Tutorials

I am an Associate Professor in Computer Science at De Montfort University in Leicester, UK. My research focuses on privacy technologies, privacy metrics, web measurement, and smart cities.

Methods of Corporate Surveillance: a Primer on Experimental Transparency Research

Bibliography for the Tutorial

[1]
G. Acar, C. Eubank, S. Englehardt, M. Juarez, A. Narayanan, and C. Diaz, ‘The Web Never Forgets: Persistent Tracking Mechanisms in the Wild’, in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, Arizona, USA, 2014, pp. 674–689, doi: 10.1145/2660267.2660347.
[2]
S. Ali, T. Osman, M. Mannan, and A. Youssef, ‘On Privacy Risks of Public WiFi Captive Portals’, in Data Privacy Management, Cryptocurrencies and Blockchain Technology, Cham, 2019, pp. 80–98, doi: 10.1007/978-3-030-31500-9_6.
[3]
K. Allix, T. F. Bissyandé, J. Klein, and Y. L. Traon, ‘AndroZoo: Collecting Millions of Android Apps for the Research Community’, in 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR), May 2016, pp. 468–471.
[4]
Amnesty International, ‘Surveillance Giants: How the Business Model of Google and Facebook Threatens Human Rights’, Amnesty International, London, UK, POL 30/1404/2019, 2019.
[5]
B. Andow et al., ‘PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play’, presented at the 28th USENIX Security Symposium (USENIX Security 19), Santa Clara, CA, USA, Aug. 2019, pp. 585–602, Accessed: Aug. 14, 2019. [Online]. Available: https://www.usenix.org/conference/usenixsecurity19/presentation/andow.
[6]
A. Andreou, G. Venkatadri, O. Goga, K. P. Gummadi, P. Loiseau, and A. Mislove, ‘Investigating Ad Transparency Mechanisms in Social Media: A Case Study of Facebook’s Explanations’, in Proceedings 2018 Network and Distributed System Security Symposium, San Diego, CA, 2018, doi: 10.14722/ndss.2018.23191.
[7]
J. Angwin and T. Jr. Parris, ‘Facebook Lets Advertisers Exclude Users by Race’, ProPublica, Oct. 28, 2016.
[8]
J. Angwin, N. Scheiber, and A. Tobin, ‘Facebook Job Ads Raise Concerns About Age Discrimination’, The New York Times, Jan. 20, 2018.
[9]
R. Balebako, P. G. Leon, R. Shay, B. Ur, Y. Wang, and L. F. Cranor, ‘Measuring the effectiveness of privacy tools for limiting behavioral advertising’, in In Web 2.0 Workshop on Security and Privacy, 2012.
[10]
A. Ballatore, M. Graham, and S. Sen, ‘Digital Hegemonies: The Localness of Search Engine Results’, Annals of the American Association of Geographers, vol. 107, no. 5, pp. 1194–1215, Sep. 2017, doi: 10.1080/24694452.2017.1308240.
[11]
P. Barford, I. Canadi, D. Krushevskaja, Q. Ma, and S. Muthukrishnan, ‘Adscape: Harvesting and Analyzing Online Display Ads’, in Proceedings of the 23rd International Conference on World Wide Web, Seoul, Korea, 2014, pp. 597–608, doi: 10.1145/2566486.2567992.
[12]
M. A. Bashir, S. Arshad, E. Kirda, W. Robertson, and C. Wilson, ‘How Tracking Companies Circumvented Ad Blockers Using WebSockets’, in Proceedings of the Internet Measurement Conference 2018, Boston, MA, USA, 2018, pp. 471–477, doi: 10.1145/3278532.3278573.
[13]
M. A. Bashir, S. Arshad, C. Wilson, and W. Robertson, ‘Tracing Information Flows Between Ad Exchanges Using Retargeted Ads’, in 25th USENIX Security Symposium, Austin, TX, USA, Aug. 2016, p. 17.
[14]
M. A. Bashir, U. Farooq, M. Shahid, M. F. Zaffar, and C. Wilson, ‘Quantity vs. Quality: Evaluating User Interest Profiles Using Ad Preference Managers’, in Proceedings 2019 Network and Distributed System Security Symposium, San Diego, California, USA, Feb. 2019, p. 15.
[15]
M. A. Bashir and C. Wilson, ‘Diffusion of User Tracking Data in the Online Advertising Ecosystem’, Proceedings on Privacy Enhancing Technologies, vol. 2018, no. 4, pp. 85–103, Oct. 2018, doi: 10.1515/popets-2018-0033.
[16]
R. Binns, U. Lyngs, M. Van Kleek, J. Zhao, T. Libert, and N. Shadbolt, ‘Third Party Tracking in the Mobile Ecosystem’, in Proceedings of the 10th ACM Conference on Web Science, Amsterdam, Netherlands, 2018, pp. 23–31, doi: 10.1145/3201064.3201089.
[17]
J. Brookman, P. Rouge, A. Alva, and C. Yeung, ‘Cross-Device Tracking: Measurement and Disclosures’, Proceedings on Privacy Enhancing Technologies, vol. 2017, no. 2, pp. 133–148, Apr. 2017, doi: 10.1515/popets-2017-0020.
[18]
J. G. Cabañas, Á. Cuevas, and R. Cuevas, ‘Unveiling and Quantifying Facebook Exploitation of Sensitive Personal Data for Advertising Purposes’, presented at the 27th USENIX Security Symposium (USENIX Security 18), Baltimore, MD, USA, 2018, pp. 479–495, Accessed: Mar. 04, 2019. [Online]. Available: https://www.usenix.org/conference/usenixsecurity18/presentation/cabanas.
[19]
J. M. Carrascosa, J. Mikians, R. Cuevas, V. Erramilli, and N. Laoutaris, ‘I Always Feel Like Somebody’s Watching Me: Measuring Online Behavioural Advertising’, in Proceedings of the 11th ACM Conference on Emerging Networking Experiments and Technologies, Heidelberg, Germany, 2015, pp. 13:1–13:13, doi: 10.1145/2716281.2836098.
[20]
W. Christl, ‘Corporate Surveillance in Everyday Life’, Cracked Labs, Vienna, Austria, 2017. [Online]. Available: https://crackedlabs.org/en/data-against-people.
[21]
N. Couldry, ‘The price of connection: “surveillance capitalism”’, The Conversation, Sep. 2016. http://theconversation.com/the-price-of-connection-surveillance-capitalism-64124 (accessed Apr. 07, 2020).
[22]
A. Dabrowski, G. Merzdovnik, J. Ullrich, G. Sendera, and E. Weippl, ‘Measuring Cookies and Web Privacy in a Post-GDPR World’, in Passive and Active Measurement, Cham, 2019, pp. 258–270, doi: 10.1007/978-3-030-15986-3_17.
[23]
A. Datta, M. C. Tschantz, and A. Datta, ‘Automated Experiments on Ad Privacy Settings’, Proceedings on Privacy Enhancing Technologies, vol. 2015, no. 1, pp. 92–112, Apr. 2015, doi: 10.1515/popets-2015-0007.
[24]
M. Degeling and J. Nierhoff, ‘Tracking and Tricking a Profiler: Automated Measuring and Influencing of Bluekai’s Interest Profiling’, in Proceedings of the 2018 Workshop on Privacy in the Electronic Society, Toronto, Canada, 2018, pp. 1–13, doi: 10.1145/3267323.3268955.
[25]
R. van Eijk, H. Asghari, P. Winter, and A. Narayanan, ‘The Impact of User Location on Cookie Notices (Inside and Outside of the European Union)’, in IEEE Security & Privacy Workshop on Technology and Consumer Protection (ConPro ’19), San Francisco, CA, USA, May 2019, Accessed: May 04, 2019. [Online]. Available: https://papers.ssrn.com/abstract=3361360.
[26]
W. Enck et al., ‘TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones’, ACM Trans. Comput. Syst., vol. 32, no. 2, pp. 5:1–5:29, Jun. 2014, doi: 10.1145/2619091.
[27]
S. Englehardt and A. Narayanan, ‘Online Tracking: A 1-million-site Measurement and Analysis’, in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 2016, pp. 1388–1401, doi: 10.1145/2976749.2978313.
[28]
R. Epstein and R. E. Robertson, ‘The search engine manipulation effect (SEME) and its possible impact on the outcomes of elections’, PNAS, vol. 112, no. 33, pp. E4512–E4521, Aug. 2015, doi: 10.1073/pnas.1419828112.
[29]
M. Falahrastegar, H. Haddadi, S. Uhlig, and R. Mortier, ‘Tracking Personal Identifiers Across the Web’, in Passive and Active Measurement, 2016, pp. 30–41.
[30]
A. A. Galán, J. G. Cabañas, Á. Cuevas, M. Calderón, and R. C. Rumin, ‘Large-Scale Analysis of User Exposure to Online Advertising on Facebook’, IEEE Access, vol. 7, pp. 11959–11971, 2019, doi: 10.1109/ACCESS.2019.2892237.
[31]
A. Gervais, A. Filios, V. Lenders, and S. Capkun, ‘Quantifying Web Adblocker Privacy’, in Computer Security – ESORICS 2017, 2017, pp. 21–42.
[32]
P. Gill, V. Erramilli, A. Chaintreau, B. Krishnamurthy, K. Papagiannaki, and P. Rodriguez, ‘Follow the Money: Understanding Economics of Online Aggregation and Advertising’, in Proceedings of the 2013 Conference on Internet Measurement Conference, Barcelona, Spain, 2013, pp. 141–148, doi: 10.1145/2504730.2504768.
[33]
A. Gómez-Boix, P. Laperdrix, and B. Baudry, ‘Hiding in the Crowd: An Analysis of the Effectiveness of Browser Fingerprinting at Large Scale’, in Proceedings of the 2018 World Wide Web Conference, Lyon, France, 2018, pp. 309–318, doi: 10.1145/3178876.3186097.
[34]
A. Hannak et al., ‘Measuring Personalization of Web Search’, in Proceedings of the 22nd International Conference on World Wide Web, Rio de Janeiro, Brazil, 2013, pp. 527–538, doi: 10.1145/2488388.2488435.
[35]
A. Hannak, G. Soeller, D. Lazer, A. Mislove, and C. Wilson, ‘Measuring Price Discrimination and Steering on E-commerce Web Sites’, in Proceedings of the 2014 Conference on Internet Measurement Conference, Vancouver, BC, Canada, 2014, pp. 305–318, doi: 10.1145/2663716.2663744.
[36]
Y. He, X. Yang, B. Hu, and W. Wang, ‘Dynamic privacy leakage analysis of Android third-party libraries’, Journal of Information Security and Applications, vol. 46, pp. 259–270, Jun. 2019, doi: 10.1016/j.jisa.2019.03.014.
[37]
D. C. Howe and H. Nissenbaum, ‘Engineering Privacy and Protest: a Case Study of AdNauseam’, in Proceedings of the 3rd International Workshop on Privacy Engineering, San Jose, CA, USA, 2017, vol. 1873, pp. 57–64.
[38]
C. Iordanou, G. Smaragdakis, I. Poese, and N. Laoutaris, ‘Tracing Cross Border Web Tracking’, in Proceedings of the Internet Measurement Conference 2018, Boston, MA, USA, 2018, pp. 329–342, doi: 10.1145/3278532.3278561.
[39]
C. Iordanou, C. Soriente, M. Sirivianos, and N. Laoutaris, ‘Who is Fiddling with Prices?: Building and Deploying a Watchdog Service for E-commerce’, in Proceedings of the Conference of the ACM Special Interest Group on Data Communication, Los Angeles, CA, USA, 2017, pp. 376–389, doi: 10.1145/3098822.3098850.
[40]
U. Iqbal, Z. Shafiq, and Z. Qian, ‘The Ad Wars: Retrospective Measurement and Analysis of Anti-adblock Filter Lists’, in Proceedings of the 2017 Internet Measurement Conference, London, United Kingdom, 2017, pp. 171–183, doi: 10.1145/3131365.3131387.
[41]
H. Jin et al., ‘Why Are They Collecting My Data?: Inferring the Purposes of Network Traffic in Mobile Apps’, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol., vol. 2, no. 4, pp. 173:1–173:27, Dec. 2018, doi: 10.1145/3287051.
[42]
M. Lecuyer, R. Spahn, Y. Spiliopolous, A. Chaintreau, R. Geambasu, and D. Hsu, ‘Sunlight: Fine-grained Targeting Detection at Scale with Statistical Confidence’, in Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, Denver, Colorado, USA, 2015, pp. 554–566, doi: 10.1145/2810103.2813614.
[43]
A. Lerner, A. K. Simpson, T. Kohno, and F. Roesner, ‘Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016’, in 25th USENIX Security Symposium (USENIX Security 16), Austin, TX, USA, 2016, Accessed: Mar. 04, 2019. [Online]. Available: https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/lerner.
[44]
T.-C. Li, H. Hang, M. Faloutsos, and P. Efstathopoulos, ‘TrackAdvisor: Taking Back Browsing Privacy from Third-Party Trackers’, in Passive and Active Measurement, 2015, pp. 277–289.
[45]
T. Libert, L. Graves, and R. K. Nielsen, ‘Changes in third-party content on European news websites after GDPR’, Reuters Institute for the Study of Journalism, pubs:909043, 2018. Accessed: Jul. 22, 2019. [Online]. Available: https://ora.ox.ac.uk/objects/uuid:5a5d4eea-6e74-49b4-8c77-71ec6760f127.
[46]
T. Libert, ‘An Automated Approach to Auditing Disclosure of Third-Party Data Collection in Website Privacy Policies’, in Proceedings of the 2018 World Wide Web Conference, Lyon, France, 2018, pp. 207–216, doi: 10.1145/3178876.3186087.
[47]
M. Malloy, M. McNamara, A. Cahn, and P. Barford, ‘Ad Blockers: Global Prevalence and Impact’, in Proceedings of the 2016 Internet Measurement Conference, Santa Monica, California, USA, 2016, pp. 119–125, doi: 10.1145/2987443.2987460.
[48]
J. R. Mayer and J. C. Mitchell, ‘Third-Party Web Tracking: Policy and Technology’, in 2012 IEEE Symposium on Security and Privacy (SP), May 2012, pp. 413–427, doi: 10.1109/SP.2012.47.
[49]
A. McDonald et al., ‘403 Forbidden: A Global View of CDN Geoblocking’, in Proceedings of the Internet Measurement Conference 2018, Boston, MA, USA, 2018, pp. 218–230, doi: 10.1145/3278532.3278552.
[50]
J. B. Merrill and A. Tobin, ‘Facebook Moves to Block Ad Transparency Tools —…’, ProPublica, Jan. 28, 2019.
[51]
G. Merzdovnik et al., ‘Block Me If You Can: A Large-Scale Study of Tracker-Blocking Tools’, in 2017 IEEE European Symposium on Security and Privacy (EuroS P), Apr. 2017, pp. 319–333, doi: 10.1109/EuroSP.2017.26.
[52]
H. Metwalley, S. Traverso, M. Mellia, S. Miskovic, and M. Baldi, ‘The Online Tracking Horde: A View from Passive Measurements’, in Traffic Monitoring and Analysis, 2015, pp. 111–125.
[53]
H. M. Moghaddam et al., ‘Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices’, in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK, Nov. 2019, pp. 131–147, doi: 10.1145/3319535.3354198.
[54]
M. H. Mughees, Z. Qian, and Z. Shafiq, ‘Detecting Anti Ad-blockers in the Wild’, Proceedings on Privacy Enhancing Technologies, vol. 2017, no. 3, pp. 130–146, Jul. 2017, doi: 10.1515/popets-2017-0032.
[55]
S. Nath, ‘MAdScope: Characterizing Mobile In-App Targeted Ads’, in Proceedings of the 13th Annual International Conference on Mobile Systems, Applications, and Services, Florence, Italy, 2015, pp. 59–73, doi: 10.1145/2742647.2742653.
[56]
N. Nikiforakis, W. Joosen, and B. Livshits, ‘PriVaricator: Deceiving Fingerprinters with Little White Lies’, in 24th International Conference on World Wide Web (WWW), Florence, Italy, 2015, pp. 820–830, doi: 10.1145/2736277.2741090.
[57]
R. Nithyanand et al., ‘Adblocking and Counter Blocking: A Slice of the Arms Race’, presented at the 6th USENIX Workshop on Free and Open Communications on the Internet (FOCI 16), Austin, TX, USA, Aug. 2016, Accessed: Jul. 22, 2019. [Online]. Available: https://www.usenix.org/conference/foci16/workshop-program/presentation/nithyanand.
[58]
P. Papadopoulos, N. Kourtellis, and E. Markatos, ‘Cookie Synchronization: Everything You Always Wanted to Know But Were Afraid to Ask’, in The World Wide Web Conference, San Francisco, CA, USA, 2019, pp. 1432–1442, doi: 10.1145/3308558.3313542.
[59]
V. L. Pochat, T. van Goethem, and W. Joosen, ‘Rigging Research Results by Manipulating Top Websites Rankings.’, in 26th Annual Network and Distributed System Security Symposium, San Diego, CA, USA, Feb. 2019, doi: 10.14722/ndss.2019.23386.
[60]
E. Pujol, O. Hohlfeld, and A. Feldmann, ‘Annoyed Users: Ads and Ad-Block Usage in the Wild’, in Proceedings of the 2015 Internet Measurement Conference, Tokyo, Japan, 2015, pp. 93–106, doi: 10.1145/2815675.2815705.
[61]
R. Ramesh et al., ‘Decentralized Control: A Case Study of Russia’, in Proceedings 2020 Network and Distributed System Security Symposium, San Diego, CA, 2020, doi: 10.14722/ndss.2020.23098.
[62]
A. Razaghpanah et al., ‘Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem’, in Proceedings 2018 Network and Distributed System Security Symposium, San Diego, CA, 2018, doi: 10.14722/ndss.2018.23353.
[63]
F. N. Ribeiro et al., ‘Media Bias Monitor: Quantifying Biases of Social Media News Outlets at Large-Scale’, in Twelfth International AAAI Conference on Web and Social Media, Palo Alto, California, USA, Jun. 2018, Accessed: Jul. 22, 2019. [Online]. Available: https://www.aaai.org/ocs/index.php/ICWSM/ICWSM18/paper/view/17878.
[64]
C. Sandvig, K. Hamilton, K. Karahalios, and C. Langbort, ‘Auditing Algorithms: Research Methods for Detecting Discrimination on Internet Platforms’, in Data and Discrimination: Converting Critical Concerns into Productive Inquiry, Seattle, WA, USA, May 2014, p. 23.
[65]
K. Solomos, P. Ilia, S. Ioannidis, and N. Kourtellis, ‘Talon: An Automated Framework for Cross-Device Tracking Detection’, in 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019), Beijing, China, Sep. 2019, Accessed: Sep. 24, 2019. [Online]. Available: http://arxiv.org/abs/1812.11393.
[66]
T. Speicher et al., ‘Potential for Discrimination in Online Targeted Advertising’, in Conference on Fairness, Accountability and Transparency, Jan. 2018, pp. 5–19, Accessed: Jul. 19, 2019. [Online]. Available: http://proceedings.mlr.press/v81/speicher18a.html.
[67]
L. Sweeney, ‘Discrimination in Online Ad Delivery’, Commun. ACM, vol. 56, no. 5, pp. 44–54, May 2013, doi: 10.1145/2447976.2447990.
[68]
E. Sy, C. Burkert, H. Federrath, and M. Fischer, ‘Tracking Users Across the Web via TLS Session Resumption’, in Proceedings of the 34th Annual Computer Security Applications Conference, San Juan, PR, USA, 2018, pp. 289–299, doi: 10.1145/3274694.3274708.
[69]
V. Toubiana, L. Subramanian, and H. Nissenbaum, ‘TrackMeNot: Enhancing the privacy of Web Search’, arXiv:1109.4677 [cs], Sep. 2011, Accessed: Nov. 12, 2019. [Online]. Available: http://arxiv.org/abs/1109.4677.
[70]
M. C. Tschantz, A. Datta, A. Datta, and J. M. Wing, ‘A Methodology for Information Flow Experiments’, in 2015 IEEE 28th Computer Security Foundations Symposium, Jul. 2015, pp. 554–568, doi: 10.1109/CSF.2015.40.
[71]
M. C. Tschantz, S. Egelman, J. Choi, N. Weaver, and G. Friedland, ‘The Accuracy of the Demographic Inferences Shown on Google’s Ad Settings’, in Proceedings of the 2018 Workshop on Privacy in the Electronic Society, Toronto, Canada, 2018, pp. 33–41, doi: 10.1145/3267323.3268962.
[72]
C. Utz, M. Degeling, S. Fahl, F. Schaub, and T. Holz, ‘(Un)Informed Consent: Studying GDPR Consent Notices in the Field’, in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, United Kingdom, 2019, pp. 973–990, doi: 10.1145/3319535.3354212.
[73]
K. Vaccaro, K. Karahalios, C. Sandvig, K. Hamilton, and C. Langbort, ‘Agree or cancel? research and terms of service compliance’, in ACM CSCW Ethics Workshop: Ethics for Studying Sociotechnical Systems in a Big Data World, 2015.
[74]
P. Vadrevu and R. Perdisci, ‘What You See is NOT What You Get: Discovering and Tracking Social Engineering Attack Campaigns’, in Proceedings of the Internet Measurement Conference, Amsterdam, Netherlands, Oct. 2019, pp. 308–321, doi: 10.1145/3355369.3355600.
[75]
G. Venkatadri, E. Lucherini, P. Sapiezynski, and A. Mislove, ‘Investigating sources of PII used in Facebook’s targeted advertising’, Proceedings on Privacy Enhancing Technologies, vol. 2019, no. 1, pp. 227–244, Jan. 2019, doi: 10.2478/popets-2019-0013.
[76]
P. Vines, F. Roesner, and T. Kohno, ‘Exploring ADINT: Using Ad Targeting for Surveillance on a Budget - or - How Alice Can Buy Ads to Track Bob’, in Proceedings of the 2017 on Workshop on Privacy in the Electronic Society, Dallas, Texas, USA, 2017, pp. 153–164, doi: 10.1145/3139550.3139567.
[77]
S. Zhu, X. Hu, Z. Qian, Z. Shafiq, and H. Yin, ‘Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis’, in The Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA, Feb. 2018, doi: 10.14722/ndss.2018.23331.
[78]
S. Zimmeck, J. S. Li, H. Kim, S. M. Bellovin, and T. Jebara, ‘A Privacy Analysis of Cross-device Tracking’, in 26th USENIX Security Symposium, Vancouver, BC, Canada, Aug. 2017, p. 19.
[79]
S. Zuboff, The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power, 1 edition. New York: PublicAffairs, 2019.
[80]
C. Zuo, H. Wen, Z. Lin, and Y. Zhang, ‘Automatic Fingerprinting of Vulnerable BLE IoT Devices with Static UUIDs from Mobile Apps’, in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, United Kingdom, 2019, pp. 1469–1483, doi: 10.1145/3319535.3354240.