Jonathan Mayer

Position / Title:

Junior Affiliate Scholar

Links:

Website

Contact:

jmayer@stanford.edu

Focus Areas:

Privacy

Areas of Expertise:

Privacy

Do Not Track

I'm a graduate student in law and computer science at Stanford University. Wherever information technology, public policy, and law intersect, I'm interested.

My research homes are the Security Lab, advised by John Mitchell, and the Center for Internet and Society. In my free time I build robots.

Tracking the Trackers: Microsoft Advertising

By Jonathan Mayer • August 18, 2011 at 3:56 am

Despite all the attention they've received in the debates around online privacy, cookies are far from the only way to track a user. Broadly speaking, a website can either stash a unique identifier anyplace in the browser ("tagging")¹ or explore features of the browser until it becomes unique ("fingerprinting").² Tracking technologies that do not rely on cookies are often referred to as "supercookies," and they are widely viewed as unsavory in the computer security community because they continue tracking even when a user clears her cookies to preserve privacy. Sometimes a site will use a supercookie to "respawn" its original identifier cookie, creating a "zombie cookie" — the basis of several lawsuits.

In one of our recent FourthParty web measurement crawls we included a cookie clearing step to emulate a user's privacy choice. We observed that after clearing the browser's cookies an identifier cookie (named "MUID" for "machine unique identifier") respawned on live.com, a Microsoft domain. We dug into Microsoft's cross-domain cookie syncing code and discovered two independent supercookie mechanisms, one of which was respawning cookies. We contacted Microsoft with our observations, and we have collaborated to assist in rectifying the issues we uncovered. Here is what we know.

Thanks, once again, to Jovanni Hernandez and Akshay Jagadeesh for their indispensable research assistance. Read more » about Tracking the Trackers: Microsoft Advertising

Tracking the Trackers: The AdChoices Icon

By Jonathan Mayer • August 18, 2011 at 12:57 am

(Jovanni Hernandez and Akshay Jagadeesh are the first authors of this study.) Read more » about Tracking the Trackers: The AdChoices Icon

FourthParty: A New Approach to Web Measurement

By Jonathan Mayer • August 9, 2011 at 12:21 am

Last week marked the twentieth anniversary of the public World Wide Web, and there is much to celebrate. The early web consisted of a few text pages linked together; the modern web supports audio, video, interactivity, complex storage, and even native applications. Both Microsoft and Google are now developing entire operating systems around web technologies.

Tools for measuring the web have not kept pace. Many studies still rely on HTTP header logging and static analysis of HTML, CSS, and JavaScript. Researchers who want to go beyond these simple tools are often forced to develop purpose-built software from scratch.

Today we're releasing FourthParty, an open-source platform for web measurement. FourthParty is built on Mozilla Firefox and the Add-on SDK, making it fast, modular, easy to use, multi-platform, and up-to-date with the latest web technologies. And FourthParty is already generating research results: it's the tool we've been using in our Tracking the Trackers studies (1, 2). To learn more and get started, visit fourthparty.info. Read more » about FourthParty: A New Approach to Web Measurement

Tracking the Trackers: To Catch a History Thief

By Jonathan Mayer • July 19, 2011 at 4:20 am

Last week we reported some early results from the Stanford Security Lab's new web measurement platform on how advertising networks respond to opt outs and Do Not Track. This week we're back with a new discovery in the online advertising ecosystem: Epic Marketplace,¹ a member of the self-regulatory Network Advertising Initiative (NAI), is history stealing.

Many thanks once again to research assistants Akshay Jagadeesh and Jovanni Hernandez. Read more » about Tracking the Trackers: To Catch a History Thief

Tracking the Trackers: Early Results

By Jonathan Mayer • July 12, 2011 at 12:12 am

Over the past several months researchers at the Stanford Security Lab have been developing a platform for measuring dynamic web content. One of our chief applications is a system for automated enforcement of Do Not Track by detecting the myriad forms of third-party tracking, including cookies, HTML5 storage, fingerprinting, and much more. While the software isn't quite polished enough for public release, we're eager to share some unexpected early results on the advertising ecosystem. Please bear in mind that these are preliminary findings from experimental software; our primary aims at this stage are developing the platform and validating the approach to third-party tracking detection. Many thanks to Jovanni Hernandez and Akshay Jagadeesh for their invaluable research assistance. Read more » about Tracking the Trackers: Early Results

Jonathan Mayer

Driverless Car Summit

Vehicle Automation: TRB @ Stanford

52nd Annual Workshop on Transportation Law

Big Data and Privacy: Making Ends Meet

Jonathan Mayer

Pages

Pages

Pages