This user has not filled out their profile!
David Campbell Aldo Cortesi Ashkan Soltani Pascal Van Hecke
Special thanks to
Nick Rabinowitz (visualizations) Travis Pinnick (artwork)
End users have very little control over their privacy and security online. Several browser plugins are available to help remedy this situation, but unfortunately few to none of these are available on non-jailbroken mobile devices.
We spent the weekend integrating capabilities that represent "the best of the hackathon" in an infrastructure that supports desktop browsers, tablets, mobiles, etc. We can detect and block privacy and security issues in mobile browsers OR apps.
For mobile / desktop / any users, we can provide the following privacy enhancing features via an intercepting proxy in the cloud:
- Collusion: allows you to see all the third parties that are tracking your movements across the Web.
- Do Not Track: signals a user's opt-out preference with an HTTP header.
- Certificate Pinning: the global PKI is a mess, and SSL is only as strong as the weakest link. by "pinning" the certificate for sites you trust to specific fingerprints, we can provide defense against rogue CA certificate attacks.
- AdBlocking: basically, AdBlock for mobile :)
- Analysis and Visualizations: we can visualize a variety of interesting aspects of your data usage. For example, what percentage of your data usage is advertisements? What percentage is updates? Now that "unlimited" data plans aren't, having this type of info is important
What is significant?
Our project represents a huge step forward for MOBILE privacy. Alot of the features we implemented are already available for desktop or jailbroken mobile, but ours is the first implementation for stock non jailbroken mobile.
All mobile users.
What is our sustainability model?
We all have day jobs, so we'll need help to push this forward.
What license is this available under?
Many components for the solution are available at github under an MIT license. The prototype is operated as a service, which allows it to work on mobile devices (from the cloud). We plan to open up a public beta once we fix all the bugs and gaping security holes caused by hackathon timelines.
URL to running code or relevant pages
components are here:
Note that this will work for desktop users simply by downloading it, running it, and setting your browser to use proxy http://localhost:31337
Mobile users need to run the service somewhere that is accessible in the cloud on a public IP or over VPN. We have a self service VPN solution that we've provided screenshots for, but isn't ready for public beta yet.
Screenshots of everything we have working now are at http://www.flickr.com/photos/ashk4n/sets/72157629823292521/
Ashkan Soltani (firstname.lastname@example.org)
python, ruby, perl, scrapers, network analysis, reverse engineering, privacy