back

Build your own NSA

How private companies leak your personal data into the public domain, and how you can buy it.

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
01:00:00
Language
German
Abstract
When thinking about surveillance, everyone worries about government agencies like the NSA and big corporations like Google and Facebook. But actually there are hundreds of companies that have also discovered data collection as a revenue source. We decided to do an experiment: Using simple social engineering techniques, we tried to get the most personal you may have in your procession.

When thinking about surveillance, everyone worries about government agencies like the NSA and big corporations like Google and Facebook. But actually there are hundreds of companies that have also discovered data collection as a revenue source. Companies which are quite big, with thousands of employees but names you maybe never heard of. They all try to get their hands on your personal data, often with illegal methods. Most of them keep their data to themselves, some exchange it, but a few sell it to anyone who's willing to pay.

We decided to do an experiment: Using simple social engineering techniques, we tried to get the most personal you may have in your procession. Your “click-stream data”, every URL you have been visiting while browsing the web.

After a couple of weeks and some phone calls we were able to acquire the personal data of millions of German Internet users - from banking, over communication with insurance companies to porn. Including several public figures from politics, media and society. In the talk, we'll explain how we got our hands on this data, what can be found inside and what this could mean for your own privacy and safety now and in the future.


* Introduction & background
* Who collects data and for which purposes
* How we got our hands on a large data sample
* What's in it? Detailed analysis of the data set
* How does it work? Analysis of the collection methods
* Outlook: Can we still save our privacy?

Talk ID
8034
Event:
33c3
Day
2
Room
Saal 2
Start
8:30 p.m.
Duration
01:00:00
Track
Security
Type of
lecture
Speaker
Andreas Dewes
@sveckert
Talk Slug & media link
33c3-8034-build_your_own_nsa

Talk & Speaker speed statistics

Very rough underestimation:
140.9 wpm
921.0 spm
While speaker(s) speak(s):
143.0 wpm
940.7 spm
156.4 wpm
1042.6 spm
120.5 wpm
769.8 spm
100.0% Checking done100.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%
  

Work on this video on Amara!

Talk & Speaker speed statistics with word clouds

Whole talk:
140.9 wpm
921.0 spm
nutzerdatendatensatzd.hnatürlichvieledomainsentsprechendrelativanzahleinfachbesuchtinformationenunseremfrageapplausdomainmöglichschützenentsprechendenuserdatenpunktesozusagenfirmenextensiondeanonymisierungsinnebspwentsprechende1ganzmöglichkeitextensionsbisschenfallvielleichtdafürurlsgutinternetsiehtnutzernangeschautidentifizierenz.bgesehenzeitbittemioöffentlichen
While speakers speak:
143.0 wpm
940.7 spm
nutzerdatendatensatzd.hvieledomainsanzahlrelativnatürlichunserembesuchtdomaininformationenentsprechendenentsprechendeinfachusersozusagenextensionmöglichentsprechendeangeschauturlssiehtfalldatenpunkte1miodeanonymisierungsinnenutzerndeswegenöffentlichenwebseitebspwinformationdafürz.beigenschaftenanonymisiertpersonfirmenrecherchedavonbrowsersämtlicheverfügungurlverfahrenwobei
Andreas Dewes:
156.4 wpm
1042.6 spm
nutzerdatensatzd.hdatendomainsanzahlvieledomainbesuchtunsereminformationenuserentsprechendentsprechendenrelativeinfachmöglichextensionentsprechendeurlsdeanonymisierungsinnemio1nutzerndatenpunktefalleigenschaftennatürlichbspwinformationangeschautpersondafüröffentlichenidentifizierenverfahrenextrahierenurlcasämtlichegesehenanonymisiertdatensätzeninternetwahrscheinlichkeitsogarverfügungdavonmeisten
@sveckert:
120.5 wpm
769.8 spm
datennatürlichsozusagenrelativfirmennutzerrecherchewebseitebisschenwissenganzvielesamplesiehtapplausleutemitarbeitergutannaziemlichkostenlosesdatensatzschauenmenschenpolitikernetzstückweitzbkleinenkurzniemandsowastunmeeztechnologyhellorosenbergtelavivderendeswegendringeschautz.bbüronochmalganzenanfang