Year: 2018
-
Against privacy defeatism: why browsers can still stop fingerprinting
In this post I’ll discuss how a landmark piece of privacy research was widely misinterpreted, how this misinterpretation deterred the development of privacy technologies rather than spurring it, how a recent paper set the record straight, and what we can learn from all this. The research in question is about browser fingerprinting. Because of differences…
-
Fast Web-based Attacks to Discover and Control IoT Devices
By Gunes Acar, Danny Y. Huang, Frank Li, Arvind Narayanan, and Nick Feamster Two web-based attacks against IoT devices made the rounds this week. Researchers Craig Young and Brannon Dorsey showed that a well known attack technique called “DNS rebinding” can be used to control your smart thermostat, detect your home address or extract unique…
-
Exfiltrating data from the browser using battery discharge information
Modern batteries are powerful – indeed they are smart, and have a privileged position enabling them to sense device utilization patterns. A recent research paper has identified a potential threat: researchers (from Technion, University of Texas Austin, Hebrew University) devise a scenario where malicious batteries are supplied to user devices (e.g. via compromised supply chains): An…
-
Princeton Dialogues of AI and Ethics: Launching case studies
Summary: We are releasing four case studies on AI and ethics, as part of the Princeton Dialogues on AI and Ethics. The impacts of rapid developments in artificial intelligence (“AI”) on society—both real and not yet realized—raise deep and pressing questions about our philosophical ideals and institutional arrangements. AI is currently applied in a wide…
-
How to constructively review a research paper
Any piece of research can be evaluated on three axes: Correctness/validity — are the claims justified by evidence? Impact/significance — how will the findings affect the research field (and the world)? Novelty/originality — how big a leap are the ideas, especially the methods, compared to what was already known? There are additional considerations such as…
-
When Terms of Service limit disclosure of affiliate marketing
By Arunesh Mathur, Arvind Narayanan and Marshini Chetty In a recent paper, we analyzed affiliate marketing on YouTube and Pinterest. We found that on both platforms, only about 10% of all content with affiliate links is disclosed to users as required by the FTC’s endorsement guidelines. One way to improve the situation is for affiliate…
-
Refining the Concept of a Nutritional Label for Data and Models
By Julia Stoyanovich (Assistant Professor of Computer Science at Drexel University) and Bill Howe (Associate Professor in the Information School at the University of Washington) In August 2016, Julia Stoyanovich and Ellen P. Goodman spoke in this forum about the importance of bringing interpretability to the algorithmic transparency debate. They focused on algorithmic rankers, discussed the harms…
-
Ethics Education in Data Science: Classroom Topics and Assignments
[This blog post is a continuation of a recap of a recent workshop on data science ethics education.] The creation of ethics modules that can be inserted into a variety of classes may help ensure that ethics as a subject is not marginalized and enable professors with little experience in philosophy or with fewer resources…
-
Announcing IoT Inspector: Studying Smart Home IoT Device Behavior
By Noah Apthorpe, Danny Y. Huang, Gunes Acar, Frank Li, Arvind Narayanan, Nick Feamster An increasing number of home devices, from thermostats to light bulbs to garage door openers, are now Internet-connected. This “Internet of Things” (IoT) promises reduced energy consumption, more effective health management, and living spaces that react adaptively to users’ lifestyles. Unfortunately,…
-
No boundaries for Facebook data: third-party trackers abuse Facebook Login
by Steven Englehardt [0], Gunes Acar, and Arvind Narayanan So far in the No boundaries series, we’ve uncovered how web trackers exfiltrate identifying information from web pages, browser password managers, and form inputs. Today we report yet another type of surreptitious data collection by third-party scripts that we discovered: the exfiltration of personal identifiers from…