Do your tech demos share too much?

jeancarl

JeanCarl

Posted on March 30, 2019

Do your tech demos share too much?

Today, our personal privacy is being challenged in so many ways. From having your personal information like your home address, phone number, friendships, and secrets being exposed…there are a lot of little personal details someone can find. And let's not talk about social media and location sharing.

Do you share too much professionally?

I occasionally post tutorials with either screenshots or videos showing how to do things. I have also done hundreds of live demos at meetups and conferences in front of folks who may innocently take photos of things I show. And then there's the informal screenshares with people on a Slack call showing them something on my computer. For the most part, there is no malicious intent...but given enough pieces...someone could use these to cause harm.

Does your screen show too much information? From API Keys, to account numbers, to lists of followers, here are some things I've discovered are visible when I don’t intend to have them be.

Note: while writing this post, I thought including screenshots would complete the picture...but as I proceeded to screenshot these examples, I realized I would be sharing this same exact information that I don't want to share with the internet. I even tried to blur those parts, but some examples had nearly the whole screen blurred. Sorry, we're gonna have to do this text based. I encourage you to open the websites and see for yourself.

Browser history

The browser history is ideally meant to help you refer back to a online resource you’ve been to. The search bar searches your history as you type. If I wanted to open dev.to, you can see some other sites I've been to.

You can clear your browsing history

Tabs

Tabs are like the best invention for the multitasker. Open a page in a tab and you can come back to it. What do your open tabs share about you? Are you a Gmail user? If you have fewer tabs than this, what do the page titles share?

Keep only the primary tabs you are actively using open. Open a new web browser window and start anew.

Email

How many times have you seen someone presenting accidentally open up their email inbox and display names of people they correspond with, with subjects and email previews that might share a little too much? Close the tab and come back to email later.

Github

Oh yeah, I have some code that would be great to show you. Type in github.com and press enter. The Github dashboard, and even the list of your Github repos display private repos. What if your stealth project you’re working on is listed right there?

Bookmarks

The bookmark toolbar is also another handy tool to getting to common destinations quickly. But are these bookmarks sharing internal resources like Project X roadmap? Add non-descriptive folders and place sensitive bookmarks in the folders.

API keys

If you create cloud resources or work with API keys, you’re eventually going to need to copy API keys or certificates. Before I screenshot credential pages, I go into the Developer tools and inspect the element. I modify the API key by completely randomizing it. Then I screenshot it. It looks real, but if you try the key…it doesn't work. The other trick is to rotate or invalidate the key immediately afterwards you've exposed them.

Websites

Websites like Google Maps and Amazon display information about your whereabouts. Open up maps.google.com and it centers the map to where your computer is located. Amazon shares your zip code and products you’ve previously viewed.

Files

If you save or open files on your computer, beware of what things you’re displaying. To open a downloaded file might mean showing your downloads list, exposing what you’ve downloaded in the past. If you upload files, are you exposing files or folders of secret projects you’re working on. On a Mac, you can click Hide to collapse the lists in the left sidebar.

Notifications

How many times have you been watching someone present and see a notification pop up. For example a Slack, email, text message, or calendar reminder? If you screenshare a mobile phone, you might even share an incoming phone call from a new number. On a Mac, you can Option + click the Notification icon in the top right corner.

Paranoid yet? Pull out your tinfoil hats now and gather around. I'm curious at what you've seen, or worse, exposed. Share in the comments...I'm ready for the good stuff!

💖 💪 🙅 🚩
jeancarl
JeanCarl

Posted on March 30, 2019

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

We're Lacework. We care about security.
security We're Lacework. We care about security.

October 21, 2021

Do your tech demos share too much?
security Do your tech demos share too much?

March 30, 2019