jonathanmayer - Slashdot User

Submission + - Verizon Injects Unique IDs into HTTP Traffic

Submitted by Anonymous Coward on Friday October 24, 2014 @04:24PM

An anonymous reader writes: Verizon Wireless, the nation's largest wireless carrier, is now also a real-time data broker. According to a security researcher at Stanford, Big Red has been adding a unique identifier to web traffic. The purpose of the identifier is advertisement targeting, which is bad enough. But the design of the system also functions as a 'supercookie' for any website that a subscriber visits.

Submission + - Stanford Promises Not to Use Google Money for Privacy Research (propublica.org)

Submitted by Anonymous Coward on Tuesday September 23, 2014 @03:07PM

An anonymous reader writes: Stanford University has pledged not to use money from Google to fund privacy research at its Center for Internet and Society — a move that critics claim poses a threat to academic freedom.

The center has long been generously funded by Google but its privacy research has proved damaging to the search giant as of late. Just two years ago, a researcher at the center helped uncover Google privacy violations that led to the company paying a record $22.5 million fine. In 2011-2012, the center's privacy director helped lead a project to create a "Do Not Track" standard. The effort, not supported by Google, would have made it harder for advertisers to track what people do online, and likely would have cut into Google's ad revenue.

Both Stanford and Google say the change in funding was unrelated to the previous research.

Submission + - Privacy Vulnerabilities in Coursera, Including Student Email Addresses

Submitted by Anonymous Coward on Thursday September 04, 2014 @02:57PM

An anonymous reader writes: Coursera, the online education platform with over 9 million students, appears to have some serious privacy shortcomings. According to one of Stanford's instructors, 'any teacher can dump the entire user database, including over nine million names and email addresses.' Also, 'if you are logged into your Coursera account, any website that you visit can list your course enrollments.' The attack even has a working proof of concept. A week after the problems were reported, Coursera still hasn't fixed them.

Comment Re:Stanford Researcher - Glad to Answer Questions (Score 0) 96

by jonathanmayer on Thursday November 14, 2013 @12:06AM (#45419839) Attached to: Stanford's MetaPhone Project: Crowdsourcing Metadata To Challenge the NSA

Does it work if you use Google Voice over VoIP instead of the stock dialer and "voice minutes?"

We only collect phone and text metadata from the Android telephony APIs. Other messaging and voice platforms are not included.

Comment Re:Stanford Researcher - Glad to Answer Questions (Score 1, Informative) 96

by jonathanmayer on Wednesday November 13, 2013 @11:20PM (#45419595) Attached to: Stanford's MetaPhone Project: Crowdsourcing Metadata To Challenge the NSA

Your app requires a Facebook account. Please change that. Nearly everyone that has an android phone also has a Google account. Please make that an option.

We're using Facebook for structured social network data, not single sign-on like the Google/Facebook/Twitter/OpenID/etc. options offered by some websites and apps.

Comment Re:Stanford Researcher - Glad to Answer Questions (Score 0) 96

by jonathanmayer on Wednesday November 13, 2013 @11:10PM (#45419541) Attached to: Stanford's MetaPhone Project: Crowdsourcing Metadata To Challenge the NSA

at&t web log?

make an export tool for those operators that have web interfaces (for bill checking purposes) to the metadata logs?

We certainly considered this. We wanted to make participation as straightforward as possible, so we stuck to user-friendly and well-known software APIs.

Comment Re:Stanford Researcher - Glad to Answer Questions (Score 1, Interesting) 96

by jonathanmayer on Wednesday November 13, 2013 @09:12PM (#45419007) Attached to: Stanford's MetaPhone Project: Crowdsourcing Metadata To Challenge the NSA

Are you guys looking to just target a certain android platform or will this study reach iOS users as well?

The study is presently Android only. We would like to support iOS, but the telephony APIs do not include phone metadata.

Also from the information I've read thus far the data is being used in conjunction to a court case regarding NSA collections;

While we hope our research results will have a public impact, the MetaPhone project is not affiliated with litigation against the National Security Agency.

This in mind how long will the study hold the metadata and when/how will it be destroyed?

The pace of the study will be largely dictated by user response. We anticipate completing our work by Spring Quarter at Stanford, but the project may take longer.

Comment Re:Stanford Researcher - Glad to Answer Questions (Score 2, Informative) 96

by jonathanmayer on Wednesday November 13, 2013 @08:26PM (#45418727) Attached to: Stanford's MetaPhone Project: Crowdsourcing Metadata To Challenge the NSA

We aren't dastardly plotting a secret scheme to bootstrap a startup. This is an academic research project.

As for the data, we recognize that participants are placing their trust in us. We have committed to securing the data and deleting it once the study is complete.

Comment Stanford Researcher - Glad to Answer Questions (Score 4, Informative) 96

by jonathanmayer on Wednesday November 13, 2013 @07:36PM (#45418373) Attached to: Stanford's MetaPhone Project: Crowdsourcing Metadata To Challenge the NSA

Hi all,

I'm one of the Stanford researchers working on the MetaPhone project. Way cool that we made /.!

Some additional details are available at metaphone.me. I would be glad to answer questions.

Best,
Jonathan

Submission + - Firefox Will Soon Block Third-Party Cookies (webpolicy.org)

Submitted by Anonymous Coward on Saturday February 23, 2013 @04:11PM

An anonymous reader writes: Stanford researcher Jonathan Mayer has contributed a Firefox patch that will block third-party cookies by default. It's now on track to land in version 22. Kudos to Mozilla for protecting their users and being so open to community submissions. The initial response from the online advertising industry is unsurprisingly hostile and blustering, calling the move 'a nuclear first strike.'

Submission + - An Overview of the Do Not Track Debate (theverge.com)

Submitted by

jonathanmayer

on Friday October 12, 2012 @02:19PM

jonathanmayer writes: "The Verge is carrying an accurate and accessible overview of the Do Not Track debate. "With the fate of our beloved internet economy allegedly at stake, perhaps it's a good time to examine what Do Not Track is. How did the standard came to be, what does it do, and how does it stand to change online advertising? Is it as innocuous as privacy advocates make it sound, or does it stand to jeopardize the free, ad-supported internet we've all come to rely on?" The issues surrounding Do Not Track can be difficult to understand owing to rampant rhetoric and spin. This article unpacks the tracking technology, privacy concerns, economic questions, and political outlook. Full disclosure: I'm quoted."

Submission + - Advertising Network Caught History Stealing (stanford.edu) 1

Submitted by

jonathanmayer

on Thursday July 21, 2011 @04:49PM

jonathanmayer writes: "Last week the Stanford Security Lab reported some surprising results on how advertising networks respond to opt outs and Do Not Track. This week we made a new discovery in the online advertising ecosystem: Epic Marketplace, a member of the self-regulatory Network Advertising Initiative, is history stealing with unprecedented scale and sophistication. And Epic is snooping some remarkably sensitive information, including pages from the FTC, IRS, NIH, Mayo Clinic, and more. Epic has written a response defending its practices."

Slashdot Top Deals