Tag: Privacy
-
No boundaries for credentials: New password leaks to Mixpanel and Session Replay Companies
In this installment of the “No Boundaries” series we show how wholesale collection of user interactions by third-party analytics and session replay scripts cause inadvertent collection of passwords. By Steve Englehardt, Gunes Acar and Arvind Narayanan Following the recent report that Mixpanel, a popular analytics provider, had been inadvertently collecting passwords that users typed into…
-
How Tech is Failing Victims of Intimate Partner Violence: Thomas Ristenpart at CITP
What technology risks are faced by people who experience intimate partner violence? How is the security community failing them, and what questions might we need to ask to make progress on social and technical interventions? Speaking Tuesday at CITP was Thomas Ristenpart (@TomRistenpart), an associate professor at Cornell Tech and a member of the Department…
-
(Mis)conceptions About the Impact of Surveillance
Does surveillance impact behavior? Or is its effect, if real, only temporary or trivial? Government surveillance is back in the news thanks to the so-called “Nunes memo”, making this is a perfect time to examine new research on the impact of surveillance. This includes my own recent work, as my doctoral research at the Oxford Internet Institute,…
-
Website operators are in the dark about privacy violations by third-party scripts
by Steven Englehardt, Gunes Acar, and Arvind Narayanan. Recently we revealed that “session replay” scripts on websites record everything you do, like someone looking over your shoulder, and send it to third-party servers. This en-masse data exfiltration inevitably scoops up sensitive, personal information — in real time, as you type it. We released the data…
-
No boundaries for user identities: Web trackers exploit browser login managers
In this second installment of the “No Boundaries” series, we show how a long-known vulnerability in browsers’ built-in password managers is abused by third-party scripts for tracking on more than a thousand sites. by Gunes Acar, Steven Englehardt, and Arvind Narayanan We show how third-party scripts exploit browsers’ built-in login managers (also called password managers)…
-
No boundaries: Exfiltration of personal data by session-replay scripts
This is the first post in our “No Boundaries” series, in which we reveal how third-party scripts on websites have been extracting personal information in increasingly intrusive ways. [0] by Steven Englehardt, Gunes Acar, and Arvind Narayanan Update: we’ve released our data — the list of sites with session-replay scripts, and the sites where we’ve…
-
Getting serious about research ethics: Security and Internet Measurement
[This blog post is a continuation of our series about research ethics in computer science that we started last week] Research projects in the information security and Internet measurement sub-disciplines typically interact with third-party systems or devices to collect a large amounts of data. Scholars engaging in these fields are interested to collect data about…
-
Help us improve the usability of Tor and onion services!
Update 2017-09-11: We have collected several hundred responses, so we are now closing the survey to begin data analysis. Thanks for your help! We are looking for volunteers for a study to improve the usability of Tor and onion services, but first some background: The Tor network is primarily known for client anonymity, that is, users…
-
When the cookie meets the blockchain
Cryptocurrencies are portrayed as a more anonymous and less traceable method of payment than credit cards. So if you shop online and pay with Bitcoin or another cryptocurrency, how much privacy do you have? In a new paper, we show just how little. Websites including shopping sites typically have dozens of third-party trackers per site.…
-
Web Census Notebook: A new tool for studying web privacy
As part of the Web Transparency and Accountability Project, we’ve been visiting the web’s top 1 million sites every month using our open-source privacy measurement tool OpenWPM. This has led to numerous worrying findings such as the systematic abuse of newly introduced web features for fingerprinting, leading to better privacy tools and occasionally strong responses…