no half measures advertisers must properly adopt https
play

No Half Measures: Advertisers Must (Properly) Adopt HTTPS Greg - PowerPoint PPT Presentation

Jan 05, 2023 •121 likes •217 views

No Half Measures: Advertisers Must (Properly) Adopt HTTPS Greg Norcie Staff Technologist Center for Democracy & Technology Full white paper at https://cdt.org/files/2015/05/ad-https-w3c.pdf (Or search No Half Measures HTTPS on

  1. No Half Measures: Advertisers Must (Properly) Adopt HTTPS Greg Norcie Staff Technologist Center for Democracy & Technology Full white paper at https://cdt.org/files/2015/05/ad-https-w3c.pdf (Or search “No Half Measures HTTPS” on DuckDuckGo)

  2. What is HTTPS? ● HTTPS = HTTP over TLS (originally SSL – but don't use that) ● Confidentiality: no eavesdropping in transit ● Integrity: data not modified in transit ● Authentication: Am I actually talking to my credit union?

  3. HTTPS Protects Us From Mass Surveillance The IETF has stated that “ Pervasive monitoring is an attack ” (RFC7258) W3C TAG states HTTPS is now a “ baseline requirement ” to prevent monitoring Even federal CIO ordered all federal websites must uses HTTPS and HSTS by 12/31/16 [1] https://tools.ietf.org/html/rfc7258 [2] Securing The Web TAG Finding http://www.w3.org/2001/tag/doc/web-https [3] OMB Memo M-5-13 https://www.whitehouse.gov/sites/default/files/omb/memoranda/2015/m-15-13.pdf

  4. Mixed Content is Harmful Mixed Content - mixture of HTTP and HTTPS elements on same page Research by Bonneau showed that web analytic & advertising were a major source of mixed content [1] Mixed content can be sniffed and/or injected No confidentiality, no data integrity Interactive Advertising Bureau (IAB) agreed, noting ~20% of advertisers do not currently support, and called on advertisers to adopt HTTPS [2] [1] http://www.jbonneau.com/doc/KB15-NDSS-hsts_pinning_survey.pdf [2] http://www.iab.net/iablog/2015/03/adopting-encryption-the-need-for-https.html

  5. A Real Example of Improperly Configured HTTPS ● New South Wales, Australia had an electronic voting system ● Site itself used properly configured HTTPS ● 3 rd party Javascript used an outdated version of TLS vulnerable to the FREAK attack ● Theoretically attacker could have modified data in transit (in practice no evidence of attack) [1] https://freedom-to-tinker.com/blog/teaguehalderman/ivote-vulnerability/

  6. HTTPS Best Practices Must Be Used ● Use HTTP Strict Transport Security (HSTS) when possible ○ When enabled with HSTS a site will refuse any connections over plain HTTP ● Support certificate pinning when possible ○ Cert pinning allows you to specify (“ping) which certificate authorities have authority to issue certs ● Support the latest TLS version possible ○ NEVER use SSL ○ attacks exist on several versions of TLS as well

  7. Economic and Regulatory Effects of Failure to Adopt ● Customers will increasingly gravitate to ad providers who support HTTPS ● Data breaches due to failure to implement HTTPS may be seen as an unfair business practice under FTC’s section 5 authority

  8. Conclusions 1. Encrypt all the things. 2. Encrypt the things well. 3. If you don’t encrypt things well, people will spy on you 4. If you don’t encrypt things well, people may fine you. 5. If you don’t encrypt things well, people will find an ad provider who does.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ADOPT-A-SPOT REVITALIZATION INITIATIVE Contractors and Inspectors Kick -Off Presentation

ADOPT-A-SPOT REVITALIZATION INITIATIVE Contractors and Inspectors Kick -Off Presentation

ADOPT-A-SPOT REVITALIZATION INITIATIVE Contractors and Inspectors Kick -Off Presentation April 7, 2017 11:30-1:00pm Lubbock Housing Authority Program Videos NELCDC Adopt-a-Spot Program Video - https://youtu.be/ynOmwoL8b-A

367 views • 15 slides
Neuroanatomy primer Take home goals If you want to know this properly, go to:

Neuroanatomy primer Take home goals If you want to know this properly, go to:

Neuroanatomy primer Take home goals If you want to know this properly, go to: https://www.neurocourses.com/ Familiarity with terms - Parts of brain 3-day human brain anatomy - 13th - 15th November 2017 Cortical structures - Anatomical

626 views • 39 slides
Adopt A Street 1. Starts with adopting a street in prayer 2. Praying for a street prepares the

Adopt A Street 1. Starts with adopting a street in prayer 2. Praying for a street prepares the

ADOPT A STREET PRAYER STRATEGY Adopt A Street is about changing the spiritual climate in your community. Q What would happen if 100% of all the streets in your community were being prayed for daily for the next twelve months? Adopt A

323 views • 3 slides
Two Stage Allocation Problem Melika Abolhassani Hossein Esfandiari Introduction Googles

Two Stage Allocation Problem Melika Abolhassani Hossein Esfandiari Introduction Googles

Two Stage Allocation Problem Melika Abolhassani Hossein Esfandiari Introduction Googles Adwords lets advertisers bid on keywords. Cost-per-click is not known to advertisers at bidding time. Advertisers need some fixed-price

881 views • 16 slides
How to Properly Prepare a Certificate of 09/19/2018 Indepndent Review MPBF) How to Properly

How to Properly Prepare a Certificate of 09/19/2018 Indepndent Review MPBF) How to Properly

How to Properly Prepare a Certificate of 09/19/2018 Indepndent Review MPBF) How to Properly Prepare a Certificate of Independent Review Arthur J. Harris, Esq. Thursday, September 19, 2018 Kavin A. Williams, Esq. 12:00 1:30 p.m. Murphy

135 views • 10 slides
How much do advertisers pay to reach you? Panagiotis Papadopoulos FORTH-ICS, Greece &

How much do advertisers pay to reach you? Panagiotis Papadopoulos FORTH-ICS, Greece &

*phrase originator: Andrew Lewis, a.k.a. blue_beetle If yo If you ar are no not pa paying ng fo for it it, , yo you ar are the the product ct * : : How much do advertisers pay to reach you? Panagiotis Papadopoulos FORTH-ICS, Greece

445 views • 30 slides
Room Project Adopt a Highway Project "Adopt-A-Highway offers Pennsylvania citizens the

Room Project Adopt a Highway Project "Adopt-A-Highway offers Pennsylvania citizens the

Adopt a Room Project Adopt a Highway Project "Adopt-A-Highway offers Pennsylvania citizens the opportunity to show their pride in our beautiful state by caring for the environment. We all know that a more attractive Pennsylvania is

453 views • 6 slides
May 22, 2018 What is Adopt-A-Park? Adopt-A-Park is a Parks Department program that addresses

May 22, 2018 What is Adopt-A-Park? Adopt-A-Park is a Parks Department program that addresses

May 22, 2018 What is Adopt-A-Park? Adopt-A-Park is a Parks Department program that addresses stormwater requirements and is facilitated by Addison Addvocates. MS4 Importance Small Municipal Separate Storm Sewer System (MS4) Stormwater (SW)

469 views • 10 slides
ADOPT -A- HIGHWAY TRAINING SESSION ADOPT-A-HIGHWAY Why do I need training to pick up garbage?

ADOPT -A- HIGHWAY TRAINING SESSION ADOPT-A-HIGHWAY Why do I need training to pick up garbage?

ADOPT -A- HIGHWAY TRAINING SESSION ADOPT-A-HIGHWAY Why do I need training to pick up garbage? There are several answers to that question.. LIABILITY The Ministry of Transportation must provide training to groups working on the

340 views • 31 slides
Second Quarter and First Half 2020 Results Forward looking statements and non-IFRS measures This

Second Quarter and First Half 2020 Results Forward looking statements and non-IFRS measures This

Second Quarter and First Half 2020 Results Forward looking statements and non-IFRS measures This document may contain forward-looking statements that may or may not prove accurate. For example, statements regarding expected revenue growth and

306 views • 29 slides
IMC Presentation Recommendation Adopt Inside Out and Back Again by Thanhha Lai Adopt One

IMC Presentation Recommendation Adopt Inside Out and Back Again by Thanhha Lai Adopt One

7 th Grade Novels IMC Presentation Recommendation Adopt Inside Out and Back Again by Thanhha Lai Adopt One Crazy Summer by Rita Williams Garcia Inside Out and Back Again by Thanhha Lai Inside Out and Back Again- Student Response Inside

577 views • 23 slides
http://cs246.stanford.edu Web advertising We discussed how to match advertisers to

http://cs246.stanford.edu Web advertising We discussed how to match advertisers to

CS246: Mining Massive Datasets Jure Leskovec, Stanford University http://cs246.stanford.edu Web advertising We discussed how to match advertisers to queries in real-time But we did not discuss how to estimate CTR Recommendation

674 views • 45 slides
Fiscal Year 2009 First Half Result and Second Half Plan October 30, 2009 October, 2009 1 1 1

Fiscal Year 2009 First Half Result and Second Half Plan October 30, 2009 October, 2009 1 1 1

Fiscal Year 2009 First Half Result and Second Half Plan October 30, 2009 October, 2009 1 1 1 Financial Result for First half of FY2009 Contents 2 FY2009 Full Year Financial Plan 3 First half Results and Second half Measures 2

348 views • 30 slides
Association of National Advertisers Legal Affairs Committee May 10, 2012 C. Lee Peeler EVP,

Association of National Advertisers Legal Affairs Committee May 10, 2012 C. Lee Peeler EVP,

Association of National Advertisers Legal Affairs Committee May 10, 2012 C. Lee Peeler EVP, National Advertising, CBBB President and CEO, ASRC NARC is now Self-Regulatory Units NAD 1971: Developed in response to consumers concerns

332 views • 15 slides
Is Measurement Holding Back Videos Growth? Uncovering metrics that matter most to advertisers

Is Measurement Holding Back Videos Growth? Uncovering metrics that matter most to advertisers

Is Measurement Holding Back Videos Growth? Uncovering metrics that matter most to advertisers in a converging world of screens October 19, 2015 1 BEHIND EV ERY G REA T M ED IUM IS G REA T M EA SUREM ENT 1944 1999 After launch of the

655 views • 12 slides
http://cs246.stanford.edu Web advertising We discussed how to match advertisers to queries

http://cs246.stanford.edu Web advertising We discussed how to match advertisers to queries

CS246: Mining Massive Datasets Jure Leskovec, Stanford University http://cs246.stanford.edu Web advertising We discussed how to match advertisers to queries in real-time But we did not discuss how to estimate the CTR (Click-Through

882 views • 44 slides
Comparative Political Economy David Soskice Nuffield College Comparative Political Economy (i)

Comparative Political Economy David Soskice Nuffield College Comparative Political Economy (i)

Comparative Political Economy David Soskice Nuffield College Comparative Political Economy (i) Focus on nation states (ii) Complementarities between 3 systems: Variety of Capitalism (Hall & Soskice) Political System (Lijphart) Welfare

337 views • 16 slides
Security of Voting Systems Ronald L. Rivest MIT CSAIL 6.857 Spring 2015 L21 April 27, 2015

Security of Voting Systems Ronald L. Rivest MIT CSAIL 6.857 Spring 2015 L21 April 27, 2015

Security of Voting Systems Ronald L. Rivest MIT CSAIL 6.857 Spring 2015 L21 April 27, 2015 Voting is Easy ??? "What's one and one and one and one and one and one and one and one and one and one?" "I don't

693 views • 51 slides
Section 4.1: Continuing Explorations of Borda Count Section 4.2: Other voting methodologies MATH

Section 4.1: Continuing Explorations of Borda Count Section 4.2: Other voting methodologies MATH

Section 4.1: Continuing Explorations of Borda Count Section 4.2: Other voting methodologies MATH 105: Contemporary Mathematics University of Louisville October 24, 2017 Borda Count Continued 2 / 16 The Borda Count and Mediocrity Let us

510 views • 6 slides
CSC304 Lecture 14 Begin Computational Social Choice: Voting 1: Introduction, Axioms, Rules

CSC304 Lecture 14 Begin Computational Social Choice: Voting 1: Introduction, Axioms, Rules

CSC304 Lecture 14 Begin Computational Social Choice: Voting 1: Introduction, Axioms, Rules CSC304 - Nisarg Shah 1 Social Choice Theory Mathematical theory for aggregating individual preferences into collective decisions CSC304 - Nisarg

438 views • 22 slides
1 Cryptographic Elections: Challenges and Opportunities Alon Rosen IDC Herzliya June 9, 2010

1 Cryptographic Elections: Challenges and Opportunities Alon Rosen IDC Herzliya June 9, 2010

1 Cryptographic Elections: Challenges and Opportunities Alon Rosen IDC Herzliya June 9, 2010 2 Thanks Ben Adida (Harvard University) Yuval Kedem (Gallileo) David Movshovitz (IDC Herzlyia) Shimon Schocken (IDC Herzlyia)

1.83k views • 148 slides
perspective Dr Andrew Nance 07 November 2018 Agenda The Interconnector Proposal The

perspective Dr Andrew Nance 07 November 2018 Agenda The Interconnector Proposal The

RiverLink - The Proposed SA to NSW Interconnector from a consumer perspective Dr Andrew Nance 07 November 2018 Agenda The Interconnector Proposal The Identified Need the problem being solved The Context The Regulatory

533 views • 13 slides
Dementia in Australia A lot has happened! 2004 the Dementia Initiative ($320m over 5 years)

Dementia in Australia A lot has happened! 2004 the Dementia Initiative ($320m over 5 years)

Dementia Care; Turning Rhetoric into Reality Strengthening Dementia Services Glenn Rees AM Chair, ADI Dementia in Australia A lot has happened! 2004 the Dementia Initiative ($320m over 5 years) 2012 Aged Care Reforms ($270m over 5

645 views • 16 slides
2020 ASX Limited Annual General Meeting 30 September 2020 ASX Limited Board Rick

2020 ASX Limited Annual General Meeting 30 September 2020 ASX Limited Board Rick

2020 ASX Limited Annual General Meeting 30 September 2020 ASX Limited Board Rick Holliday-Smith Dominic Stevens Independent, Non-Executive Chairman Managing Director and CEO, Executive Director BA (Hons), FAICD BCom (Hons) Damian Roche

557 views • 35 slides

More recommend