By Gunes Acar, Danny Y. Huang, Frank Li, Arvind Narayanan, and Nick Feamster Two web-based attacks against IoT devices made the rounds this week. Researchers Craig Young and Brannon Dorsey showed that a well known attack technique called “DNS rebinding” can be used to control your smart thermostat, detect your home address or extract unique […]
Exfiltrating data from the browser using battery discharge information
June 20, 2018 by
Modern batteries are powerful – indeed they are smart, and have a privileged position enabling them to sense device utilization patterns. A recent research paper has identified a potential threat: researchers (from Technion, University of Texas Austin, Hebrew University) devise a scenario where malicious batteries are supplied to user devices (e.g. via compromised supply chains): An […]
No boundaries for Facebook data: third-party trackers abuse Facebook Login
April 18, 2018 by
by Steven Englehardt [0], Gunes Acar, and Arvind Narayanan So far in the No boundaries series, we’ve uncovered how web trackers exfiltrate identifying information from web pages, browser password managers, and form inputs. Today we report yet another type of surreptitious data collection by third-party scripts that we discovered: the exfiltration of personal identifiers from […]
When the business model *is* the privacy violation
April 12, 2018 by
Sometimes, when we worry about data privacy, we’re worried that data might fall into the wrong hands or be misused for unintended purposes. If I’m considering participating in a medical study, I’d want to know if insurance companies will obtain the data and use it against me. In these scenarios, we should look for ways […]
Four cents to deanonymize: Companies reverse hashed email addresses
April 9, 2018 by
[This is a joint post by Gunes Acar, Steve Englehardt, and me. I’m happy to announce that Steve has recently joined Mozilla as a privacy engineer while he wraps up his Ph.D. at Princeton. He coauthored this post in his Princeton capacity, and this post doesn’t necessarily represent Mozilla’s views. — Arvind Narayanan.] Your email […]
