Security and Privacy being an important part of our online lives, all the netizens should know how to handle it and keep the web healthy.

A new event format can be planned to facilitate the importance of Privacy and security over the internet. The Nasik Mozilla community have tested this format at various events and the results were quite inspiring. Following is a report of the same.

img_0022

Agenda:

  • Hack the web using Webmking tool X-ray goggles.
  • Follow The Privacy and Security Teaching Kit.
  • about:permissions
  • about:privatebrowsing
  • about:config - overview
  • http vs https
  • Understanding Cookies
  • Lightbeam addon Handons.

 

 

The Workshop:

We started with a brief introduction to Mozilla, the mozilla mission and how it merges with importance of privacy and security of the online users.

 

   * Hack the web using Webmking tool X-ray goggles:

X-ray goggles serve the basic purpose of understanding the web's basic building blocks. Even a non-technical person feels at home and understands the web if he/she tries to remix a website using x-ray goggles (X-ray being the most popular tool for remixing, we decided to go with them).

"If we understand and know, what something is made of, we have a better control over it." was the basic principal we followed at the start of the workshop. Making the audience aware of the Html, Css and JS used to build that something on the web using X-ray remixing.

Consider an example: Your friend throws two planes at you, one made of paper and other of steel. Which one would you trust (considering you have option of dodging only one).

 

Its the paper plane you will trust, because you know it will not hurt you compared to the unknown steel plane which may have anything disastrous inside its structure. The same thing applies to the web. Understanding it, not being afraid of it and using it for the betterment and openness of the web is the thing we wanted to teach though this exercise.

 

Useful links:

https://support.mozilla.org/en-US/kb/x-ray-goggles

https://support.mozilla.org/en-US/products/webmaker/x-ray-goggles

 

* about:permissions

It is very important for all the users of the web to understand the basics behind the "about:permissions" facility provided in Mozilla Firefox.

This is the Permissions Manager, using which you can give certain websites the ability to store passwords, set cookies and more.

To view, change the preferences regarding permissions in the Firefox browser, type 'about:permissions' into the Location Bar (address bar) and press Enter.

Understand the about:permissions.

Useful links:

https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-passwords

https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer

https://support.mozilla.org/en-US/kb/pop-blocker-settings-exceptions-troubleshooting

   

   * about:privatebrowsing :

Private Browsing - Browse the web without saving information about the sites you visit. Many a times you need the browser not to store the information(history) of sites you visit or the text entered, password and other choices made on the web. Private Browsing allows you to browse the Internet without saving any information about which sites and pages you’ve visited.

To start private browsing mode in the Firefox browser, type 'about:privatebrowsing' into the Location Bar (address bar) and press Enter.

 

Useful links:

https://support.mozilla.org/en-US/kb/private-browsing-browse-web-without-saving-info? redirectlocale=en-US&redirectslug=Private+Browsing

http://www.wikihow.com/Do-Private-Browsing-in-Mozilla-Firefox

 

* about:config - overview :

To control the browser you use while using the web is the most basic right one deserves over the open web. "about:config" gives user the complete freedom and opportunity to control his/her's presence over the internet. Mozilla Firefox is highly customizable, and there are a number of ways to change its appearance and behaviour.

To modify a preference in the Firefox browser, type 'about:config' into the Location Bar (address bar) and press Enter.

Useful Links:

http://kb.mozillazine.org/About:config

http://kb.mozillazine.org/Firefox_:_FAQs_:_About:config_Entries

http://mozilla.gunnars.net/mozilla_howto_aboutconfig.html

 

* http vs https :

"You wouldn't write your username and passwords on a postcard and mail it for the world to
see, so why are you doing it online? Every time you log in to any service that uses a
plain HTTP connection that's essentially what you're doing.
" says Scott Gilbertson in his blog HTTPS is more secure, so why isn’t the Web using it?

There is a better way, the secure version of HTTP—HTTPS. That extra "S" in the URL means your connection is secure and it's much harder for anyone else to see what you're doing.

Hyper Text Transfer Protocol Secure (HTTPS) is a secure version of the Hyper Text Transfer Protocol (http). HTTPS allows secure eCommerce transactions, such as online banking. 

Why do we need this extra 'S'?

The Web presents a unique set of trust issues, which businesses must address at the outset to minimize risk. Consumers submit information and purchase goods or services via the Internet only when they are confident that their personal information, such as credit card numbers and financial data, is secure. The solution for businesses reliant upon e-commerce is to implement a complete e-commerce trust infrastructure based on encryption technology.

Useful links:

http://arstechnica.com/business/2011/03/https-is-more-secure-so-why-isnt-the-web-using-it

http://www.instantssl.com/ssl-certificate-products/https.html

http://www.wisegeek.org/what-is-the-difference-between-http-and-https.htm

 

* Understanding Cookies :

    "Cookie" is a type of message that is given to a Web browser by a Web server. The main purpose of a cookie is to identify users and possibly prepare customized Web pages or to save site login information for you. 

Can Cookies be malicious? Yes, Cookies normally do not compromise security, but there is a growing trend of malicious cookies. These types of cookies can be used to store and track your activity online.

Cookies that watch your online activity are called malicious or tracking cookies. These are the bad cookies to watch for, because they track you and your surfing habits, over time, to build a profile of your interests. Once that profile contains enough information there is a good chance that your information can be sold to an advertising company who then uses this profile information to target you with interest specific adverts. more..

Useful links:

https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer

https://blog.mozilla.org/theden/2012/05/02/what-are-internet-cookies

http://www.cookiecentral.com/faq.htm

 

   * Lightbeam Addon:

It is important that everyone should have the tools to make their own decisions about their online privacy and who collects data on them. With the Lightbeam add-on and database server, Mozilla is providing a valuable (and open) community research platform that aims to – Raise awareness – Promote analysis – Affect policy change in the areas of tracking and privacy. Lightbeam is one step in a larger, concerted effort by Mozilla and its partners to provide

Web users with greater control and transparency of their personal data. - from about Lightbeam.

lightbeam_logo-wordmark_500x156

"One of the most invisible things about the Internet is that there are hordes of robots constantly scrutinizing your aggregate online behavior and determining whether you fit a certain profile." says Atul Verma in his argument about Does Privacy Matter?

He further adds: "These robots don’t have to be working for the government, either. They could be working  for, say, your health insurance company, looking for prior conditions that you might be hiding from them. The robots might even ostensibly work for “the people” in the name of transparency and openness."

Lightbeam download: http://www.mozilla.org/en-US/lightbeam

 

   * Conclusion:

This event format is contemporary, essential and practical. Discussing Privacy & Security with peers, students, teachers and netizens is the need of the day. Shielding our online lives from undesired surveillance is what the world is fighting for now. Understanding and getting to know about this is the 1st step towards securing the HEALTH of the web.

   

Event Photo stream: http://www.flickr.com/photos/ankitgadgil/sets/72157640763860995

Event Reps page: https://reps.mozilla.org/e/privacy-and-secuirty-workshop-cmcs

Blogs :

http://ankitgadgil.blogspot.in/2014/01/security-and-privacy-being-important.html

http://ankitgadgil.blogspot.in/2014/02/privacy-and-security-workshop.html

Useful Slides:

http://www.slideshare.net/ankitgadgil/privacy-and-security-mozilla-firefox-30239914

http://www.slideshare.net/umeshagarwal92102/lightbeam-30635161?from_search=1


Mozillians from Nasik Community: 
Mayur Patil, Vishal Chavan, Khushal Kariya, Dhanashree Chaudhary, Ronit Jadhav and Ankit Gadgil

References:

http://www.toolness.com/wp/2014/01/does-privacy-matter/

https://laura.makes.org/thimble/protect-your-privacy

https://laura.makes.org/thimble/privacy-introductions-and-setup

If you would like to host a Privacy and security workshop/session/talk and need any help get in touch with Reps and Mozillians from Mozilla India. Happy to help :)