Jonathan Mayer is a Ph.D. student in computer science at Stanford University, where he received his J.D. in 2013. Jonathan is a Cybersecurity Fellow at the Center for International Security and Cooperation, a Junior Affiliate Scholar at the Center for Internet and Society, and a Stanford Interdisciplinary Graduate Fellow. He earned his A.B. at Princeton University in 2009, concentrating in the Woodrow Wilson School of Public and International Affairs. Jonathan has consulted for both federal and state law enforcement agencies, and his research on consumer privacy has contributed to multiple regulatory interventions. A proud Chicago native, Jonathan is undaunted by freezing weather and enjoys celery salt on a hot dog.
Co-authored with Patrick Mutchler. This is a project of the Stanford Security Lab.
We’re studying the National Security Agency, and we need your help.
Our recent research on Google’s circumvention of the Safari cookie blocking feature has led to some confusion, in part owing to the company’s statement in response (reproduced in its entiretybelow). This post is an attempt to elucidate the central issues. As with the original writeup, I aim for a neutral viewpoint in the interest of establishing a common factual understanding. Read more » about Setting the Record Straight on Google’s Safari Tracking
Apple’s Safari web browser is configured to block third-party cookies by default. We identified four advertising companies that unexpectedly place trackable cookies in Safari. Google and Vibrant Media intentionally circumvent Safari’s privacy feature. Media Innovation Group and PointRoll serve scripts that appear to be derived from circumvention example code. Read more » about Safari Trackers
Yesterday the Digital Advertising Alliance (DAA) announced a supplementary set of self-regulatory principles for third parties on the web (pdf, press release). This post is a brief — and far from comprehensive — overview of improvements, continued deficiencies, and procedural issues. Read more » about A Brief Overview of the Supplementary DAA Principles
Click the local Home Depot ad and your email address gets handed to a dozen companies monitoring you. Your web browsing, past, present, and future, is now associated with your identity. Swap photos with friends on Photobucket and clue a couple dozen more into your username. Keep tabs on your favorite teams with Bleacher Report and you pass your full name to a dozen again. This isn't a 1984-esque scaremongering hypothetical. This is what's happening today.
[Update 10/11: Since several readers have asked – this study was funded exclusively by Stanford University and research grants to the Stanford Security Lab. It was not supported by any advocacy organization.] Read more » about Tracking the Trackers: Where Everybody Knows Your Username
John Mitchell and I have written a new paper that synthesizes research on policy and technology issues surrounding third-party web tracking. It will appear at the IEEE Symposium on Security and Privacy in May. Read more » about Third-Party Web Tracking: Policy and Technology
"“There’s a Whac-A-Mole game that’s started in earnest,” said Aleecia McDonald, director of privacy at Stanford’s Center for Internet & Society."
"One aim of the Cookie Clearinghouse initiative at Stanford is to provide tools that prevent a company like Facebook from following users around the Web just because they chose to log into the social network, privacy researcher Jonathan Mayer pointed out." Read more » about Stale Cookies: How companies are tracking you online today
"Even a generic name like “stanfordguy” used to log in on multiple sites could be used to determine one's real identity and theoretically be exploited by law enforcement, Soltani and Mayer said." Read more » about Easily obtained subpoenas turn your personal information against you
"Jonathan Mayer, a Stanford University professor who studies online advertising and privacy, said it was unclear that so-called anonymous codes would actually protect privacy. "Instead of reinventing the wheel, why not start by supporting the consumer control technology that's already in every major web browser?" he said." Read more » about Google May Stop Using 'Cookies' to Track Web Users
"Privacy advocate Jonathan Mayer, a Stanford University privacy expert who works with Mozilla, quit the group last month. "Given the lack of a viable path to consensus, I can no longer justify the substantial time, travel and effort associated with continuing in the working group," Mayer said in his resignation letter." Read more » about Digital Advertising Alliance Exits Do Not Track Group
""The parties are now further apart on the negotiations than they ever had been," said Jonathan Mayer, a Stanford privacy researcher and Do Not Track technology developer who is involved in the negotiations." Read more » about Do Not Track proposal is DOA
Solutions to many pressing economic and societal challenges lie in better understanding data. New tools for analyzing disparate information sets, called Big Data, have revolutionized our ability to find signals amongst the noise. Big Data techniques hold promise for breakthroughs ranging from better health care, a cleaner environment, safer cities, and more effective marketing. Yet, privacy advocates are concerned that the same advances will upend the power relationships between government, business and individuals, and lead to prosecutorial abuse, racial or other profiling, discrimination, redlining, overcriminalization, and other restricted freedoms. Read more » about Big Data and Privacy: Making Ends Meet
Have you ever borrowed a smartphone without asking? Modified a URL? Scraped a website? Called an undocumented API? Congratulations: you might have violated federal law! A 1986 statute, the Computer Fraud and Abuse Act (CFAA), provides both civil and criminal remedies for mere "unauthorized" access to a computer. Read more » about Innovation or Exploitation?
Hosted by the Stanford Center for E-Commerce.
5:30 pm - 6:30 pm: Registration/Reception (Manning Faculty Lounge, second floor breezeway fo Stanford Law School) Read more » about Behavioral Advertising and Privacy Law Reboot - US and International Legal Trends and Best Practices for Internet, Cloud and E-Commerce Companies
The third edition of the Privacy Identity Innovation conference will be held in downtown Seattle this Spring. Taking place May 15-16 at the Bell Harbor International Conference Center, pii2012 Seattle will explore how to protect sensitive information while enabling new technologies and business models. Read more » about Privacy Identity Innovation - pii2012
Sponsored by the IEEE Computer Society Technical Committee on Security and Privacy in cooperation with the International Association for Cryptologic Research (IACR). Read more » about IEEE Symposium on Security and Privacy: Web Security
Have you ever borrowed a smartphone without asking? Modified a URL? Scraped a website? Called an undocumented API? Congratulations: you might have violated federal law! A 1986 statute, the Computer Fraud and Abuse Act (CFAA), provides both civil and criminal remedies for mere "unauthorized" access to a computer. Read more » about Innovation or Exploitation (Video)
Have you ever borrowed a smartphone without asking? Modified a URL? Scraped a website? Called an undocumented API? Congratulations: you might have violated federal law! A 1986 statute, the Computer Fraud and Abuse Act (CFAA), provides both civil and criminal remedies for mere "unauthorized" access to a computer. Read more » about Innovation or Exploitation? (Audio)