In this second installment of the “No Boundaries” series, we show how a long-known vulnerability in browsers’ built-in password managers is abused by third-party scripts for tracking on more than a thousand sites. by Gunes Acar, Steven Englehardt, and Arvind Narayanan We show how third-party scripts exploit browsers’ built-in login managers (also called password managers) […]
No boundaries: Exfiltration of personal data by session-replay scripts
November 15, 2017 by
This is the first post in our “No Boundaries” series, in which we reveal how third-party scripts on websites have been extracting personal information in increasingly intrusive ways. [0] by Steven Englehardt, Gunes Acar, and Arvind Narayanan Update: we’ve released our data — the list of sites with session-replay scripts, and the sites where we’ve […]
AdNauseam, Google, and the Myth of the “Acceptable Ad”
January 24, 2017 by
Earlier this month, we (Helen Nissenbaum, Mushon Zer-Aviv, and I), released a new and improved AdNauseam 3.0. For those not familiar, AdNauseam is the adblocker that clicks every ad in an effort to obfuscate tracking profiles and inject doubt into the lucrative economic system that drives advertising-based surveillance. The 3.0 release contains some new features we’ve been excited to […]
NYC to Collect GPS Data on Car Service Passengers—Good Intentions Gone Awry or Something Else?
January 4, 2017 by
During the holiday season, New York City through its Taxi & Limousine Commission (the “TLC”) proposed a new rule expanding data reporting obligations for car service platform companies including Uber and Lyft. If the rule is adopted, car services will now have to report the GPS coordinates of both passenger pick-up and drop-off locations to the […]
