Friday, April 20, 2018 at 11:30 AM in 373 Soda Hall
Title: Measurements, predictions, and the puzzle of machine learning: what data from 10 million hosts can teach us about security
Abstract: Online tracking is increasingly invasive. Gone are the days where a user can reset their online profile by clearing their browser's cookies. Instead, users face persistent, cross-device tracking which blends their offline activity with their online behavior. In this talk, I'll explore the ways web trackers surreptitiously collect sensitive user information from around the web and in emails. First, I'll show how web trackers embedded in email content collect user email addresses. Second, I'll explore the ways in which trackers collect identifying information on the web by abusing their first-party page access to leverage long-known browser vulnerabilities to grab user identifiers. Lastly, I’ll present our findings on session replay scripts, which cause sensitive information such as medical conditions, credit card details, and student data to leak to third-party analytics companies.
Bio: Steven Englehardt is a computer science PhD candidate at Princeton University and a Privacy Engineer at Mozilla. He researches web privacy and security, with a focus on online tracking measurement. Steven has authored several prominent papers on device tracking, browser fingerprinting, and sensitive data leakage. Steven is the primary maintainer of OpenWPM, an open web privacy measurement platform.