Category: Privacy & Security
-
Exfiltrating data from the browser using battery discharge information
Modern batteries are powerful – indeed they are smart, and have a privileged position enabling them to sense device utilization patterns. A recent research paper has identified a potential threat: researchers (from Technion, University of Texas Austin, Hebrew University) devise a scenario where malicious batteries are supplied to user devices (e.g. via compromised supply chains): An…
-
When Terms of Service limit disclosure of affiliate marketing
By Arunesh Mathur, Arvind Narayanan and Marshini Chetty In a recent paper, we analyzed affiliate marketing on YouTube and Pinterest. We found that on both platforms, only about 10% of all content with affiliate links is disclosed to users as required by the FTC’s endorsement guidelines. One way to improve the situation is for affiliate…
-
No boundaries for Facebook data: third-party trackers abuse Facebook Login
by Steven Englehardt [0], Gunes Acar, and Arvind Narayanan So far in the No boundaries series, we’ve uncovered how web trackers exfiltrate identifying information from web pages, browser password managers, and form inputs. Today we report yet another type of surreptitious data collection by third-party scripts that we discovered: the exfiltration of personal identifiers from…
-
When the business model *is* the privacy violation
Sometimes, when we worry about data privacy, we’re worried that data might fall into the wrong hands or be misused for unintended purposes. If I’m considering participating in a medical study, I’d want to know if insurance companies will obtain the data and use it against me. In these scenarios, we should look for ways…
-
Routing Attacks on Internet Services
by Yixin Sun, Annie Edmundson, Henry Birge-Lee, Jennifer Rexford, and Prateek Mittal [In this post, we discuss a recent thread of research that highlights the insecurity of Internet services due to the underlying insecurity of Internet routing. We hope that this thread facilitates important dialog in the networking, security, and Internet policy communities to drive…
-
Is It Time for an Data Sharing Clearinghouse for Internet Researchers?
Today’s Senate hearing with Facebook’s Mark Zuckerberg will start a long discussion on data collection and privacy from Internet companies. Although the spotlight is currently on Facebook, we shouldn’t forget that the picture is broader: companies from device manufacturers to ISPs collect network traffic and use it for a variety of purposes. The uses that…
-
Four cents to deanonymize: Companies reverse hashed email addresses
[This is a joint post by Gunes Acar, Steve Englehardt, and me. I’m happy to announce that Steve has recently joined Mozilla as a privacy engineer while he wraps up his Ph.D. at Princeton. He coauthored this post in his Princeton capacity, and this post doesn’t necessarily represent Mozilla’s views. — Arvind Narayanan.] Your email…
-
Judge Declares Some PACER Fees Illegal but Does Not Go Far Enough
Five years ago, in a post called “Making Excuses for Fees on Electronic Public Records,” I described my attempts to persuade the federal Judiciary to stop charging for access to their web-based system, PACER (“Public Access to Court Electronic Records”). Nearly every search, page view, and PDF download from the system incurs a fee ranging…
-
When The Choice Is To Delete Facebook Or Buy A Loaf Of Bread
By Julieanne Romanosky and Marshini Chetty In the last week, there has been a growing debate around Facebook and privacy. On Twitter, the newly formed #deletefacebook movement calls for users who are upset over the data breach of over 50 million Facebook accounts by Cambridge Analytica to rid themselves of the platform altogether. But like…
-
Is affiliate marketing disclosed to consumers on social media?
By Arunesh Mathur, Arvind Narayanan and Marshini Chetty YouTube has millions of videos similar in spirit to this one: The video reviews Blue Apron—an online grocery service—describing how it is efficient and cheaper than buying groceries at the store. The description of the video has a link to Blue Apron which gets you a $30…