Jonathan Mayer is a Ph.D. candidate in computer science at Stanford University, where he received his J.D. in 2013. He was named one of the Forbes 30 Under 30 in 2014, for his work on technology security and privacy. Jonathan's research and commentary frequently appears in national publications, and he has contributed to federal and state law enforcement actions.
Jonathan is a Cybersecurity Fellow at the Center for International Security and Cooperation, a Junior Affiliate Scholar at the Center for Internet and Society, and a Stanford Interdisciplinary Graduate Fellow. He earned his A.B. at Princeton University in 2009, concentrating in the Woodrow Wilson School of Public and International Affairs. Jonathan has consulted for both federal and state law enforcement agencies, and his research on consumer privacy has contributed to multiple regulatory interventions. A proud Chicago native, Jonathan is undaunted by freezing weather and enjoys celery salt on a hot dog.
Co-authored with Patrick Mutchler. This is a project of the Stanford Security Lab.
Just over a month ago we launched MetaPhone, an Android app for crowdsourcing phone metadata. Our results have already confirmed that phone activity easily reveals private relationships, is deeply interconnected, and can trivially be identified.
We’ve received lots of great feedback on the study from researchers and participants. One request has been especially consistent: show me my metadata!
Starting today, the MetaPhone app will provide personalized results about your phone metadata privacy. Read more » about Spy on Your Metadata
Co-authored with Patrick Mutchler. This is a project of the Stanford Security Lab.
We’re studying the National Security Agency, and we need your help.
Our recent research on Google’s circumvention of the Safari cookie blocking feature has led to some confusion, in part owing to the company’s statement in response (reproduced in its entiretybelow). This post is an attempt to elucidate the central issues. As with the original writeup, I aim for a neutral viewpoint in the interest of establishing a common factual understanding. Read more » about Setting the Record Straight on Google’s Safari Tracking
Apple’s Safari web browser is configured to block third-party cookies by default. We identified four advertising companies that unexpectedly place trackable cookies in Safari. Google and Vibrant Media intentionally circumvent Safari’s privacy feature. Media Innovation Group and PointRoll serve scripts that appear to be derived from circumvention example code. Read more » about Safari Trackers
Yesterday the Digital Advertising Alliance (DAA) announced a supplementary set of self-regulatory principles for third parties on the web (pdf, press release). This post is a brief — and far from comprehensive — overview of improvements, continued deficiencies, and procedural issues. Read more » about A Brief Overview of the Supplementary DAA Principles
Cross-posted from The New York Times Opinion Pages.
To the Editor:
By Edward Felten and Jonathan Mayer
Snooping on the Internet is tricky. The network is diffuse, global, and packed with potential targets. There’s no central system for identifying or locating individuals, so it’s hard to keep track of who is online and what they’re up to. What’s a spy agency to do? Read more » about How the NSA Piggy-Backs on Third-Party Trackers
John Mitchell and I have written a new paper that synthesizes research on policy and technology issues surrounding third-party web tracking. It will appear at the IEEE Symposium on Security and Privacy in May. Read more » about Third-Party Web Tracking: Policy and Technology
""We are no longer seen as a safe business climate," said Aleecia M. McDonald, director of privacy at Stanford's Center for Internet and Society."
"Jonathan Mayer, a doctoral student in computer science and Cybersecurity Fellow at the Center for International Security and Cooperation, said that the law is still evolving in our highly digital world – and right now, it does not go far enough in safeguarding privacy." Read more » about Surveillance threatens U.S. business climate, democracy, say Stanford researchers
"Rejecting Google’s reasoning, Koh effectively reinterpreted old U.S. privacy laws for the Internet age, said Jonathan Mayer, a Stanford University doctoral student with a law degree who tracks online privacy issues.
“Federal privacy law mostly makes sense for phone calls and messages, but it’s deeply ambiguous on newer technology,” said Mayer, whose February 2012 blog post drew early attention to Google’s attempt to bypass privacy settings on Apple browsers, which ended with the search giant’s $17 million payment to 37 states in November." Read more » about Clickable Consent at Risk in Internet Privacy Lawsuits
"The National Security Agency likes to claim that intelligence officers are only collecting the phone records of millions of Americans, safely omitting their actual names from analysis. But a Stanford researcher, Jonathan Mayer, found that he and his co-author could easily match so-called “meta-data” to individual names with little more than a Google search." Read more » about Stanford Researcher Proves NSA Can Probably Identify Individuals From Phone Records
"“If the NSA were to mistakenly classify domestic servers as outside the United States, even at low rates, it would acquire a substantial amount of purely domestic internet traffic,” wrote Jonathan Mayer of Stanford University’s department of computer science. " Read more » about NSA review to leave spying programs largely unchanged, reports say
"Tracking cookies offers the NSA the perfect system for following suspects across the web: it's pervasive, persistent, and for the most part, it's still unencrypted. "It solves a bunch of tricky problems for bulk web surveillance that would otherwise be quite difficult," says Jonathan Mayer, a fellow at Stanford's Center for Internet and Society who worked with the Washington Post on the report. " Read more » about How advertisers became the NSA's best friend
For more information and to register, please visit the pii2014 website.
Below is the preliminary schedule of events for the pii2014 Silicon Valley conference, taking place November 12 -14, 2014 at the Crowne Plaza Palo Alto hotel. All the speakers are confirmed, but the schedule is subject to change. Read more » about Privacy Identity Innovation
Because of Edward Snowden’s remarkable public service, we know that the National Security Agency, with the cooperation of some large firms, has amassed an unprecedented database of personal information. The ostensible goal in collecting that information is to protect national security. The effect, according to Reed Hundt, is to undermine democracy. Read more » about Saving Privacy
This talk presents an empirical assessment of the NSA’s legal restrictions, including research cited by President Obama’s intelligence review group. We find that present limits on bulk surveillance programs come up far short; authorities to intercept international Internet traffic and domestic telephone metadata place ordinary Americans at risk. Read more » about The Science of Surveillance
Solutions to many pressing economic and societal challenges lie in better understanding data. New tools for analyzing disparate information sets, called Big Data, have revolutionized our ability to find signals amongst the noise. Big Data techniques hold promise for breakthroughs ranging from better health care, a cleaner environment, safer cities, and more effective marketing. Yet, privacy advocates are concerned that the same advances will upend the power relationships between government, business and individuals, and lead to prosecutorial abuse, racial or other profiling, discrimination, redlining, overcriminalization, and other restricted freedoms. Read more » about Big Data and Privacy: Making Ends Meet
Have you ever borrowed a smartphone without asking? Modified a URL? Scraped a website? Called an undocumented API? Congratulations: you might have violated federal law! A 1986 statute, the Computer Fraud and Abuse Act (CFAA), provides both civil and criminal remedies for mere "unauthorized" access to a computer. Read more » about Innovation or Exploitation?
Listen to the full piece at Marketplace.org.
"Now Neustar might lose the contract to Ericsson, which is based in Sweden. Neustar says this would be bad for national security, said Jonathan Mayer, a fellow at Stanford's Center for International Security and Cooperation.
“It certainly is a legitimate concern that the company that routes calls is in position to know a fair amount about law enforcement and intelligence investigations,” Mayer said." Read more » about The battle over which company has your number
View the CBS News Broadcast here.
"Stanford University Ph.D. student Jonathan Mayer and his research partner created an Android app called MetaPhone that asked users to volunteer their phone records in an effort to learn what could be uncovered from metadata. More than 500 people signed up. Read more » about Just how much personal information does phone metadata reveal?
Have you ever borrowed a smartphone without asking? Modified a URL? Scraped a website? Called an undocumented API? Congratulations: you might have violated federal law! A 1986 statute, the Computer Fraud and Abuse Act (CFAA), provides both civil and criminal remedies for mere "unauthorized" access to a computer. Read more » about Innovation or Exploitation (Video)
Have you ever borrowed a smartphone without asking? Modified a URL? Scraped a website? Called an undocumented API? Congratulations: you might have violated federal law! A 1986 statute, the Computer Fraud and Abuse Act (CFAA), provides both civil and criminal remedies for mere "unauthorized" access to a computer. Read more » about Innovation or Exploitation? (Audio)