Skip to main content

Educator, instructional technologist, tinkerer, musicmaker, hauler of bootstraps

networkeffects.ca

twitter.com/grantpotter

flickr.com/photos/grantpotter

onename.com/grantpotter

Grant Potter

Grant Potter

Privacy Badger | Electronic Frontier Foundation

Privacy Badger is a browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web.

Grant Potter

https://www.theguardian.com/media/2017/nov/16/monetising-millennials-what-the-corporate-world-thinks-it-knows-about-young-people "a rich gold seam waiting to be tapped, needing only the right combination of effortless cool, total authenticity and microscopic data tracking to crack it open."

"It better work out
I hope it works out my way
Cause it's getting kind of quiet in my city's head
Takes a teenage riot to get me out of bed right now."

https://youtu.be/xvDuATZCY8I

Grant Potter

Love the built-in tracking alerts/protection in #FirefoxQuantum

Grant Potter

via @tech_we_trust https://www.diglife.com/ "We believe our tech should serve without tracking us, protect without limiting us, and empower without betraying us. And such tech should be accessible to everyone without exception."

Grant Potter

http://thehackernews.com/2017/05/ultrasonic-tracking-signals-apps.html?m=1 "researchers said they discovered 234 Android applications that ask permission to access your smartphone’s microphone to incorporate a particular type ultrasonic beacon to track consumers."

Grant Potter

Tactics, Techniques, and Procedures

  • He identified peripheral web servers via Google and Linkedin searches
  • Used known WordPress flaws and custom bugs to compromise PHP sites
  • Linux authentication mechanisms were altered to capture credentials
  • Nmap was used to identify exposed network services internally
  • Corporate Wikis revealed administrative workflows and VPN details
  • Ticketing, bug tracking, and version control systems provided secrets (e.g. cryptographic keys, seeds, hashes, credentials, and source code)
  • Cookies from weak non-production instances (e.g. staging) were valid in production as cryptographic materials were the same — bypassing 2FA
  • Client certificates (exposed by email, ticketing, or lifted from filesystems) were combined with known credentials to access corporate VPNs
  • Engineering credentials were used to commit backdoors to version control which were self-approved and later deployed into production

Grant Potter

"As the collected data gathered shows an omnivorous click-stream, user tracking, targeting and surveillance become futile." https://adnauseam.io/

Grant Potter

Grant Potter

https://webtransparency.cs.princeton.edu/webcensus/ "We measure stateful (cookie-based) and stateless (fingerprinting-based) tracking, the effect of browser privacy tools, and "cookie syncing".