Deconstructing Ad Networks for Fun and Profit
Speaker(s): Tim Libert
This talk focuses on an open-source software tool, webXray, which detects the presence of third-party data flows on the web and attributes such flows to the corporations which receive user data. The talk will first describe the challenges, dead ends, and solutions encountered in developing the software so that developers and novices in the audience may understand the nature of the problem domain. Second, the talk will cover how to use the tool to analyze targeted populations of web pages with an emphasis on scaling and cost considerations. Third, the talk will describe findings in three areas: tracking found on medical websites, Chinese websites, and newspaper websites including measures of user exposure to malware-hosting domains embedded in ostensibly trusted websites. The talk will conclude with a theoretical discussion of how those seeking to leverage ad networks to deliver malware may pick the best networks suited to their objectives.
Hacking through Business: Theory and Logistics
1700, Noether (2 hours)
Speaker(s): Moderators: Sean Auriti (Theory), Charles Beckwith (Logistics), Mitch Altman, Limor Fried, Phil Torrone, Ben Dubin-Thaler
It's rare that you see an engineer as CEO, but occasionally taking a technical idea to its logical conclusion requires the person who knows what's going on inside the black box to take the reigns. Someone who knew everything they needed to know to start the project technologically is suddenly confronted with human problems and legal issues and paths forward that might require new types of specialized knowledge and very different gut decisions. This extended panel discussion will address both the blue sky possibilities of a company led by tech, as well as the plethora of challenges thrown at anyone who finds it necessary to not let someone else run their business.
The Mathematical Mesh and the New Cryptography
Speaker(s): Phillip Hallam-Baker
Recent events have reminded us again of the urgent need to make encryption ubiquitous on the Internet. Yet, with the exception of Transport Layer Security, encryption remains the domain of "expert" users.
Hope X (2014) was held in the immediate aftermath of the publication of the Snowden papers. In the two years since, there have been many important developments in the standards world (in particular, IEEE, IETF, W3C) that are designed to defeat mass surveillance. These efforts include randomized MAC addresses for Wi-Fi, Certificate Transparency, and DNS privacy.
This talk will review those efforts and provide a preview of the next generation of cryptographic applications currently being built. The PrismProof email system described at Hope X has become the core of the Mathematical Mesh, an infrastructure that solves the encryption usability problem. Once a device is connected to a user's Mesh profile, all the network application settings (including for OpenPGP, SSH, etc.) are managed automatically from an application controlled by the user.
Solving the usability problem and the current move to elliptic curve based cryptography allows Internet security to move beyond the limited cryptographic primitives used in TLS, SSH, and OpenPGP. Public key encryption offers more than just encryption and signatures. Future message encryption schemes will allow end-to-end secure communication within groups of users without the sender having to create decryption material for each intended recipient.