, I'm going 639 00:22:23,740 --> 00:22:25,459 to shows for most of you. 640 00:22:25,460 --> 00:22:27,759 So after the talk, 641 00:22:27,760 --> 00:22:29,739 we thought, oh, what's happening now? 642 00:22:29,740 --> 00:22:31,039 That everyone's Axis and Spiegel. 643 00:22:31,040 --> 00:22:32,259 So we decided to run the script last 644 00:22:32,260 --> 00:22:33,310 night to figure out. 645 00:22:34,840 --> 00:22:36,519 So, as you can see, shall we run the 646 00:22:36,520 --> 00:22:39,819 script based on just the Spiegelhalter? 647 00:22:39,820 --> 00:22:42,339 But also there was a Spiegel 648 00:22:42,340 --> 00:22:44,139 article where we've run the script to 649 00:22:44,140 --> 00:22:46,449 collect the results for the specific page 650 00:22:46,450 --> 00:22:48,699 of the revelations, as 651 00:22:48,700 --> 00:22:50,169 you can see there, with regards to 652 00:22:50,170 --> 00:22:52,359 trucking companies, more companies, 653 00:22:52,360 --> 00:22:54,289 tractors. Last night when we access the 654 00:22:54,290 --> 00:22:56,499 specific page, the revelations, then 655 00:22:56,500 --> 00:22:58,839 when we just access dashboard in general. 656 00:22:58,840 --> 00:23:00,759 And as we can also see, some of these 657 00:23:00,760 --> 00:23:02,949 companies include Google, Twitter and 658 00:23:02,950 --> 00:23:04,899 Facebook and FOIA. 659 00:23:04,900 --> 00:23:06,879 These companies have kind of been 660 00:23:06,880 --> 00:23:08,829 compromised by the NSA through a prism. 661 00:23:08,830 --> 00:23:10,869 PRISM has been collecting data in bulk by 662 00:23:10,870 --> 00:23:12,249 these companies, as we know. 663 00:23:12,250 --> 00:23:14,589 We also know that the NSA has hacked into 664 00:23:14,590 --> 00:23:16,419 the data centers of Google through the 665 00:23:16,420 --> 00:23:18,819 muscular program and so on and so forth. 666 00:23:18,820 --> 00:23:20,949 So what we can see basically is that last 667 00:23:20,950 --> 00:23:23,109 night when we all accessed Der Spiegel 668 00:23:23,110 --> 00:23:25,299 to gain access, this 669 00:23:25,300 --> 00:23:27,129 very important information these 670 00:23:27,130 --> 00:23:29,409 companies were tracking on us, and these 671 00:23:29,410 --> 00:23:31,209 companies also work handstands with those 672 00:23:31,210 --> 00:23:32,709 who probably don't want us to get access 673 00:23:32,710 --> 00:23:34,239 to that information. 674 00:23:34,240 --> 00:23:35,679 So maybe that's just something we should 675 00:23:35,680 --> 00:23:37,899 think about, and especially 676 00:23:37,900 --> 00:23:39,099 if we're ever going to argue again that, 677 00:23:39,100 --> 00:23:40,839 you know, they just do advertising. 678 00:23:47,140 --> 00:23:49,329 So how do these 679 00:23:49,330 --> 00:23:51,129 trackers even handle the data anyway? 680 00:23:51,130 --> 00:23:52,809 What do they do with our data? 681 00:23:52,810 --> 00:23:54,759 It's kind of hard to answer because the 682 00:23:54,760 --> 00:23:56,799 real answer is we don't know. 683 00:23:56,800 --> 00:23:59,289 And that itself is the actual problem. 684 00:23:59,290 --> 00:24:00,759 When we say that they track us in the 685 00:24:00,760 --> 00:24:02,379 track, our data is actually what we mean 686 00:24:02,380 --> 00:24:04,599 is that they track our IP address, 687 00:24:04,600 --> 00:24:05,949 they track our browsing history, our 688 00:24:05,950 --> 00:24:07,929 search history, the scrolling movements 689 00:24:07,930 --> 00:24:09,939 of our mouse when we access the Web page. 690 00:24:09,940 --> 00:24:11,439 So last night, for example, when we were 691 00:24:11,440 --> 00:24:13,809 reading Jagan Lauras 692 00:24:13,810 --> 00:24:15,999 Erens fantastic article, 693 00:24:16,000 --> 00:24:17,559 they could literally like track the 694 00:24:17,560 --> 00:24:19,269 movements of our mouse if we copy paste 695 00:24:19,270 --> 00:24:20,799 something and so forth. 696 00:24:20,800 --> 00:24:22,599 But in addition to that, these companies 697 00:24:22,600 --> 00:24:24,399 create a whole wide range of data from a 698 00:24:24,400 --> 00:24:25,839 whole bunch of other sources. 699 00:24:25,840 --> 00:24:27,069 And that's why we thought it might be 700 00:24:27,070 --> 00:24:28,959 interesting to look at their privacy 701 00:24:28,960 --> 00:24:31,149 policies, not because they necessarily do 702 00:24:31,150 --> 00:24:32,709 what they say they do in the privacy 703 00:24:32,710 --> 00:24:34,509 policies, but because unfortunately, 704 00:24:34,510 --> 00:24:36,609 that's kind of like our best shots 705 00:24:36,610 --> 00:24:37,749 if we want to know what to do with our 706 00:24:37,750 --> 00:24:39,939 data and also by looking at their privacy 707 00:24:39,940 --> 00:24:41,709 policies when compared to what they 708 00:24:41,710 --> 00:24:43,899 actually do. So, for example, if they say 709 00:24:43,900 --> 00:24:45,549 in their privacy policy that they do not 710 00:24:45,550 --> 00:24:46,550 use, I don't know, 711 00:24:47,710 --> 00:24:49,149 whatever cookies or whatever tracking 712 00:24:49,150 --> 00:24:50,889 technologies, and then we figure out that 713 00:24:50,890 --> 00:24:52,449 they do. And that's where we can 714 00:24:52,450 --> 00:24:53,919 actually, you know, raise a discussion 715 00:24:53,920 --> 00:24:54,999 with them. 716 00:24:55,000 --> 00:24:57,069 So what we have done is that we looked at 717 00:24:57,070 --> 00:24:58,449 the privacy policies of some of the 718 00:24:58,450 --> 00:25:00,789 globally prevailing tracking companies 719 00:25:00,790 --> 00:25:03,069 in order to collect the following 720 00:25:03,070 --> 00:25:04,869 fields of data as including the slide, 721 00:25:04,870 --> 00:25:06,309 like what types of data they collect and 722 00:25:06,310 --> 00:25:07,209 so forth. 723 00:25:07,210 --> 00:25:09,369 And this data, we have put it in 724 00:25:09,370 --> 00:25:11,709 a V on a repository on GitHub, 725 00:25:11,710 --> 00:25:13,359 which means you can all access it, you 726 00:25:13,360 --> 00:25:15,009 can all contribute to it. 727 00:25:15,010 --> 00:25:16,539 Please do contribute to it. 728 00:25:16,540 --> 00:25:18,069 There are a lot of companies and we 729 00:25:18,070 --> 00:25:19,809 cannot do all of it ourselves. 730 00:25:19,810 --> 00:25:21,219 And also it would be fantastic if we 731 00:25:21,220 --> 00:25:22,719 could get some lawyers to help us do it 732 00:25:22,720 --> 00:25:24,939 and do more research on that. 733 00:25:24,940 --> 00:25:26,769 Well, we want to obtain that with that is 734 00:25:26,770 --> 00:25:28,839 a nobody read the terms of service. 735 00:25:28,840 --> 00:25:30,759 Nobody reads the privacy policy because 736 00:25:30,760 --> 00:25:32,889 they are in fact that longer complex, 737 00:25:32,890 --> 00:25:34,509 maybe the language barrier. 738 00:25:34,510 --> 00:25:36,849 Maybe you are touching a company 739 00:25:36,850 --> 00:25:39,249 with a hidden Third-Party tracker, 740 00:25:39,250 --> 00:25:40,899 but you are not aware that exist. 741 00:25:40,900 --> 00:25:43,199 Like to be blogging for Firefox to 742 00:25:43,200 --> 00:25:45,159 show these things. 743 00:25:45,160 --> 00:25:47,529 In this way, we can convert 744 00:25:47,530 --> 00:25:49,689 the privacy policy and terms of services 745 00:25:49,690 --> 00:25:51,699 in a machine readable format. 746 00:25:51,700 --> 00:25:54,519 And then the app or um, 747 00:25:54,520 --> 00:25:56,619 or other businesses can use 748 00:25:56,620 --> 00:25:58,449 this data in order to provide an easier 749 00:25:58,450 --> 00:26:00,549 realization for the user that 750 00:26:00,550 --> 00:26:01,749 there can be more aware. 751 00:26:01,750 --> 00:26:03,399 So by looking at the privacy policies and 752 00:26:03,400 --> 00:26:05,589 I repeat, I think personally that 753 00:26:05,590 --> 00:26:06,879 I mean, on the one hand, it's great that 754 00:26:06,880 --> 00:26:08,049 they have privacy policies. 755 00:26:08,050 --> 00:26:10,059 On the other hand, I'm not sure how 756 00:26:10,060 --> 00:26:11,559 useful they are because it's not clear if 757 00:26:11,560 --> 00:26:13,699 they actually do do what 758 00:26:13,700 --> 00:26:14,889 they claim they do. 759 00:26:14,890 --> 00:26:16,959 But like Amazon is kind of like the 760 00:26:16,960 --> 00:26:18,759 best information we can get right now 761 00:26:18,760 --> 00:26:20,499 from their privacy policies that what was 762 00:26:20,500 --> 00:26:22,269 interesting to see is that most of them 763 00:26:22,270 --> 00:26:24,099 are based in the US, which kind of again, 764 00:26:24,100 --> 00:26:26,319 you know, in the past 765 00:26:26,320 --> 00:26:27,519 has been we saw that Muslim based in the 766 00:26:27,520 --> 00:26:29,259 US, which again is interesting, kind of 767 00:26:29,260 --> 00:26:31,329 like shows again, the US, Germany, 768 00:26:31,330 --> 00:26:32,859 when it comes to everything, even when it 769 00:26:32,860 --> 00:26:34,089 comes to infrastructure and collecting 770 00:26:34,090 --> 00:26:35,229 data and so forth. 771 00:26:35,230 --> 00:26:36,759 But more importantly, we can see that 772 00:26:36,760 --> 00:26:38,889 only three of them support supporting on 773 00:26:38,890 --> 00:26:40,539 track, one of which is Twitter, thanks to 774 00:26:40,540 --> 00:26:42,669 us. And the other one is that basically 775 00:26:42,670 --> 00:26:44,079 eleven out of twenty five that we looked 776 00:26:44,080 --> 00:26:46,399 at do not only 777 00:26:46,400 --> 00:26:47,709 in about twenty five disclose how long 778 00:26:47,710 --> 00:26:49,629 they retain data for, but still even the 779 00:26:49,630 --> 00:26:51,219 ones that do disclose how they're taking 780 00:26:51,220 --> 00:26:52,539 data for that. Again, it's kind of 781 00:26:52,540 --> 00:26:54,399 negotiable because while they might say, 782 00:26:54,400 --> 00:26:55,899 for example, that they retain data for 783 00:26:55,900 --> 00:26:57,999 730 days, that retention data 784 00:26:58,000 --> 00:26:59,619 retention period might potentially be 785 00:26:59,620 --> 00:27:01,749 renewed, we do not know who they share 786 00:27:01,750 --> 00:27:04,149 data with, who they sell data to, 787 00:27:04,150 --> 00:27:05,949 how long they retain data for and so 788 00:27:05,950 --> 00:27:08,019 forth. And it's this endless, like 789 00:27:08,020 --> 00:27:09,699 chain of third party actors who 790 00:27:09,700 --> 00:27:11,079 eventually gain access to our data. 791 00:27:11,080 --> 00:27:12,369 And it's such a big mess. 792 00:27:12,370 --> 00:27:14,529 So the point is that we do not know what 793 00:27:14,530 --> 00:27:15,459 happens at the end of the day. 794 00:27:15,460 --> 00:27:16,689 And that itself is a problem. 795 00:27:16,690 --> 00:27:18,579 And we think that just by looking at I 796 00:27:18,580 --> 00:27:19,869 suppose we might get some type of 797 00:27:19,870 --> 00:27:20,870 insight. 798 00:27:22,230 --> 00:27:24,329 OK, and that is the 799 00:27:24,330 --> 00:27:26,789 API that is designed and 800 00:27:26,790 --> 00:27:28,709 we have a database that is collecting all 801 00:27:28,710 --> 00:27:30,779 veterans, all the data, all the NSA 802 00:27:30,780 --> 00:27:32,879 solution and they remnants of the NSA 803 00:27:32,880 --> 00:27:35,639 and all the media visited and a 804 00:27:35,640 --> 00:27:37,919 third party that was injected, the 805 00:27:37,920 --> 00:27:39,719 privacy policy converter, the immaculate, 806 00:27:39,720 --> 00:27:40,799 readable format. 807 00:27:40,800 --> 00:27:42,869 And we were maximizing the 808 00:27:42,870 --> 00:27:45,029 resolution of a autonomous system 809 00:27:45,030 --> 00:27:46,769 of this kind of a solution with the 810 00:27:46,770 --> 00:27:48,929 disconnected dots mean there are JS 811 00:27:48,930 --> 00:27:50,349 on the list that the permissable 812 00:27:50,350 --> 00:27:52,419 conversion between the domain name of 813 00:27:52,420 --> 00:27:53,879 the third party and the name of their 814 00:27:53,880 --> 00:27:56,039 company and all this data are 815 00:27:56,040 --> 00:27:58,319 integrated in our database in the future 816 00:27:58,320 --> 00:28:00,659 will be extended with the new data. 817 00:28:00,660 --> 00:28:03,419 The goal of this API is permitted to 818 00:28:03,420 --> 00:28:06,089 develop a research like a researcher 819 00:28:06,090 --> 00:28:08,549 to extract that data and use it for the 820 00:28:08,550 --> 00:28:09,779 analysis, etc.. 821 00:28:09,780 --> 00:28:11,999 The whole goal of photography is 822 00:28:12,000 --> 00:28:14,199 a creator globally because 823 00:28:14,200 --> 00:28:16,229 we want to cover every country 824 00:28:16,230 --> 00:28:17,519 observatory because 825 00:28:19,170 --> 00:28:21,239 during the time want to Mitrovic 826 00:28:21,240 --> 00:28:23,309 change the qualification about it 827 00:28:23,310 --> 00:28:25,529 with Rakhim Business and VEI and 828 00:28:25,530 --> 00:28:28,199 exposure of the user in the network, 829 00:28:28,200 --> 00:28:29,999 you can find a link of their 830 00:28:30,000 --> 00:28:32,219 documentation and our Privacy 831 00:28:32,220 --> 00:28:33,599 Policy Convergence Initiative. 832 00:28:33,600 --> 00:28:34,890 At the moment, only 26 833 00:28:36,090 --> 00:28:38,399 compañero has been converted because 834 00:28:38,400 --> 00:28:40,559 is are quite human intensive 835 00:28:40,560 --> 00:28:42,669 operation. But you know, this 836 00:28:42,670 --> 00:28:43,670 will crowd the. 837 00:28:44,890 --> 00:28:46,059 This can be easier. 838 00:28:47,770 --> 00:28:49,599 So how can we block and circumvent online 839 00:28:49,600 --> 00:28:52,329 tracking? There's no easy solution, but 840 00:28:52,330 --> 00:28:54,099 for starters, we could all start with 841 00:28:54,100 --> 00:28:56,229 these. For example, the EFF 842 00:28:56,230 --> 00:28:58,119 has a privacy badge, which is pretty 843 00:28:58,120 --> 00:28:59,019 awesome. 844 00:28:59,020 --> 00:29:00,699 That is one example of how we can block 845 00:29:00,700 --> 00:29:03,099 some Third-Party trackers in this table 846 00:29:03,100 --> 00:29:05,199 with other tools which we can 847 00:29:05,200 --> 00:29:07,449 use like no script to block 848 00:29:07,450 --> 00:29:09,669 the party scripts or script. 849 00:29:09,670 --> 00:29:11,679 No, if you're using Chrome, which may be 850 00:29:11,680 --> 00:29:14,169 best to switch to Firefox, but anyway, 851 00:29:14,170 --> 00:29:16,299 um, or for example, 852 00:29:16,300 --> 00:29:18,129 go through disconnects if you want to 853 00:29:18,130 --> 00:29:20,109 visualize third party trackers and also 854 00:29:20,110 --> 00:29:22,029 block them. So this is just an example of 855 00:29:22,030 --> 00:29:24,069 some of the tools which can be used, you 856 00:29:24,070 --> 00:29:26,029 know, to block some online tracking. 857 00:29:26,030 --> 00:29:27,999 Of course, it is important to emphasize 858 00:29:28,000 --> 00:29:29,799 that, you know, the use of Tor on top of 859 00:29:29,800 --> 00:29:32,799 all of this is always great, you know, to 860 00:29:32,800 --> 00:29:34,509 to hide your IP address and so forth, 861 00:29:34,510 --> 00:29:36,519 which is something that I always try use 862 00:29:36,520 --> 00:29:37,749 to identify you. 863 00:29:37,750 --> 00:29:39,069 Um, OK. 864 00:29:39,070 --> 00:29:41,379 This is also better expand on 865 00:29:41,380 --> 00:29:43,809 my schedule for the website. 866 00:29:43,810 --> 00:29:46,349 You can find that here at the end. 867 00:29:46,350 --> 00:29:48,409 The Villinger. 868 00:29:48,410 --> 00:29:49,410 Um. 869 00:29:50,920 --> 00:29:52,749 Imagine a little website that are 870 00:29:52,750 --> 00:29:54,789 expensive to support for the defense. 871 00:29:54,790 --> 00:29:57,459 Uh, we just, uh, point out that 872 00:29:57,460 --> 00:29:58,740 someone can defensor it's 873 00:30:00,310 --> 00:30:02,469 itself, uh, blocking the third 874 00:30:02,470 --> 00:30:05,199 party like Adblock or someone out a split 875 00:30:05,200 --> 00:30:07,269 entity or multiple browser in order to do 876 00:30:07,270 --> 00:30:09,999 not. Falletta across the website 877 00:30:10,000 --> 00:30:12,639 association. Correlation, anyway, 878 00:30:12,640 --> 00:30:14,889 is, um, we're 879 00:30:14,890 --> 00:30:17,469 going to finish. And, uh, the 880 00:30:17,470 --> 00:30:19,729 best way to contribute in Tachograph 881 00:30:19,730 --> 00:30:21,969 is contribute to the Middle East 882 00:30:21,970 --> 00:30:25,209 because it's is important to have a 883 00:30:25,210 --> 00:30:26,959 complete Middle East about to be made 884 00:30:26,960 --> 00:30:29,169 accessible in every nation and eventually 885 00:30:29,170 --> 00:30:31,029 also some kind of politically sensitive 886 00:30:31,030 --> 00:30:32,739 content. Because if something is 887 00:30:32,740 --> 00:30:34,989 important, can be added to the test 888 00:30:34,990 --> 00:30:37,119 and run with a state when the Middle 889 00:30:37,120 --> 00:30:39,309 East is reading that Python script 890 00:30:39,310 --> 00:30:41,079 that, uh, around, uh, fundamental. 891 00:30:41,080 --> 00:30:42,999 Yes. And JavaScript and, uh, sorry. 892 00:30:43,000 --> 00:30:45,139 And out and then send out automatically 893 00:30:45,140 --> 00:30:47,399 results to our server 894 00:30:47,400 --> 00:30:48,819 is an open source on GitHub. 895 00:30:48,820 --> 00:30:50,589 And, uh, we have to request that you can 896 00:30:50,590 --> 00:30:51,429 be part of it. 897 00:30:51,430 --> 00:30:53,319 And in addition to helping us review 898 00:30:53,320 --> 00:30:54,939 media around the world, for example, if 899 00:30:54,940 --> 00:30:56,589 your country is missing from the map and 900 00:30:56,590 --> 00:30:57,879 you'd like to see what tracking is going 901 00:30:57,880 --> 00:30:59,919 on there, you can help with Metellus. 902 00:30:59,920 --> 00:31:01,899 And in addition to writing, the script 903 00:31:01,900 --> 00:31:03,279 would be wonderful if you could, like, 904 00:31:03,280 --> 00:31:04,929 meet us and we could all like brainstorm 905 00:31:04,930 --> 00:31:06,989 of other ways with which we can deal with 906 00:31:06,990 --> 00:31:08,499 this issue and improve the project and so 907 00:31:08,500 --> 00:31:09,779 forth. It's still a project 908 00:31:10,830 --> 00:31:13,089 in progress. So any ideas are welcome. 909 00:31:13,090 --> 00:31:14,979 And I'm not sure if we have time for 910 00:31:14,980 --> 00:31:16,219 questions. 911 00:31:16,220 --> 00:31:17,559 I don't think so. 912 00:31:17,560 --> 00:31:18,789 I'm so sorry. 913 00:31:18,790 --> 00:31:20,199 I'm sure there are many of them. 914 00:31:20,200 --> 00:31:23,049 I should by myself 915 00:31:23,050 --> 00:31:25,419 in the teeth and now will be drinking 916 00:31:25,420 --> 00:31:27,069 tea. And, uh, way to your eventual 917 00:31:27,070 --> 00:31:28,070 question. 918 00:31:28,930 --> 00:31:30,879 Thank you so much for this very, very 919 00:31:30,880 --> 00:31:31,880 interesting talk. 920 00:31:37,700 --> 00:31:39,889 Sorry, also, you can access 921 00:31:39,890 --> 00:31:41,659 the budget at Feig. 922 00:31:41,660 --> 00:31:43,099 Feel free to access it and play with a 923 00:31:43,100 --> 00:31:44,100 map. Thank you.