(missed the beginning of this, but apparently not too much. it was standing room only; was lucky to get a seat)

speaker: Robert Hansen

What is wanted

• Google wants higher ad spend
• Advertisers want to monetize users
• Users want quality products and better search results
• Everyone wants faster performance

Goal: protect sensitive info

Why Tor browser not solution

• admitted to 100 hacked nodes. know there are more
• “Grandpa” sends info over http instead of https and then hacked node hass it
• Can’t do everything anonymously. Anonomous != privacy

What willing to give up for security

• Usability – speed, bookmarks, autodfill,prefetching
• Most popups and warnings (“do you want to allow scripts” is useless)

Problems/Current Solutions

1. XDomain – request domain,no script. port locking,, remove credentials upon logout (limits what CSRF can do), split horizon dns (don’t let internet to see internal dns)
2. command execution – nocript plugin, quickjava plugin, remove protocol handlers (“are you sure you want to run”), sandboxie (for windows), antivirus (incremental gain if have extra cpu; just don’t rely on it), whitelisting. Many techniques are like an onion. Protection in layers. VM, sandbox, striped down browser.
3. Data exfiltration and privacy – disable Aero tranparency on Windows 7 so can’t see what behind window
4. Man in the iddle – SSH, proxies, VN tunnel
5. Pretext/phishing – NoScript, education. If don’t reuse passwords, it isn’t tgat helpful for someone to get it.

Plugins the speaker users

• NoScript
• FoxyProxy
• RequestPolicy
• QuickJava

However, to actually be secure, the web looks like 1996 – everything is text. But Lynx isn’t enough because nneed the ability to turn on.

Do Not Track

• Sends a signal to websites that don’t want to be tracked
• Three states
• #1 complaint about IE 10 is that doesn’t respect the spec
• Most browsers implement only 2 states – track or not at all
• Firefox follows spec – do no track, track do not tell sites about my security preferences (which is confusing)

Future

• More than 95% of browser revenue now comes from ads. Google paying almost $1B to be default search in Firefox.
• Google attacking ad blockers.
• locally sourced ads, require JavaScript to view websites, regulation in response to consumers.

Tool: Aviator for Mac to make more secure/private

My take on this
This was a lot of information in the part about his browser setup. I’m glad I know enough to be able to understand most of it! Some of it felt theoretical in that the perfect browser doesn’t actually. But I was surprised at how much technology exists to solve the problems we have. And the parts about advertisers influence were interesting.