Arvind Narayanan is an Assistant Professor at Princeton's Department of Computer Science and Center for Information Technology Policy and an Affiliate Scholar at the Stanford Law School Center for Internet and Society. He studies information privacy and security, and has a side-interest in tech policy. His research has shown that data anonymization is broken in fundamental ways, for which he jointly received the 2008 Privacy Enhancing Technologies Award. He is one of the researchers behind the "Do Not Track" proposal. You can follow Arvind on Twitter at @random_walker and on Google+ here.
The Do Not Track war has raged for well over a year now. There are, broadly, two Do Not Track proposals: one chiefly backed by the ad industry, and another advanced by privacy advocates. These proposals reflect vastly different visions for Do Not Track with vastly different practical consequences.
A 1993 New Yorker cartoon famously proclaimed, "On the Internet, nobody knows you're a dog." The Web is a very different place today; you now leave countless footprints online. You log into websites. You share stuff on social networks. You search for information about yourself and your friends, family, and colleagues. And yet, in the debate about online tracking, ad networks and tracking companies would have you believe we're still in the early 90s — they regularly advance, and get away with, “anonymization” or “we don’t collect Personally Identifiable Information” as an answer to privacy concerns.
Joint post with Jonathan Mayer.
Earlier today Mozilla announced support for Do Not Fool, a proposed mechanism for opting out of April Fools' pranks. We cannot support this misguided effort.
First, Do Not Fool would require fundamentally reengineering the Internet, the HTTP protocol, and countless websites. Many of your favorite web destinations like The Onion rely on fooling.
A frequent misconception of Do Not Track is that the goal is to prevent tracking by online advertisers. In fact, tracking is a much broader problem on the web, and our Do Not Track vision at Stanford, while principally aimed at "third-party" tracking, does not focus on specific industry segments. Barocas and Nissenbaum said it best:
by Steven Englehardt, Gunes Acar, and Arvind Narayanan.
There’s an ongoing arms race between ad blockers and websites — more and more sites either try to sneak their ads through or force users to disable ad blockers. Most previous discussions have assumed that this is a cat-and-mouse game that will escalate indefinitely. But in a new paper, accompanied by proof-of-concept code, we challenge this claim.
Online tracking: A 1-million-site measurement and analysis is the largest and most detailed measurement of online tracking to date. We measure stateful (cookie-based) and stateless (fingerprinting-based) tracking, the effect of browser privacy tools, and "cookie syncing".
This measurement is made possible by our web measurement tool OpenWPM, a mature platform that enables fully automated web crawls using a full-fledged and instrumented browser.
""Users may assume they are anonymous when they are browsing a news or a health website, but our work adds to the list of ways in which tracking companies may be able to learn their identities," said Arvind Narayanan, an assistant professor of computer science at Princeton's Center for Information Technology Policy."
""It is already known that some companies, such as Google and Facebook, track users online and know their identities," said Arvind Narayanan, an assistant professor of computer science at Princeton and one of the authors of the research article. But those companies, which consumers choose to create accounts with, disclose their tracking. The new research shows that anyone with access to browsing histories -- a great number of companies and organizations -- can identify many users by analyzing public information from social media accounts, Narayanan said."
"But not everyone believes gender bias should be eliminated from the data sets. Arvind Narayanan, an assistant professor of computer science at Princeton, has also analyzed word embedding and found gender, racial, and other prejudices. But Narayanan cautions against removing bias automatically, arguing that it could skew a computer’s representation of the real world and make it less adept at making predictions or analyzing data.
"Narayanan concludes in his post that Facebook’s anti-ad-blocking campaign is doomed, at least if it continues in the current vein of acting as if the social network can somehow neutralize ad blockers completely.
“This is a simple proof of concept, but the detection method could easily be made much more robust without incurring a performance penalty,” he writes. “All of this must be utterly obvious to the smart engineers at Facebook, so the whole ‘unblockable ads’ PR push seems likely to be a big bluff.”"
"“Facebook engineers could try harder to obfuscate the differences. For example, they could use non-human-readable element IDs to make it harder to figure out what’s going on, or even randomize the IDs on every page load. We’re surprised they’re not already doing this, given the grandiose announcement of the company’s intent to bypass ad blockers,” Arvind Narayanan and Grant Storey of the CITP wrote in a post analyzing the situation."
Solutions to many pressing economic and societal challenges lie in better understanding data. New tools for analyzing disparate information sets, called Big Data, have revolutionized our ability to find signals amongst the noise. Big Data techniques hold promise for breakthroughs ranging from better health care, a cleaner environment, safer cities, and more effective marketing. Yet, privacy advocates are concerned that the same advances will upend the power relationships between government, business and individuals, and lead to prosecutorial abuse, racial or other profiling, discrimination, redlining, overcriminalization, and other restricted freedoms.
"Princeton's Arvind Narayanan and Steven Englehardt studied how all the things we do not see as users are valuable to someone on our digital trail, as our presence may be authenticated and tracked through such minutia as personalized browser settings or even our laptops' battery levels.
"While Google has used differential privacy to analyze user data from its Chrome browser, Apple is the first major tech company to adopt it more widely and publicly, said Arvind Narayanan, a computer scientist at Princeton University.
“That’s what makes this so exciting – both for the technology and for the future of privacy protection,” he explained.
In terms of challenges, Narayanan said the technology could come with extra costs.
CIS Affiliate Scholar David Levine interviews Prof. Arvind Narayanan of Princeton University on Bitcoin, cryptography, privacy and web transparency.
View the full video on YouTube.
Talk by Arvind Narayanan at the University of Maryland.
Based on a paper-in-progress by Arvind Narayanan and Joseph Bonneau
Abstract: Behind the hype and tumult of the markets, researchers have been quietly producing a series of exciting results about Bitcoin and cryptocurrencies. In this paper we’ll explain why computer scientists should pay attention to these developments.