Summary of "How to Hide in Plain Sight: Next-Level Digital Privacy | Ivan Banov at BSidesCache 2025"

Summary of “How to Hide in Plain Sight: Next-Level Digital Privacy | Ivan Banov at BSidesCache 2025”

---

Overview

Ivan Banov’s presentation focuses on practical digital privacy strategies, highlighting how everyday services collect excessive personal data—often unnecessarily—and how users can minimize their digital footprint to “hide in plain sight.” The talk blends a real-world example, privacy policy analysis, and actionable privacy-enhancing techniques.

---

Key Technological Concepts & Analysis

1. Excessive Data Collection by Services

   • Example: Megaplex movie theater requires detailed personal info (name, birthday, phone, zip code, favorite theater) just to book a ticket.
   • Privacy policies are often misleading: they claim not to sell data but share extensively with third parties, including biometric info.
   • Data collected includes IP address, browsing history, device identifiers, location, and biometric data (possibly from fingerprint payments).
   • Small IT teams with limited security expertise often manage large amounts of sensitive data, increasing risk.

2. Privacy as Protection

   • Privacy is defined as freedom from observation or disturbance.
   • Personal data is “currency” used by companies and state actors for profit and control (e.g., targeted advertising, price discrimination).
   • Example: Airlines use AI to dynamically price tickets based on personal circumstances inferred from messages and browsing.
   • Privacy safeguards personal security, narrative control, and freedom from exploitation.

3. Common Data Points Used to Profile Individuals

   • Email addresses, usernames, IP addresses, phone numbers, physical addresses, and device/browser fingerprints.
   • Reuse of identifiers across platforms enables easy profiling.

---

Product Features & Privacy Tools Discussed

1. Browsers

   • Avoid Chrome, Edge, Safari, and Firefox (recently changed terms).
   • Recommended: Brave (privacy-focused Chromium-based), Mullvad, Librewolf, Orion (iOS beta).
   • Benefits: reduce tracking and fingerprinting.

2. Search Engines

   • Avoid Google and Bing due to tracking.
   • Alternatives: DuckDuckGo (scrapes Google/Bing anonymously), Startpage (proxy-based), CRXNG (self-hosted search proxy).

3. Messaging

   • Avoid SMS and Google Messages due to lack of encryption and data scanning.
   • Use secure messaging apps: Signal (recommended), Session, XMPP.

4. Email

   • Avoid Gmail due to scanning and profiling.
   • Use encrypted email providers: ProtonMail, Tutanota.
   • Use email aliasing services like simplelogin.io to create disposable or service-specific email addresses.

5. VPNs

   • VPNs mask IP addresses by mixing traffic with others and encrypting data.
   • Recommended providers: ProtonVPN, Mullvad, NordVPN (expensive), Surfshark.

6. Credit Card Privacy

   • Use privacy.com to create virtual, single-use credit cards that mask real financial info.
   • Add authorized users with fake names (without SSN for limited access) to generate alternate cards.
   • Wallet apps (Apple/Google Pay) generate unique transaction numbers to protect privacy.

7. Phone Numbers

   • Use VoIP providers to get multiple phone numbers cheaply (~$1/month) that can be discarded when spammed.
   • Avoid major telecoms as they sell user data extensively.
   • Use fake addresses (e.g., hotel rooms) when registering phone numbers to obscure real location.

8. Identification & Addresses

   • Avoid sharing IDs unnecessarily; prefer US passport card over driver’s license when possible.
   • Never allow copies or scans of your ID; if required, watermark them with date/service to track leaks.
   • Use fake or temporary addresses (hotels, commercial mail receiving agencies) instead of home address.

9. Operating Systems

   • Consider privacy-focused OSes like GrapheneOS (Android-based), Kix OS, Pop!_OS (Linux).
   • Avoid deep Google or Apple ecosystem integration.

10. Browser Settings - Disable cookies and fingerprinting protections. - Monitor DNS queries and network traffic to detect excessive data leaks (example: 14,000 DNS queries in 50 minutes during cooking).

---

Privacy Practices & Guidelines

• Minimize Data Shared: Only provide essential information; question why data is requested.
• Do Not Reuse Identifiers: Use unique emails, usernames, credit cards, and phone numbers per service.
• Be Informed & Intentional: Opt-in knowingly if you choose to share data; avoid passive data leaks.
• Disinformation as Defense: Use fake data to pollute data profiles (e.g., fake political donations, magazine subscriptions).
• Use Password Managers: Generate unique usernames and passwords; never reuse passwords or usernames.
• Stepwise Adoption: Any privacy step forward is beneficial; no need for immediate perfection.

---

Additional Resources Mentioned

• Electronic Frontier Foundation (EFF)
• Citizen Lab (Canada)
• Intel Techniques (inteltechniques.com)
• Book: Extreme Privacy (5th Edition)
• Privacy villages at security conferences

---

Main Speakers / Sources

• Ivan Banov – Presenter, privacy advocate, and digital security professional.
• References to ChatGPT for privacy philosophy and AI-generated insights.
• Mention of other security community members (e.g., Pope) and privacy tool developers.

---

Summary

Ivan Banov’s talk at BSidesCache 2025 offers a comprehensive guide to understanding and improving digital privacy by exposing how companies collect and misuse personal data, and by recommending practical tools and habits to protect oneself. His approach is pragmatic, emphasizing minimal data sharing, use of privacy-focused technologies, and intentional management of one’s digital identity to avoid profiling and exploitation.

Category

Technology

Share this summary

Share on X/Twitter Share on Facebook Share on LinkedIn Share on Reddit Share on WhatsApp Share on Telegram

Video