Build your own NSA
Andreas Dewes, @sveckert
When thinking about surveillance, everyone worries about government agencies like the NSA and big corporations like Google and Facebook. But actually there are hundreds of companies that have also discovered data collection as a revenue source. Companies which are quite big, with thousands of employees but names you maybe never heard of. They all try to get their hands on your personal data, often with illegal methods. Most of them keep their data to themselves, some exchange it, but a few sell it to anyone who's willing to pay. We decided to do an experiment: Using simple social engineering techniques, we tried to get the most personal you may have in your procession. Your “click-stream data”, every URL you have been visiting while browsing the web. After a couple of weeks and some phone calls we were able to acquire the personal data of millions of German Internet users - from banking, over communication with insurance companies to porn. Including several public figures from politics, media and society. In the talk, we'll explain how we got our hands on this data, what can be found inside and what this could mean for your own privacy and safety now and in the future. * Introduction & background * Who collects data and for which purposes * How we got our hands on a large data sample * What's in it? Detailed analysis of the data set * How does it work? Analysis of the collection methods * Outlook: Can we still save our privacy?