Month: April 2018
-
Ethics Education in Data Science: Classroom Topics and Assignments
[This blog post is a continuation of a recap of a recent workshop on data science ethics education.] The creation of ethics modules that can be inserted into a variety of classes may help ensure that ethics as a subject is not marginalized and enable professors with little experience in philosophy or with fewer resources…
-
Announcing IoT Inspector: Studying Smart Home IoT Device Behavior
By Noah Apthorpe, Danny Y. Huang, Gunes Acar, Frank Li, Arvind Narayanan, Nick Feamster An increasing number of home devices, from thermostats to light bulbs to garage door openers, are now Internet-connected. This “Internet of Things” (IoT) promises reduced energy consumption, more effective health management, and living spaces that react adaptively to users’ lifestyles. Unfortunately,…
-
No boundaries for Facebook data: third-party trackers abuse Facebook Login
by Steven Englehardt [0], Gunes Acar, and Arvind Narayanan So far in the No boundaries series, we’ve uncovered how web trackers exfiltrate identifying information from web pages, browser password managers, and form inputs. Today we report yet another type of surreptitious data collection by third-party scripts that we discovered: the exfiltration of personal identifiers from…
-
Ethics Education in Data Science
Data scientists in academia and industry are increasingly recognizing the importance of integrating ethics into data science curricula. Recently, a group of faculty and students gathered at New York University before the annual FAT* conference to discuss the promises and challenges of teaching data science ethics, and to learn from one another’s experiences in the…
-
When the business model *is* the privacy violation
Sometimes, when we worry about data privacy, we’re worried that data might fall into the wrong hands or be misused for unintended purposes. If I’m considering participating in a medical study, I’d want to know if insurance companies will obtain the data and use it against me. In these scenarios, we should look for ways…
-
Routing Attacks on Internet Services
by Yixin Sun, Annie Edmundson, Henry Birge-Lee, Jennifer Rexford, and Prateek Mittal [In this post, we discuss a recent thread of research that highlights the insecurity of Internet services due to the underlying insecurity of Internet routing. We hope that this thread facilitates important dialog in the networking, security, and Internet policy communities to drive…
-
Is It Time for an Data Sharing Clearinghouse for Internet Researchers?
Today’s Senate hearing with Facebook’s Mark Zuckerberg will start a long discussion on data collection and privacy from Internet companies. Although the spotlight is currently on Facebook, we shouldn’t forget that the picture is broader: companies from device manufacturers to ISPs collect network traffic and use it for a variety of purposes. The uses that…
-
Four cents to deanonymize: Companies reverse hashed email addresses
[This is a joint post by Gunes Acar, Steve Englehardt, and me. I’m happy to announce that Steve has recently joined Mozilla as a privacy engineer while he wraps up his Ph.D. at Princeton. He coauthored this post in his Princeton capacity, and this post doesn’t necessarily represent Mozilla’s views. — Arvind Narayanan.] Your email…
-
Oblivious DNS: Plugging the Internet’s Biggest Privacy Hole
by Annie Edmundson, Paul Schmitt, Nick Feamster The recent news that Cloudflare is deploying their own DNS recursive resolver has once again raised hopes that users will enjoy improved privacy, since they can send DNS traffic encrypted to Cloudflare, rather than to their ISP. In this post, we explain why this approach only moves your private…
-
Judge Declares Some PACER Fees Illegal but Does Not Go Far Enough
Five years ago, in a post called “Making Excuses for Fees on Electronic Public Records,” I described my attempts to persuade the federal Judiciary to stop charging for access to their web-based system, PACER (“Public Access to Court Electronic Records”). Nearly every search, page view, and PDF download from the system incurs a fee ranging…