Jonathan Mayer is a Ph.D. student in computer science at Stanford University, where he received his J.D. in 2013. Jonathan is a Cybersecurity Fellow at the Center for International Security and Cooperation, a Junior Affiliate Scholar at the Center for Internet and Society, and a Stanford Interdisciplinary Graduate Fellow. He earned his A.B. at Princeton University in 2009, concentrating in the Woodrow Wilson School of Public and International Affairs. Jonathan has consulted for both federal and state law enforcement agencies, and his research on consumer privacy has contributed to multiple regulatory interventions. A proud Chicago native, Jonathan is undaunted by freezing weather and enjoys celery salt on a hot dog.
Co-authored with Patrick Mutchler. This is a project of the Stanford Security Lab.
We’re studying the National Security Agency, and we need your help.
Our recent research on Google’s circumvention of the Safari cookie blocking feature has led to some confusion, in part owing to the company’s statement in response (reproduced in its entiretybelow). This post is an attempt to elucidate the central issues. As with the original writeup, I aim for a neutral viewpoint in the interest of establishing a common factual understanding. Read more » about Setting the Record Straight on Google’s Safari Tracking
Apple’s Safari web browser is configured to block third-party cookies by default. We identified four advertising companies that unexpectedly place trackable cookies in Safari. Google and Vibrant Media intentionally circumvent Safari’s privacy feature. Media Innovation Group and PointRoll serve scripts that appear to be derived from circumvention example code. Read more » about Safari Trackers
Yesterday the Digital Advertising Alliance (DAA) announced a supplementary set of self-regulatory principles for third parties on the web (pdf, press release). This post is a brief — and far from comprehensive — overview of improvements, continued deficiencies, and procedural issues. Read more » about A Brief Overview of the Supplementary DAA Principles
Click the local Home Depot ad and your email address gets handed to a dozen companies monitoring you. Your web browsing, past, present, and future, is now associated with your identity. Swap photos with friends on Photobucket and clue a couple dozen more into your username. Keep tabs on your favorite teams with Bleacher Report and you pass your full name to a dozen again. This isn't a 1984-esque scaremongering hypothetical. This is what's happening today.
[Update 10/11: Since several readers have asked – this study was funded exclusively by Stanford University and research grants to the Stanford Security Lab. It was not supported by any advocacy organization.] Read more » about Tracking the Trackers: Where Everybody Knows Your Username
John Mitchell and I have written a new paper that synthesizes research on policy and technology issues surrounding third-party web tracking. It will appear at the IEEE Symposium on Security and Privacy in May. Read more » about Third-Party Web Tracking: Policy and Technology
For the past two months, a fight has been raging in the blogosphere about whether Stanford researcher Jonathan Mayer can take credit for spurring the government investigation that led to Google paying a $22.5 million for privacy violations.
Google has been hit with the biggest fine in the history of the Federal Trade Commission: $22.5 million. It has to do with cookies, bits of computer code placed on your browser when you visit a website. Read more » about Google Gets Slammed with the Biggest FTC Fine Ever
Rumors of the $22.5 million settlement first cropped up in June, but the issue dates back to February. At that point, a Stanford University graduate student, Jonathan Mayer, released a report that accused Google and three other ad networks of side-stepping the privacy settings on Apple's Safari browser to track usage on iPhones and Macs without permission. Read more » about FTC Hits Google With $22.5 Million Fine Over Safari Tracking
The FTC said that Google informed Safari users that since the browser blocks third-party cookies, they did not need to opt out of online tracking. Yet Google in fact placed a temporary cookie on computers, tablets and mobile devices, a privacy breach first reported by Stanford researcher Jonathan Mayer. Read more » about Google Hit with Record $22.5-Million fine for Safari Tracking
Solutions to many pressing economic and societal challenges lie in better understanding data. New tools for analyzing disparate information sets, called Big Data, have revolutionized our ability to find signals amongst the noise. Big Data techniques hold promise for breakthroughs ranging from better health care, a cleaner environment, safer cities, and more effective marketing. Yet, privacy advocates are concerned that the same advances will upend the power relationships between government, business and individuals, and lead to prosecutorial abuse, racial or other profiling, discrimination, redlining, overcriminalization, and other restricted freedoms. Read more » about Big Data and Privacy: Making Ends Meet
Have you ever borrowed a smartphone without asking? Modified a URL? Scraped a website? Called an undocumented API? Congratulations: you might have violated federal law! A 1986 statute, the Computer Fraud and Abuse Act (CFAA), provides both civil and criminal remedies for mere "unauthorized" access to a computer. Read more » about Innovation or Exploitation?
Hosted by the Stanford Center for E-Commerce.
5:30 pm - 6:30 pm: Registration/Reception (Manning Faculty Lounge, second floor breezeway fo Stanford Law School) Read more » about Behavioral Advertising and Privacy Law Reboot - US and International Legal Trends and Best Practices for Internet, Cloud and E-Commerce Companies
The third edition of the Privacy Identity Innovation conference will be held in downtown Seattle this Spring. Taking place May 15-16 at the Bell Harbor International Conference Center, pii2012 Seattle will explore how to protect sensitive information while enabling new technologies and business models. Read more » about Privacy Identity Innovation - pii2012
Sponsored by the IEEE Computer Society Technical Committee on Security and Privacy in cooperation with the International Association for Cryptologic Research (IACR). Read more » about IEEE Symposium on Security and Privacy: Web Security
Have you ever borrowed a smartphone without asking? Modified a URL? Scraped a website? Called an undocumented API? Congratulations: you might have violated federal law! A 1986 statute, the Computer Fraud and Abuse Act (CFAA), provides both civil and criminal remedies for mere "unauthorized" access to a computer. Read more » about Innovation or Exploitation (Video)
Have you ever borrowed a smartphone without asking? Modified a URL? Scraped a website? Called an undocumented API? Congratulations: you might have violated federal law! A 1986 statute, the Computer Fraud and Abuse Act (CFAA), provides both civil and criminal remedies for mere "unauthorized" access to a computer. Read more » about Innovation or Exploitation? (Audio)