I am the senior privacy researcher at Brave Software, where I work on new ways to improve privacy and security on the Web, and to fix new threats to Brave browser users. I work under Hamed Haddadi, Ben Livshits, Brendan Eich and alongside a wonderful team of researchers, engineers and privacy experts.

I also co-chair PING, the group in the W3C that reviews spec proposals for privacy risks and concerns.

I also advise and support privacy groups and projects. Currently I am an advisor for the TIMBY project, a start up building private and secure reporting software for workers, journalists, and activists.

Before joining Brave, I worked on my PhD in the Computer Science department at the University of Illinois at Chicago in the BITS Lab, working under the kind and knowledgeable guidance of Chris Kanich.

Publications

Popular Press

Significant Writing

Blogging

Teaching

  • Instructor for Software Design - UIC CS342 2017
  • Teaching Assistant for Computer Networks - UIC CS450 2017, 2015

Selected Talks

Significant Programs and Code

  • Brave Browser PRs Features and bugfixes I've added to the Brave browser while working at Brave.
  • Fingerprinting Protections additional APIs hardening technique change Improved the technique used to block fingerprinting related Web API methods to reduce the impact on non-fingerprinting related code, and expanded the set of blocked Web API methods to cover five more, previously allowed, methods used for fingerprinting users.
  • Web API Manager Browser Extension chrome firefox source WebExtension, cross-browser extension that allows users to improve their privacy and security online by controlling what browser functionality web hosts have access to. Web API functionality access controls can be defined in general, or on a per host level, and can allow, for example, only trusted hosts to have access to privacy-risky browser functionality like high resolution timers, WebGL and WebRTC.
  • CDF: Abstractions for Security Guarantees in Interactive Web Applications paper source Built client and server-side tools for implementing CDF, a document format for building dynamic, interactive web applications that provide increased security and privacy guarantees for users of commodity web browsers.
  • FormBug firefox source A Firefox extension to make dealing and developing form based applications easier. I just maintain it now, but wrote it back when I was doing web development work.
  • Dijkstra's Algorithm (Objective-C implementation) cocoapods source Library to perform Dijkstra in Objective-C (for iOS and OSX).
  • Cloudsweeper paper source Web app to measure and mitigate the frequency of plaintext password sharing in Gmail archives. The public tool allows users to redact or encrypt-in-place found passwords. The site has had over 2,500 users and has secured over 38,000 messages
  • Machine Learning for Automatic 8bit Song Generation slides (ppt) source Library to write original NES chip-style soundtracks using a corpus of 39 classic NES games and machine learning.

Community Involvement

Venue Position
2024
USENIX Security PC Member
S&P PC Member
PEPR PC Member
MADWeb PC Member
2023
USENIX Security PC Member
S&P PC Member
MADWeb PC Member
2022
USENIX Security PC Member
WWW PC Member
PEPR PC Member
MADWeb PC Member
2021
USENIX Security PC Member
CCS PC Member
MADWeb PC Member
WWW PC Member
2020
SIGCOMM CCR External Reviewer
MADWeb PC Member
WWW PC Member
2019
CSAW PC Member
Journal of Cybersecurity External Reviewer
MADWeb PC Member
2018
DTL Grants Reviewer
CSAW PC Member
CHI Late Breaking External Reviewer
2017
USENIX Security External Reviewer
NDSS External Reviewer
2016
S&P External Reviewer
CCS External Reviewer
2015
CCS External Reviewer
2013
NDSS External Reviewer

Positions and Accomplishments

Misc. Bits