I am the senior privacy researcher at Brave
Software, where I work on new ways to improve privacy
and security on the web, and to measure the risk of new threats
to Brave browser users.
Before joining Brave, I worked on my PhD in the Computer Science department
at the University of Illinois at Chicago in the BITS Lab,
working under the kind and knowledgable guidance of Chris Kanich.
I research web security and privacy, including browser hardening techniques and
measuring how the growth of the Web API has impacted user privacy and security.
I use this research to build access control systems for browser functionally
and tools for deploying web applications that provide stronger
privacy and security guarantees for users.
Instructor for Software Design – UIC CS342
TA for Computer Networks – UIC CS450
PageGraph is an under-development, research effort to instrument Brave, blink and v8, to allow for complete attribution of document modifications, network requests, script execution, and privacy-relevant Web API accesses.
Fingerprinting Protection Improvements in Brave Browser
Improved the technique used to block fingerprinting related Web API methods
to reduce the impact on non-fingerprinting related code, and expanded the set
of blocked Web API methods to cover five more, previously allowed, methods used for fingerprinting users.
Web API Manager Browser Extension
WebExtension, cross-browser extension that allows users to improve their privacy and security online by controlling what
browser functionality web hosts have access to. Web API functionality access controls can be defined in general, or on
a per host level, and can allow, for example, only trusted hosts to have access to privacy-risky browser functionality like
high resolution timers, WebGL and WebRTC.
Webservice tool to measure and mitigate the frequency of plaintext password sharing in Gmail archives. The public
tool allows users to redact or encrypt-in-place found passwords. The site has had over 2,500 users and has
secured over 38,000 messages
CDF: Abstractions for Security Guarantees in Interactive Web Applications
Built client and server-side tools for implementing CDF, a document format for building dynamic,
interactive web applications that provide increased security and privacy guarantees for users of commodity web browsers.
Machine Learning for Automatic 8bit Song Generation
Library to write original NES chip-style soundtracks using a corpus of 39 classic NES games and machine learning.
Objective-C Dijkstra implementation
Library to perform Dijkstra in Objective-C (for iOS and OSX).
A Firefox extension to make dealing and developing form based applications easier. I just maintain it now, but wrote it back when I was doing web development work.