Member of The Internet Defense League

Wednesday, 12 February 2014

Privacy and Security - A practical perspective

Following the interest shown in by the attendees at the Privacy and Security Session at 
CMCS college Nasik, Mozilla Nasik Community decided to cumulate all the interest and 
serve it with a more detailed workshop.

The approach:
   The community members met over a coffee and decided to be more specific on the type of 
audience for the workshop. A set of audience who would be interested in maintaining their 
privacy and security over the internet and would like the hands-on of all the methods one 
should follow to do so.

   A registration form was published and responses were analysed. Interestingly the 
form worked well. With questions like,
Will breach of your online privacy matter to you?
What methods do you use to secure your online presence?
What if all you read write and all your online activity is being watched, will it bother you?
gave some interesting responses with a mixed YES* and No*.
We ended up calling each participant who had registered, but the questionnaire did give us 
an insight on what the audience is thinking before attending the workshop.

The coffee did serve one more purpose, that of deciding on the agenda. I wanted the Nasik 
community members to take the reins in their hands and drive the workshop. Hence we listed out our workshop bullets(topics to cover) and delegated responsibility of each.

  • Hack the web using Webmking tool X-ray goggles.
  • Follow The Privacy and Security Teaching Kit.
  • about:permissions
  • about:privatebrowsing
  • about:config - overview
  • http vs https
  • Understanding Cookies
  • Lightbeam addon Handons.

The Workshop:
   We started with a brief introduction to Mozilla, the mozilla mission and how it merges 
with importance of privacy and security of the online users.

* Hack the web using Webmking tool X-ray goggles:
   X-ray goggles serve the basic purpose of understanding the web's basic building blocks. 
Even a non-technical person feels at home and understands the web if he/she tries to remix 
a website using x-ray goggles (X-ray being the most popular tool for remixing, we decided 
to go with them).

"If we understand and know, what something is made of, we have a better control over it.
 was the basic principal we followed at the start of the workshop. Making the audience 
aware of the Html, Css and JS used to build that something on the web using X-ray 

Consider an example: Your friend throws two planes at you, one made of paper and other of 
steel. Which one would you trust (considering you have option of dodging only one).

Its the paper plane you will trust, because you know it will not hurt you 
compared to the unknown steel plane which may have anything disastrous inside its 
structure. The same thing applies to the web. Understanding it, not being afraid of it and using it 
for the betterment and openness of the web is the thing we wanted to teach though this 

Useful links:

Exercise facilitated by Mayur Patil.

* about:permissions
   It is very important for all the users of the web to understand the basics behind the 
"about:permissions" facility provided in Mozilla Firefox.
This is the Permissions Manager, using which you can give certain websites the ability to 
store passwords, set cookies and more.
To view, change the preferences regarding permissions in the Firefox browser, type 
'about:permissions' into the Location Bar (address bar) and press Enter.

Understand the about:permissions.

 Useful links:

Exercise facilitated by Khushal Kariya.

* about:privatebrowsing :
   Private Browsing - Browse the web without saving information about the sites you visit.
Many a times you need the browser not to store the information(history) of sites you visit 
or the text entered, password and other choices made on the web.
Private Browsing allows you to browse the Internet without saving any information about 
which sites and pages you’ve visited.
To start private browsing mode in the Firefox browser, type 'about:privatebrowsing' into the 
Location Bar (address bar) and press Enter.

Useful links: redirectlocale=en-US&redirectslug=Private+Browsing

Exercise facilitated by Vishal Chavan.

about:config - overview :
   To control the browser you use while using the web is the most basic right one deserves 
over the open web. "about:config" gives user the complete freedom and opportunity to 
control his/her's presence over the internet. Mozilla Firefox is highly customizable, and 
there are a number of ways to change its appearance and behaviour.
To modify a preference in the Firefox browser, type 'about:config' into the Location Bar 
(address bar) and press Enter.

Useful Links:

Exercise facilitated by Ankit Gadgil.

http vs https :
   "You wouldn't write your username and passwords on a postcard and mail it for the world to 
see, so why are you doing it online? Every time you log in to any service that uses a 
plain HTTP connection that's essentially what you're doing.
" says Scott Gilbertson in his blog HTTPS is more secure, so why isn’t the Web using it?

There is a better way, the secure version of HTTP—HTTPS. That extra "S" in the URL means 
your connection is secure and it's much harder for anyone else to see what you're doing.
Hyper Text Transfer Protocol Secure (HTTPS) is a secure version of the Hyper Text Transfer 
Protocol (http). HTTPS allows secure eCommerce transactions, such as online banking. 

Why do we need this extra 'S'?
   The Web presents a unique set of trust issues, which businesses must address at the outset 
to minimize risk. Consumers submit information and purchase goods or services via the Internet only when they are confident that their personal information, such as credit card numbers and financial data, is secure. The solution for businesses reliant upon e-commerce is to implement a complete e-commerce trust infrastructure based on encryption technology.

Useful links:

Understanding Cookies :
    "Cookie" is a type of message that is given to a Web browser by a Web server. 
The main purpose of a cookie is to identify users and possibly prepare customized Web pages or to save site login information for you. 

Can Cookies be malicious?
   Yes, Cookies normally do not compromise security, but there is a growing trend of malicious cookies. These types of cookies can be used to store and track your activity online.
Cookies that watch your online activity are called malicious or tracking cookies.
These are the bad cookies to watch for, because they track you and your surfing habits, over time, to build a profile of your interests. Once that profile contains enough information there is a good chance that your information can be sold to an advertising company who then uses this profile information to target you with interest specific adverts.

Useful links:

Lightbeam Addon:
   It is important that everyone should have the tools to make their own decisions about 
their online privacy and who collects data on them.
With the Lightbeam add-on and database server, Mozilla is providing a valuable (and open) 
community research platform that aims to – Raise awareness – Promote analysis – Affect 
policy change in the areas of tracking and privacy.
Lightbeam is one step in a larger, concerted effort by Mozilla and its partners to provide 
Web users with greater control and transparency of their personal data. - from about Lightbeam.

"One of the most invisible things about the Internet is that there are hordes of robots constantly scrutinizing your aggregate online behavior and determining whether you fit a certain profile." says Atul Verma in his argument about Does Privacy Matter?

He further adds: "These robots don’t have to be working for the government, either. They could be working  for, say, your health insurance company, looking for prior conditions that you might be hiding from them. The robots might even ostensibly work for “the people” in the name of transparency and openness."

Lightbeam download:
Exercises facilitated by Ankit Gadgil

   This event format is contemporary, essential and practical. Discussing Privacy & Security with peers, students, teachers and netizens is the need of the day. Shielding our online lives from undesired surveillance is what the world is fighting for now. Understanding and getting to know about this is the 1st step towards securing the HEALTH of the web.
Event Photo stream:
Event Reps page:
Prequel Blog:

Useful Slides:

Mozillians at the event:
Mayur Patil
Vishal Chavan
Khushal Kariya
Dhanashree Chaudhary
Ronit Jadhav

Ankit Gadgil


Tuesday, 21 January 2014

Understand the Privacy and Secuirty of your online lives.

Security and Privacy being an important part of our online lives, all the netizens should know how to handle it and keep the web healthy.

With the help of active and enthusiastic Mozilla Nasik community members, we decided to host the session on Privacy and security  over a coffee on 18th Jan.
The meetup was attended by 11 girls in total organized by the new Womoz volunteer from Nasik, Dhanashree Chaudhary.

We had a talk about Open web and privacy issue faced by a normal user over the web.
With a small dialogue with the girls it was clear that many of them did not do much to protect their privacy and security over the internet.
We showed them Firefox addon Lightbeam and how to use it, the tracking preferences they can set over Firefox and also the use of cookies.

The girls were delighted to know how they can make their content private and which has to be kept public. At the end of the meet some girls were inquisitive to talk with us about a potential session for all their classmates on the topic of Privacy and security.
As always ready the community members instantly decided to conduct a session and had a meeting with the college management for the arrangement of the session.

Event Page:
Blog post:

The management was helpful in providing a seminar hall with required resources for the session.
The College principal was very happy to learn about the volunteer work by the community members.

The event was scheduled for 21st Jan 2014. We couldn't make a swag request as the time gap between the event date and its discussion was very less.
We all looked around our repositories for remaining swags and found some Webmaker sticker to give away.

Done with all the slides, content and attendee preparations the session was initiated by me with a basic introduction to Privacy and Security over the internet.

Mayur Patil took the stage with session on deeper understanding of Open source, its importance for students and developers alike. With introduction to Mozilla, Firefox Browser, Webmaker and Firefox Student Ambassadors (FSA) program, he was successful in keeping the audience glued to their seats wanting to know more.

I then started with a talk on Understanding Privacy and Security and Taking control of your online lives.

Part 1: Questions asked to the audience.
  • Only adults are concerned with online safety?
  • Activity online is mostly negative to my future?
  • Parental controls remove most risk for youth online?
  • Kids shouldn't have access to social media until they are at least 16 years of age and are aware of risks?
  • Kids should be allowed to access the web at school?
  • I protect myself/my family online by?

A mix of positive and negative answers from the audience triggered the interactive session.

Part 2: Discussion on some to-do practices over the web to secure your Privacy.
  • Don't leave passwords in open spaces.
  • Protect your personal information.
  • Don't leave your computer unlocked.
  • Secure ALL devices with unique and secure passwords.
  • Don't click on emails, or links from people you don't know, or that solicit personal information.
About Cybersafety Discussions triggered on the topics of:
  • Don't share any photo publicly, you wouldn't share with your grandma.
  • Never disclose your whereabouts publicly, or disclose you are alone.
  • Respect the privacy of others, don't post or tag photos of people without their permission.
  • Do not meet, or give out your full name, address, or phone number to anyone online that you don't trust or know in person.

Part 3: Is internet a scary place to be?
It was an obvious question which troubled many minds.

Answer: Not at all, the internet is a fun place to be at. A lot of sharing, building and making is what makes the internet the happening place. Opportunity for all is the key.
Be positive, enjoy sharing and making things made possible by the web - is the Mantra.

Part 4: We then talked about the procedures we can use to secure our privacy on the web.
  •  Cookies
    • Understanding Cookies.
    • What they do?
    • What makes them useful/harmful?
    • Enabling and disabling them.
  • Mozilla Firefox
    • Privacy Settings
    • Tracking preferences
    • about:permissions
    • about:privatebrowsing
  • Lightbeam (Addon) -  
Lightbeam addon gives the user a complete insight into the third party websites who collect the user's browsing activity with or without the user's consent.

Displaying this information in an interactive visualization - Graph, Clock and List. The visualization grows with every site one visits and every request made from the browser. The Lightbeam demo turned many interested heads to think about their privacy online.

  • X-ray goggles -
    • Introduction to x-ray goggles.
    • Demo by basic remixing a news site.

The aim of this exercise was to make the audience understand what the web is made of, how easy it is to understand it and how can we maintain our privacy and security while playing with it.

Whats Next?
Mozilla Nasik community is planning a more practical oriented handson event at CMCS college Nasik for the interested who like to build the web.
The registrations soon will be out on the Mozilla Nasik Blog and Mozilla Nasik Community Facebook group.
How to make optimum usage of Firefox, understanding about:config, about:permissions and about:privatebrowsing.
Create a FSA group at the college for further Mozilla activities.

Community members who attended the event: