Category: Privacy & Security
-
Vulnerability reporting is dysfunctional
By Kevin Lee, Ben Kaiser, Jonathan Mayer, and Arvind Narayanan In January, we released a study showing the ease of SIM swaps at five U.S. prepaid carriers. These attacks—in which an adversary tricks telecoms into moving the victim’s phone number to a new SIM card under the attacker’s control—divert calls and SMS text messages away…
-
The CheapBit of Fitness Trackers Apps
Yan Shvartzshnaider (@ynotez) and Madelyn Sanfilippo (@MrsMRS_PhD) Fitness trackers are “[devices] that you can wear that records your daily physical activity, as well as other information about your health, such as your heart rate” [Oxford Dictionary]. The increasing popularity of wearable devices offered by Apple, Google, Nike inadvertently led cheaper versions to flood the market,…
-
Improving Protections for Children’s Privacy Online
CITP’s Tech Policy Clinic submitted a Comment to the Federal Trade Commission in connection with its review of the COPPA Rule to protect children’s privacy online. Our Comment explains why it is important to update the COPPA Rule to keep it current with new privacy risks, especially as children spend increasing amounts of time online…
-
Every move you make, I’ll be watching you: Privacy implications of the Apple U1 chip and ultra-wideband
By Colleen Josephson and Yan Shvartzshnaider The concerning trend of tracking of user’s location through their mobile phones has very serious privacy implications. For many of us, phones have become an integral part of our daily routine. We don’t leave our homes without and take them everywhere we go. It has become alarmingly easy for services…
-
2020 Workshop on Technology and Consumer Protection
Christo Wilson and I are pleased to announce that the Workshop on Technology and Consumer Protection (ConPro ’20) is returning for a fourth year, co-located with the IEEE Symposium on Security and Privacy in May 2020. As in past years, ConPro seeks a diverse range of technical research with implications for consumer protection. Past talks…
-
Enhancing the Security of Data Breach Notifications and Settlement Notices
[This post was jointly written by Ryan Amos, Mihir Kshirsagar, Ed Felten, and Arvind Narayanan.] We couldn’t help noticing that the recent Yahoo and Equifax data breach settlement notifications look a lot like phishing emails. The notifications make it hard for users to distinguish real settlement notifications from scams. For example, they direct users to…
-
Content Moderation for End-to-End Encrypted Messaging
Thursday evening, the Attorney General, the Acting Homeland Security Secretary, and top law enforcement officials from the U.K. and Australia sent an open letter to Mark Zuckerberg. The letter emphasizes the scourge of child abuse content online, and the officials call on Facebook to press pause on end-to-end encryption for its messaging platforms. The letter…
-
Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices
By Hooman Mohajeri Moghaddam, Gunes Acar, Ben Burgess, Arunesh Mathur, Danny Y. Huang, Nick Feamster, Ed Felten, Prateek Mittal, and Arvind Narayanan By 2020 one third of US households are estimated to “cut the cord”, i.e., discontinue their multichannel TV subscriptions and switch to internet-connected streaming services. Over-the-Top (“OTT”) streaming devices such as Roku and…
-
CITP’s OpenWPM privacy measurement tool moves to Mozilla
As part of my PhD at Princeton’s Center for Information Technology Policy (CITP), I led the development of OpenWPM, a tool for web privacy measurement, with the help of many contributors. My co-authors and I first released OpenWPM in 2014 with the goal of lowering the technical costs of large-scale web privacy measurement. The tool’s…
-
The Trust Architecture of Blockchain: Kevin Werbach at CITP
Rather than removing the need for trust, blockchain offers a new architecture of trust, according to Kevin Werbach, today’s speaker at CITP.
-
Do Mobile News Alerts Undermine Media’s Role in Democracy? Madelyn Sanfilippo at CITP
Why do different people sometimes get different articles about the same event, sometimes from the same news provider? What might that mean for democracy? Speaking at CITP today is Dr. Madelyn Rose Sanfilippo, a postdoctoral research associate here at CITP. Madelyn empirically studies the governance of sociotechnical systems, as well as outcomes, inequality, and consequences…
-
The Third Workshop on Technology and Consumer Protection
Arvind Narayanan and I are pleased to announce that the Workshop on Technology and Consumer Protection (ConPro ’19) will return for a third year! The workshop will once again be co-located with the IEEE Symposium on Security and Privacy, occurring in May 2019. ConPro is a forum for a diverse range of computer science research…