Category: Privacy & Security
-
How Data Science and Open Science are Transforming Research Ethics: Edward Freeland at CITP
How are data science and open science movement transforming how researchers manage research ethics? And how are these changes influencing public trust in social research? I’m here at the Center for IT Policy to hear a talk by Edward P. Freeland. Edward is the associate director of the Princeton University Survey Research Center and a…
-
Workshop on Technical Applications of Contextual Integrity
The theory of contextual integrity (CI) has inspired work across the legal, privacy, computer science and HCI research communities. Recognizing common interests and common challenges, the time seemed ripe for a meeting to discuss what we have learned from the projects using CI and how to move forward to leverage CI for enhancing privacy preserving…
-
Website operators are in the dark about privacy violations by third-party scripts
by Steven Englehardt, Gunes Acar, and Arvind Narayanan. Recently we revealed that “session replay” scripts on websites record everything you do, like someone looking over your shoulder, and send it to third-party servers. This en-masse data exfiltration inevitably scoops up sensitive, personal information — in real time, as you type it. We released the data…
-
No boundaries for user identities: Web trackers exploit browser login managers
In this second installment of the “No Boundaries” series, we show how a long-known vulnerability in browsers’ built-in password managers is abused by third-party scripts for tracking on more than a thousand sites. by Gunes Acar, Steven Englehardt, and Arvind Narayanan We show how third-party scripts exploit browsers’ built-in login managers (also called password managers)…
-
How the Contextual Integrity Framework Helps Explain Children’s Understanding of Privacy and Security Online
This post discusses a new paper that will be presented at the 2018 ACM Conference on Computer Supported Cooperative Work and Social Computing (CSCW). I wrote this paper with co-authors Shalmali Naik, Utkarsha Devkar, Marshini Chetty, Tammy Clegg, and Jessica Vitak. Watching YouTube during breakfast. Playing Animal Jam after school. Asking Google about snakes. Checking…
-
No boundaries: Exfiltration of personal data by session-replay scripts
This is the first post in our “No Boundaries” series, in which we reveal how third-party scripts on websites have been extracting personal information in increasingly intrusive ways. [0] by Steven Englehardt, Gunes Acar, and Arvind Narayanan Update: we’ve released our data — the list of sites with session-replay scripts, and the sites where we’ve…
-
HOWTO: Protect your small organization against electronic adversaries
October is “cyber security awareness month“. Among other notable announcements, Google just rolled out “advanced protection” — free for any Google account. So, in the spirit of offering pragmatic advice to real users, I wrote a short document that’s meant not for the usual Tinker audience but rather for the sort of person running a…
-
The Second Workshop on Technology and Consumer Protection
Arvind Narayanan and I are excited to announce that the Workshop on Technology and Consumer Protection (ConPro ’18) will return in May 2018, once again co-located with the IEEE Symposium on Security and Privacy. The first ConPro brought together researchers from a wide range of disciplines, united by a shared goal of promoting consumer welfare…
-
Avoid an Equifax-like breach? Help us understand how system administrators patch machines
The recent Equifax breach that leaked around 140 million Americans’ personal information was boiled down to a system patch that was never applied, even after the company was alerted to the vulnerability in March 2017. Our work studying how users manage software updates on desktops and mobile tells a story that keeping machines patched is…
-
I never signed up for this! Privacy implications of email tracking
In this post I discuss a new paper that will appear at PETS 2018, authored by myself, Jeffrey Han, and Arvind Narayanan. What happens when you open an email and allow it to display embedded images and pixels? You may expect the sender to learn that you’ve read the email, and which device you used…