DEF CON Forum Site Header Art

Announcement

Collapse
No announcement yet.

Local Sheriff

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Local Sheriff

    Saturday from 12:00 – 13:50 in Sunset 3 at Planet Hollywood
    Audience: AppSec, Code Assesments, and privacy researchers Konark Modi

    URL is the most commonly tracked piece of information, the innocent choice to structure a URL based on page content can make it easier to learn a users’ browsing history, address, health information or more sensitive details. While you as a user normally browse the internet Local Sheriff works in the background and helps you identify what sensitive information(PII—Name, Date Of Birth, Email, Passwords, Passport number, Auth tokens.) is being shared/leaked to which all third-parties and by which all websites. The issues that Local Sheriff helps identify:

    - What sensitive information is being shared with whom?
    - Which companies are own these third parties?
    - What can they doing with this information? EG: de-anonymize users on the internet, create shadow profiles.
    - Data points that can be used for tracking a user across the web.
    - Insights into which companies know what about you on the internet.

    Local Sheriff can also be used by organizations to audit:

    - Which all the third-parties that are being used on their websites.
    - The third-parties on the websites are implemented in a way that respect user’s privacy and sensitive data is not being leaked to them.

    Local Sheriff is a browser extension that can used with Chrome, Opera, Firefox, Brave, Cliqz.

    https://github.com/cliqz-oss/local-s...master/scripts

    Konark Modi
    Konark works as a Tech lead with Cliqz GmbH developing privacy-focused search engine and browser. He works on projects ranging across Privacy by design, Anonymous Data collection like Human Web, Anti-Tracking etc. Prior to Cliqz, Konark was working with one of the largest e-commerce website in India(Makemytrip.com) in data platform and security team, solving interesting challenges related to DWH, BI and data security. His recent personal projects, in an endeavor to help organizations fix vulnerabilities have spanned across browsers, health trackers, Government services, travel mobile apps etc.

  • #2
    Some studies / blogposts to explain the issues and motivation behind the tool - Local Sheriff:
    1. Airline websites don’t care about your privacy: https://www.freecodecamp.org/news/ho...-6271b3b8474b/
    2. Watching them watching us - How websites are leaking sensitive data to third-parties: https://dev.to/konarkmodi/watching-t...d-parties-1nn3

    Comment

    Working...
    X