Solitude: A Privacy Analysis Tool
2020-12-28, 22:30–23:10, r3s - Monheim/Rhein
Language: English

Solitude is an open source privacy analysis tool that enables anyone to conduct their own privacy investigations. Whether a curious novice or a more advanced researcher, Solitude makes the process of evaluating an app’s privacy accessible for everyone.


Oftentimes the only way for the end user to figure out where their private data goes once they enter it into a web application or mobile device is through the apps privacy policy. Privacy policies not only have a notorious history of being difficult to understand but don’t always tell the truth about an application’s data collection practices. Solitude was built to make proxying your web and mobile traffic easier and make the process of conducting privacy investigations of your favorite apps more streamlined and straight forward. Solitude can be configured to look for any data that you input in a mobile or web application and reveal where that data is going. The application inspects all outbound HTTP traffic, looks for various hashes of your data and recursively decodes common encoding schemes (base64,URL). This talk will discuss how Solitude is built, how to use it and give some real world examples of privacy violations discovered in the wild using Solitude. The real world examples will cover different approaches for finding different classes of privacy issues and how to use Solitude to accomplish this.


subtitle

Where does your private data go once it leaves your browser or mobile phone?

I am a senior security consultant at NCC Group. My main focus has been on mobile privacy and security.