{"id":224,"date":"2024-08-02T13:36:56","date_gmt":"2024-08-02T13:36:56","guid":{"rendered":"https:\/\/absolutelynothing.io\/?p=224"},"modified":"2024-08-21T12:13:55","modified_gmt":"2024-08-21T12:13:55","slug":"a-review-of-bsidespgh","status":"publish","type":"post","link":"https:\/\/absolutelynothing.io\/?p=224","title":{"rendered":"A Review of BSidesPGH"},"content":{"rendered":"\n

Recently I gave a talk at BSidesPGH, a cyber security conference in Pittsburgh. I wish I could send you the full recording, but unfortunately a big hunk of the talk was missed and now the replay isn\u2019t even online \ud83e\udd72. So I\u2019ll do the best I can to summarize it up in a blog post here. Here\u2019s a nice picture of me on stage though. \ud83e\udd37\u200d\u2642\ufe0f<\/p>\n\n\n\n

\"Kyle<\/figure>\n\n\n\n

First I told people about myself, a little bit about my education and work history and then also shared that recently I\u2019ve been doing a lot of biking. If you want to see my professional history, feel free to connect with me on LinkedIn<\/a>. Second I introduced how I got interested in the cyber security and privacy space. For me, it started by learning about big nation-state attacks, but then I also started hearing about massive data-leak style hacks. So while I showed up hearing names like \u201cFancy Bear\u201d, \u201cCozy Bear\u201d, \u201cLazarus\u201d, and \u201cDarkside\u201d (all various hacking groups that are likely affiliated with nations like Russia and China) I ended up staying because I was hearing other names like Vizio, Strava, and VTech. All of which had some big privacy problems in previous years\u2026<\/p>\n\n\n\n

I then took a moment or two to talk about \u201cdata brokers\u201d – the behind-the-scene businesses who buy and sell your data. If you Google \u201cdata brokers\u201d you\u2019ll find a bunch of names you\u2019ve probably never heard of, yet chances are they probably have some piece of your digital footprint within their databases. If you want a nice tidy (and very incomplete) list, you can check out one thats been curated by privacyrights.org<\/a>.<\/p>\n\n\n\n

We all have examples of \u201ccreepy\u201d anecdotes that we\u2019ve heard of – for my household, it\u2019s 30 year olds getting ads for erectile disfunction or egg freezing (depending on their sex). You may have also heard about people who had experienced miscarriages receiving baby formula in the mail<\/a>, an attempt to get them hooked on a certain brand at the right time. And then of course, there are the instances where an item we viewed on one website seems to be following us to anther website (this happened to me yesterday for a product that helps you disconnect). These are all examples of ads targeted<\/em> at some part of our digital footprint. For the examples above it was age (x2), pregnancy status, and browsing history.<\/p>\n\n\n\n

Surveying all I\u2019ve seen above I got angry so I decided someone should do something about this. Unfortunately, we are waging an uphill battle. The best we can do to stay educated and stay away from bad products & services is to read the privacy policies of the companies we transact with. Yet reading all the policies you encounter in a year will take 76 business days<\/a>! Even if you just pick the 20 most visited sites in the US you\u2019d be signing up for 9 hours of legalese<\/a>. I decided there had to be a better way\u2026<\/p>\n\n\n\n

Amongst the bad news, I did find some good news! The GDPR, a law concerning consumer privacy and rights, has some pretty good measures in it, but that\u2019s in Europe and not here in the United States. However, there is the American Privacy Rights Act which is showing good promise, though let\u2019s be honest, it probably won\u2019t pass before the next election so make sure you vote for candidates who value consumers over business and privacy over commercialism<\/em>. Additionally, there have<\/em> been cases where class action suits have been able to get payouts to digital citizens, even if it\u2019s AFTER a breach.<\/p>\n\n\n\n

At this point, I realized a few things.<\/p>\n\n\n\n

    \n
  1. There\u2019s some icky stuff in the market, spelled out in the privacy policy or terms of service, but no one is actually reading them.<\/li>\n\n\n\n
  2. There\u2019s also been payouts for times when companies have violated their own privacy policies.<\/li>\n<\/ol>\n\n\n\n

    Shouldn\u2019t there be one spot where you can audit what\u2019s in policies AND make sure you get what\u2019s yours when companies don\u2019t do things the right way? That\u2019s where we come in: we are AbsolutelyNothing.io<\/a> and we want to help you reclaim that digital footprin<\/em>t.<\/p>\n\n\n\n

    Today, we are finding, analyzing, and collecting these policies so we can begin to build a database. As we do that we\u2019re going to create a variety of products in different stages. The stages are as follows\u2026<\/p>\n\n\n\n

    Step 1: Awareness (You are here)<\/h2>\n\n\n\n

    Before you can solve a problem people need to be aware of it. That\u2019s what this blog is about. We\u2019re writing about problems in the space and even writing specifically about some policies. This portion of the business is free to consumers.<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    Step 2: Exploration (August 2024+)<\/h2>\n\n\n\n

    Blog? Check! A more fun product for you? We\u2019re working on it! Pretty soon we\u2019ll have a product that will allow you to visualize<\/em> all of the data we\u2019re collecting on privacy policies. This product will require you to sign in, and will either be super cheap OR we\u2019ll show you contextual (not targeted) advertisements. It will look like the periodic table of elements from your high school chemistry class, but will actually contain the digital data elements of your footprint. <\/em>For those who don\u2019t get a paid subscription, digital citizens on our site can expect to see other privacy related products like password managers, VPNs, or online monitoring tools. Since these ads will be contextual<\/em> and not targeted<\/em> you WILL NOT see that weird random product on Amazon following you to the site trying to get you to put it in your cart, just ads that are for other privacy-minded products.<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    Step 3: Advocacy (January 2025+)<\/h2>\n\n\n\n

    Once we have a large enough group of people exploring policies we\u2019re going to let you know when someone has broken their own policy and alert you if you can be entitled to a class action payout! This product will cost a few dollars a month, but we believe that the payouts you will receive will be even greater than that!<\/p>\n\n\n\n

    Step 4: Agency (2026+)<\/h2>\n\n\n\n

    If you want to trust us (and we think you should) we will be your agent on the web. We\u2019ll automatically opt-out of cookies (much to our Chief Barking Officer\u2019s dismay<\/a>). We\u2019ll alert you when you\u2019re about to sign up for a service with a horrible<\/em> privacy policy. We\u2019ll fast track you on payouts from class-actions, and if there are parts of your digital footprint you are willing to sell we will help you get the highest price for it. The true mark of ownership over property is the ability to sell it and we want to make sure that you are the one selling your own footprints. This pricing will be the same as the \u201cAdvocacy\u201d step, anyone who\u2019s already on the journey with us will see this like a feature update, not a separate line of business.<\/p>\n\n\n\n

    So that\u2019s where we are going. Are you in for the ride? If so, we\u2019d love if you contributed even $1\/month via Buy Me A Coffee<\/a>. We are small and scrappy so even that $1 goes directly towards covering our costs. Plus, it shows that there\u2019s interest in what we are doing.<\/p>\n\n\n\n

    In the meantime we\u2019re going to pursue grants in the public and private sector to see if we can get some extra propulsion! Hang on tight. \ud83d\ude80<\/p>\n","protected":false},"excerpt":{"rendered":"

    Recently I gave a talk at BSidesPGH, a cyber security conference in Pittsburgh. I wish I could send you the full recording, but unfortunately a big hunk of the talk was missed and now the replay isn\u2019t even online \ud83e\udd72. So I\u2019ll do the best I can to summarize it up in a blog post […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[25],"class_list":["post-224","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-2024-08"],"_links":{"self":[{"href":"https:\/\/absolutelynothing.io\/index.php?rest_route=\/wp\/v2\/posts\/224","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/absolutelynothing.io\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/absolutelynothing.io\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/absolutelynothing.io\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/absolutelynothing.io\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=224"}],"version-history":[{"count":1,"href":"https:\/\/absolutelynothing.io\/index.php?rest_route=\/wp\/v2\/posts\/224\/revisions"}],"predecessor-version":[{"id":229,"href":"https:\/\/absolutelynothing.io\/index.php?rest_route=\/wp\/v2\/posts\/224\/revisions\/229"}],"wp:attachment":[{"href":"https:\/\/absolutelynothing.io\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=224"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/absolutelynothing.io\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=224"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/absolutelynothing.io\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=224"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}