Peter Snyder - Senior Privacy Researcher and Director of Privacy, Brave Software

I am the senior privacy researcher at Brave Software, where I work on new ways to improve privacy and security on the Web, and to fix new threats to Brave browser users. I work under Hamed Haddadi, Ben Livshits, Brendan Eich and alongside a wonderful team of researchers, engineers and privacy experts.

I also co-chair PING, the group in the W3C that reviews spec proposals for privacy risks and concerns.

I also advise and support privacy groups and projects. Currently I am an advisor for the TIMBY project, a start up building private and secure reporting software for workers, journalists, and activists.

Before joining Brave, I worked on my PhD in the Computer Science department at the University of Illinois at Chicago in the BITS Lab, working under the kind and knowledgeable guidance of Chris Kanich.

Publications

Measuring the Privacy vs. Compatibility Trade-off in Preventing Third-Party Stateful Tracking
1. Jordan Jueckstock
2. Peter Snyder
3. Shaown Sarker
4. Alexandros Kapravelos
5. Ben Livshits
WWW 2022 arxiv
SugarCoat: Programmatically Generating Privacy-Preserving, Web-Compatible Resource Replacements for Content Blocking
1. Michael Smith
2. Peter Snyder
3. Ben Livshits
4. Deian Stefan
CCS 2021 code dataset
Towards Realistic and Reproducible Web Crawl Measurements
1. Jordan Jueckstock
2. Shaown Sarker
3. Peter Snyder
4. Aidan Beggs
5. Panagiotis Papadopoulos
6. Matteo Varvello
7. Ben Livshits
8. Alexandros Kapravelos
WWW 2021 arxiv code dataset
Detecting Filter List Evasion With Event-Loop-Turn Granularity JavaScript Signatures
1. Quan Chen
2. Peter Snyder
3. Ben Livshits
4. Alexandros Kapravelos
S&P 2021 arxiv dataset slides
Who Filters the Filters: Understanding the Growth, Usefulness and Efficiency of Crowdsourced Ad Blocking
1. Peter Snyder
2. Antoine Vastel
3. Ben Livshits
SIGMETRICS 2020 arxiv slides
Filter List Generation for Underserved Regions
1. Alexander Sjosten
2. Peter Snyder
3. Antonio Pastor
4. Panagiotis Papadopoulos
5. Ben Livshits
WWW 2020 arxiv dataset
Keeping Out the Masses: Understanding the Popularity and Implications of Internet Paywalls
1. Panagiotis Papadopoulos
2. Peter Snyder
3. Dimitrios Athanasakis
4. Ben Livshits
WWW 2020 arxiv
AdGraph: A Machine Learning Approach to Automatic and Effective Adblocking
1. Umar Iqbal
2. Peter Snyder
3. Shitong Zhu
4. Ben Livshits
5. Zhiyun Qian
6. Zubair Shafiq
S&P 2020 arxiv blog
SpeedReader: Reader Mode Made Fast and Private
1. Mohammad Ghasemisharif
2. Peter Snyder
3. Andrius Aucinas
4. Ben Livshits
WWW 2019 arxiv
Most Websites Don’t Need to Vibrate: A Cost–Benefit Approach to Improving Browser Security
1. Peter Snyder
2. Cynthia Taylor
3. Chris Kanich
CCS 2017 code slides
Fifteen Minutes of Unwanted Fame: Detecting and Characterizing Doxing
1. Peter Snyder
2. Periwinkle Doerfler
3. Chris Kanich
4. Damon McCoy
IMC 2017 code slides
CDF: Predictably Secure Web Documents
1. Peter Snyder
2. Laura Watiker
3. Cynthia Taylor
4. Chris Kanich
ConPro 2017 code slides
Browser Feature Usage on the Modern Web
1. Peter Snyder
2. Lara Ansari
3. Cynthia Taylor
4. Chris Kanich
IMC 2016 dataset slides slides (keynote)
Characterizing Fraud and Its Ramifications in Affiliate Marketing Networks
1. Peter Snyder
2. Chris Kanich
Journal of Cybersecurity 2016 journal listing
The Effect of Repeated Login Prompts on Phishing Susceptibility
1. Peter Snyder
2. Michael K. Reiter
3. Chris Kanich
LASER 2016 slides slides (keynote)
No Please, After You: Detecting Fraud in Affiliate Marketing Networks
1. Peter Snyder
2. Chris Kanich
WEIS 2015 extended slides
"I Saw Images I Didn't Even Know I Had": Understanding User Perceptions of Cloud Storage Privacy
1. Jason Clark
2. Peter Snyder
3. Damon McCoy
4. Chris Kanich
CHI 2015
Cloudsweeper and Data-Centric Security
1. Peter Snyder
2. Chris Kanich
ACM SIGCAS Computers and Society 2014 listing
Cloudsweeper: Enabling Data-Centric Document Management for Secure Cloud Archives
1. Peter Snyder
2. Chris Kanich
CCSW 2013

Popular Press

Global Privacy Control Popularity Grows as Legal Status Up in Air Bloomberg Law Dec 21, 2021 news
Tool protects users' private data while they browse National Science Foundation Dec 14, 2021 news
Internet Advertising Is About to Change. Here's What Consumers Need to Know. Consumer Reports Nov 08, 2021 news
Google’s vague privacy cure-all is showing up in new proposals, but some say it could break the internet DigiDay Aug 30, 2021 news
The incredibly sneaky way websites sidestep privacy tools to spy on you Fast Company Aug 12, 2021 news
Concern trolls and power grabs: Inside Big Tech’s angry, geeky, often petty war for your privacy Protocol Jul 13, 2021 news
Ad Blockers with Pete Snyder Technical Marketing Handbook Jul 13, 2021 podcast
Google pledges not to build backdoors in FLoC but not everyone's convinced AndroidCentral Jun 02, 2021 news
We Checked 250 iPhone Apps—This Is How They’re Tracking You The WireCutter (NYT) May 06, 2021 news
Google and the Age of Privacy Theater Wired Mar 18, 2021 news
What's Up with the Apple App Store's Privacy Changes? TheMarkup Mar 16, 2021 news
How Apple, Google, and other browser makers are quietly duking it out over the future of the web Business Insider Dec 22, 2020 news
Google Chrome's crackdown on ad blockers and browser extensions, Manifest v3, is now available in beta The Register Dec 10, 2020 news
The digital switch that blocks all websites from selling your personal data DigitalTrends Nov 23, 2020 news
I Scanned the Websites I Visit with Blacklight, and It’s Horrifying. Now What? TheMarkup Sep 22, 2020 news
Google Is Working On A New Web Standard Called WebBundles Which Is Dangerous To The Privacy Of Internet Users, Security Researchers Warned Digital Information World Sep 01, 2020 news
Brave Takes Brave Stand Against Google's Plan to Turn Websites into Ad-Blocker-Thwarting Web Bundles The Register Aug 27, 2020 news
Google’s New Web Standard Could Disable Your Ad-Blocker TechRadar Aug 27, 2020 news
The Battle for Your Privacy on the Web With Pete Snyder Software Sessions Aug 12, 2020 podcast
Google's Plan for Chrome Capability has a Big Security Risk C|Net Jul 29, 2020 news
Aggrieved Ad Tech Types Decry Google Dominance in W3C Standards – Who Writes the Rules and for Whom? The Register Jul 17, 2020 news
FYI: Your Browser can pick up Ultrasonic Signals You Can't Hear, and That Sounds Like a Privacy Nightmare to Some The Register May 07, 2020 news
What the FLoC? Browser makers queue up to decry Google's latest ad-targeting initiative as invasive tracking The Register Apr 14, 2020 news
Google Chrome 80 Released With Controversial Deep Linking Upgrade Forbes Feb 23, 2020 news
Chrome Deploys Deep-Linking Tech in Latest Browser Build Despite Privacy Concerns The Register Feb 20, 2020 news
Google's Second Stab at Preserving Both Privacy and Ad Revenue Draws Fire The Register Feb 10, 2020 news
If You Want an Example of How User Concerns do not Drive Software Development, Check Out This Google-backed API The Register Dec 06, 2019 news
Protecting Your Online Privacy Science Friday Dec 01, 2017 radio
Why People Ruin Others’ Lives by Exposing All Their Data Online NewScientist Nov 13, 2017 news
First Large-Scale Doxing Study Reveals Motivations and Targets for Cyber Bullying ScienceDaily Nov 07, 2017 news
Gotta Have Standards? Security Boffins not API about Bloated Browsers The Register Oct 24, 2017 news
Privacy on the Modern Web The Provocateur Jul 31, 2017 podcast

Significant Writing

W3C Security and Privacy Questionnaire 2022 source (bikeshed)
1. Theresa O’Connor
2. Peter Snyder
W3C guidance document for specification authors, on how to identify and mitigate privacy and security risks in Web standards proposals.
Global Privacy Control (GPC) 2021 source (html) website
1. Robin Berjon
2. Sebastian Zimmeck
3. Ashkan Soltani
4. David Harbage
5. Peter Snyder
Proposed spec to allow browser users to assert legal privacy rights in a privacy preserving manner.
Improving Web Privacy And Security with a Cost-Benefit Analysis of the Web API 2018 slides (pdf) source (latex) My thesis, presenting a thorough measurement of WebAPI use, and ways those findings can be used to better protect the privacy and security of web users. Written for the completion of my PhD.
Yao's Garbled Circuits: Recent Directions and Implementations 2014 slides (pdf) source (latex) Literature review of performance and security developments in using Yao's Protocol for secure function evaluation. Written for my degree's "Written Critique and Presentation" requirement.

Blogging

Privacy Feature Updates in Brave (Blog Series)
1. Peter Snyder
2. various others
Brave Blog Dec 15, 2021 Blog series of updates on new privacy features in Brave, and new privacy concerns Brave targets.
Why Brave Disables FLoC
1. Peter Snyder
2. Brendan Eich
Brave Blog Apr 12, 2021 Description of the privacy harms and categorical errors in Google's FLoC proposal.
Global Privacy Control, a new Privacy Standard Proposal, now Available in Brave’s Desktop and Android Testing Versions
1. Peter Snyder
2. Anton Lazarev
WebStandards@Brave Oct 07, 2020 Brave authors and implements a new proposal for opting users out of online tracking.
WebBundles Harmful to Content Blocking, Security Tools, and the Open Web
1. Peter Snyder
WebStandards@Brave Aug 25, 2020 WebBundles are extremely bad for researchers, blocking tools, and folks hoping to preserve a user-editable web.
Brave, Fingerprinting, and Privacy Budgets
1. Peter Snyder
2. Ben Livshits
WebStandards@Brave Dec 06, 2019 Discussion of why Google's Privacy Budget proposal for combating browser fingerprinting would not be effective, and what alternatives Brave is pursuing.
Privacy Anti-Patterns In Standards
1. Peter Snyder
W3C Blog Jun 12, 2019 Description of several privacy-harming patterns observed as part of PING, the W3C's privacy review group, how these anti-patterns make it difficult to protect user privacy on the web.
Brave's Concerns with the Client-Hints Proposal
1. Peter Snyder
2. Pranjal Jumde
3. Tom Lowenthal
4. Brian Clifton
WebStandards@Brave May 09, 2019 Discussion of concerns with the proposed Client Hints standard, and why it would be harmful for web privacy.
Understanding Redirection-Based Tracking
1. Peter Snyder
2. Ben Livshits
Brave Blog Aug 12, 2018 Blog post description research lead at Brave regarding the frequency and parties involved in bounce-tracking. Conducted as part of designing Brave's improvements to Safari's Intelligent Tracking Prevention 2.0.
The Mounting Cost of Stale Ad Blocking Rules
1. Antoine Vastel
2. Peter Snyder
3. Ben Livshits
Brave Blog Jul 18, 2018 Blog post describing research lead at Brave regarding the number and cost of the accumulation of stale rules in EasyList.

Teaching

Instructor for Software Design - UIC CS342 2017
Teaching Assistant for Computer Networks - UIC CS450 2017, 2015

Selected Talks

Online Tracking, What Can Be Done About it, and Who’s Doing it CS253 - Web Security @ Stanford 2021 invited talk slides (keynote) slides (pdf)
Improving the Coverage and Compatibility of Web Content Blocking in Brave Browsers Stanford Security Lunch 2021 invited talk
Best-of-Breed Content Blocking in Brave: Three Projects to Improve the Depth, Breath, and Usefulness of Blocking at Scale MADWeb 2020 invited talk slides (pdf)
Brave, Fingerprinting, and Privacy on the Web CS253 - Web Security @ Stanford 2019 invited talk slides (pdf) video
Privacy, Standards and Anti-Patterns PEARG 2019 invited talk slides (pdf)
Brave, Privacy and Standards WWW 2019 invited talk slides (pdf)
Web Privacy Beyond Extensions: New Browsers Are Pursuing Deep Privacy Protections USENIX Enigma 2019 conference talk slides (pdf)
No Please, After You: Detecting Fraud in Affiliate Marketing Networks Department of Information Engineering at Chinese University of Hong Kong 2015 invited talk slides (pdf)

Significant Programs and Code

Brave Browser 2022 PRs Features and bugfixes I've added to the Brave browser while working at Brave.
Fingerprinting Protections 2021 additional APIs hardening technique change Improved the technique used to block fingerprinting related Web API methods to reduce the impact on non-fingerprinting related code, and expanded the set of blocked Web API methods to cover five more, previously allowed, methods used for fingerprinting users.
Web API Manager Browser Extension 2019 chrome firefox source WebExtension, cross-browser extension that allows users to improve their privacy and security online by controlling what browser functionality web hosts have access to. Web API functionality access controls can be defined in general, or on a per host level, and can allow, for example, only trusted hosts to have access to privacy-risky browser functionality like high resolution timers, WebGL and WebRTC.
CDF: Abstractions for Security Guarantees in Interactive Web Applications 2017 paper source Built client and server-side tools for implementing CDF, a document format for building dynamic, interactive web applications that provide increased security and privacy guarantees for users of commodity web browsers.
FormBug 2015 firefox source A Firefox extension to make dealing and developing form based applications easier. I just maintain it now, but wrote it back when I was doing web development work.
Dijkstra's Algorithm (Objective-C implementation) 2014 cocoapods source Library to perform Dijkstra in Objective-C (for iOS and OSX).
Cloudsweeper 2013 paper source Web app to measure and mitigate the frequency of plaintext password sharing in Gmail archives. The public tool allows users to redact or encrypt-in-place found passwords. The site has had over 2,500 users and has secured over 38,000 messages
Machine Learning for Automatic 8bit Song Generation 2013 slides (ppt) source Library to write original NES chip-style soundtracks using a corpus of 39 classic NES games and machine learning.

Community Involvement

Venue	Position	Year
MADWeb	PC Member	2022
WWW	PC Member	2022
USENIX Security	PC Member	2022
USENIX Security	PC Member	2021
CCS	PC Member	2021
MADWeb	PC Member	2021
WWW	PC Member	2021
SIGCOMM CCR	External Reviewer	2020
MADWeb	PC Member	2020
WWW	PC Member	2020
CSAW	PC Member	2019
Journal of Cybersecurity	External Reviewer	2019
MADWeb	PC Member	2019
DTL Grants	Reviewer	2018
CSAW	PC Member	2018
CHI Late Breaking	External Reviewer	2018
USENIX Security	External Reviewer	2017
NDSS	External Reviewer	2017
S&P	External Reviewer	2016
CCS	External Reviewer	2016
CCS	External Reviewer	2015
NDSS	External Reviewer	2013

Positions and Accomplishments

I am Brave's AC member in the W3C.
I did an Reddit AMA about privacy and Brave.
I co-chair PING, the group responsible for reviewing the privacy aspects of new web standards.
Our paper on Web API security and privacy was a finalist in the CSAW’17 Applied Research Competition.
I was a fellow in UIC's Electronic Security and Privacy IGERT.
I organized a crypto reading group at UIC.
I placed first as the Symantec Cyber Challenge Competition, held at UIC.
I twice served as the president for the UIC computer science graduate student association.
I advise TIMBY, a community investigating website and project, on web and application security issues.

Misc. Bits

I was invited to be on the Judge Judy show once.
I was half of the Chicago chiptune band 🍒🍒💣.
I sang and played guitar in a Chicago power-pop band called The Pleasure Centers.
A while back I played in a LOST-themed band called Sonic Weapon Fence.
Sometimes I record chiptune music solo.
Before it closed, I volunteered tutoring Chicago high school students as part of the East Village Youth Program.

Peter Snyder Senior Privacy Researcher and Director of Privacy at Brave Software