Year: 2017
-
No boundaries for user identities: Web trackers exploit browser login managers
In this second installment of the “No Boundaries” series, we show how a long-known vulnerability in browsers’ built-in password managers is abused by third-party scripts for tracking on more than a thousand sites. by Gunes Acar, Steven Englehardt, and Arvind Narayanan We show how third-party scripts exploit browsers’ built-in login managers (also called password managers)…
-
How have In-Flight Web Page Modification Practices Changed over the Past Ten Years?
When we browse the web, there are many parties and organizations that can see which websites we visit, because they sit on the path between web clients (our computers and mobile devices), and the web servers hosting the sites we request. Most obviously, Internet Service Providers (ISPs) are responsible for transmitting our web traffic, but…
-
Why the FCC should prevent ISPs from micromanaging our lives
Why the FCC should prevent ISPs from micromanaging our lives by Brett Frischmann and Evan Selinger* Network neutrality prevents broadband Internet service providers from micromanaging our lives online. Constraining the networks this way enables and even empowers Internet users to be active and productive human beings rather than passive consumers. Unfortunately, the network neutrality debate…
-
How the Contextual Integrity Framework Helps Explain Children’s Understanding of Privacy and Security Online
This post discusses a new paper that will be presented at the 2018 ACM Conference on Computer Supported Cooperative Work and Social Computing (CSCW). I wrote this paper with co-authors Shalmali Naik, Utkarsha Devkar, Marshini Chetty, Tammy Clegg, and Jessica Vitak. Watching YouTube during breakfast. Playing Animal Jam after school. Asking Google about snakes. Checking…
-
AI and Policy Event in DC, December 8
Princeton’s Center for Information Technology Policy (CITP) recently launched an initiative on Artificial Intelligence, Machine Learning, and Public Policy. On Friday, December 8, 2017, we’ll be in Washington DC talking about AI and policy. The event is at the National Press Club, at 12:15-2:15pm on Friday, December 8. Lunch will be provided for those who…
-
No boundaries: Exfiltration of personal data by session-replay scripts
This is the first post in our “No Boundaries” series, in which we reveal how third-party scripts on websites have been extracting personal information in increasingly intrusive ways. [0] by Steven Englehardt, Gunes Acar, and Arvind Narayanan Update: we’ve released our data — the list of sites with session-replay scripts, and the sites where we’ve…
-
HOWTO: Protect your small organization against electronic adversaries
October is “cyber security awareness month“. Among other notable announcements, Google just rolled out “advanced protection” — free for any Google account. So, in the spirit of offering pragmatic advice to real users, I wrote a short document that’s meant not for the usual Tinker audience but rather for the sort of person running a…
-
The Second Workshop on Technology and Consumer Protection
Arvind Narayanan and I are excited to announce that the Workshop on Technology and Consumer Protection (ConPro ’18) will return in May 2018, once again co-located with the IEEE Symposium on Security and Privacy. The first ConPro brought together researchers from a wide range of disciplines, united by a shared goal of promoting consumer welfare…
-
AI Mental Health Care Risks, Benefits, and Oversight: Adam Miner at Princeton
How does AI apply to mental health, and why should we care? Today the Princeton Center for IT Policy hosted a talk by Adam Miner, ann AI psychologist, whose research addresses policy issues in the use, design, and regulation of conversational AI in health. Dr. Miner is an instructor in Stanford’s Department of Psychiatry and…
-
Avoid an Equifax-like breach? Help us understand how system administrators patch machines
The recent Equifax breach that leaked around 140 million Americans’ personal information was boiled down to a system patch that was never applied, even after the company was alerted to the vulnerability in March 2017. Our work studying how users manage software updates on desktops and mobile tells a story that keeping machines patched is…