Aelon Porat (@whereIsBiggles) is an information security manager at Cision. He has extensive experience attacking and defending corporate environments. Aelon likes to jump inside networks and out of planes, and in his spare time he enjoys demoing, speaking, and providing training at different events and conferences.
Power to the People: Effective Advocacy for Privacy and Security
Whenever a co-worker's password is cracked or someone's intimate pictures are plastered online, we roll our eyes and laugh at the idiot. We lose patience when the commoners don't understand the implications of search engine companies diversifying into home automation and genetic testing. We still can't effectively articulate the importance of being vigilant to non-techies. Why shouldn't someone use Windows XP or plug-and-play security cameras in their bedroom? After all, they've got nothing to hide and the old OS works just fine.
Our community is generally unsuccessful in promoting privacy and security to ordinary people. This talk will discuss common advocacy pitfalls and present effective training ideas that convey to non-techy folks the long-term importance of privacy and security.
For example, an app will be introduced that exposes extremely personal details on its users after it's given basic phone permissions. Regular users get to see intimate conclusions about their lives piled up on the server screen in real time, creating a unique profile as the innocent game they installed mines every byte of their data. Aelon will discuss the financial incentives around this, showing how users' profiles can be sold to data brokerages. There will be a demonstration of modern apps that may prolong screen time by displaying targeted, emotionally-engaging content when detecting that the user is about to leave. We will see how our brains react to certain stimuli which tech products can exploit to further hook users.
A phishing link will be demonstrated as it takes over a user's laptop. Databases of scattered consumer security cameras will be inspected to explore how unintended, yet fully-automated and efficient mass surveillance systems are created. This presentation will review some of the ways PIs track down a subject across the country and share other eye-opening demonstrations.
The talk will discuss where other conscientious techies can help with triggering meaningful discussions and opening the average person's eyes to the realities of tech in the 2020s.