I am the senior privacy researcher at Brave Software, where I work on new ways to improve privacy and security on the Web, and to fix new threats to Brave browser users. I work under Hamed Haddadi, Ben Livshits, Brendan Eich and alongside a wonderful team of researchers, engineers and privacy experts.

I also co-chair PING, the group in the W3C that reviews spec proposals for privacy risks and concerns.

I also advise and support privacy groups and projects. Currently I am an advisor for the TIMBY project, a start up building private and secure reporting software for workers, journalists, and activists.

Before joining Brave, I worked on my PhD in the Computer Science department at the University of Illinois at Chicago in the BITS Lab, working under the kind and knowledgeable guidance of Chris Kanich.

Publications

Popular Press

Significant Writing

Blogging

Teaching

  • Instructor for Software Design - UIC CS342 2017
  • Teaching Assistant for Computer Networks - UIC CS450 2017, 2015

Selected Talks

Significant Programs and Code

  • Brave Browser PRs Features and bugfixes I've added to the Brave browser while working at Brave.
  • Fingerprinting Protections additional APIs hardening technique change Improved the technique used to block fingerprinting related Web API methods to reduce the impact on non-fingerprinting related code, and expanded the set of blocked Web API methods to cover five more, previously allowed, methods used for fingerprinting users.
  • Web API Manager Browser Extension chrome firefox source WebExtension, cross-browser extension that allows users to improve their privacy and security online by controlling what browser functionality web hosts have access to. Web API functionality access controls can be defined in general, or on a per host level, and can allow, for example, only trusted hosts to have access to privacy-risky browser functionality like high resolution timers, WebGL and WebRTC.
  • CDF: Abstractions for Security Guarantees in Interactive Web Applications paper source Built client and server-side tools for implementing CDF, a document format for building dynamic, interactive web applications that provide increased security and privacy guarantees for users of commodity web browsers.
  • FormBug firefox source A Firefox extension to make dealing and developing form based applications easier. I just maintain it now, but wrote it back when I was doing web development work.
  • Dijkstra's Algorithm (Objective-C implementation) cocoapods source Library to perform Dijkstra in Objective-C (for iOS and OSX).
  • Cloudsweeper paper source Web app to measure and mitigate the frequency of plaintext password sharing in Gmail archives. The public tool allows users to redact or encrypt-in-place found passwords. The site has had over 2,500 users and has secured over 38,000 messages
  • Machine Learning for Automatic 8bit Song Generation slides (ppt) source Library to write original NES chip-style soundtracks using a corpus of 39 classic NES games and machine learning.

Community Involvement

Venue Position Year
USENIX Security PC Member 2024
S&P PC Member 2024
USENIX Security PC Member 2023
S&P PC Member 2023
MADWeb PC Member 2023
USENIX Security PC Member 2022
WWW PC Member 2022
PEPR PC Member 2022
MADWeb PC Member 2022
USENIX Security PC Member 2021
CCS PC Member 2021
MADWeb PC Member 2021
WWW PC Member 2021
SIGCOMM CCR External Reviewer 2020
MADWeb PC Member 2020
WWW PC Member 2020
CSAW PC Member 2019
Journal of Cybersecurity External Reviewer 2019
MADWeb PC Member 2019
DTL Grants Reviewer 2018
CSAW PC Member 2018
CHI Late Breaking External Reviewer 2018
USENIX Security External Reviewer 2017
NDSS External Reviewer 2017
S&P External Reviewer 2016
CCS External Reviewer 2016
CCS External Reviewer 2015
NDSS External Reviewer 2013

Positions and Accomplishments

Misc. Bits