I am the senior privacy researcher at Brave Software,
where I work on new ways to improve privacy and security on the web,
and to measure the risk of new threats to Brave browser users.
Before joining Brave, I worked on my PhD in the Computer Science department
at the University of Illinois at Chicago in the BITS Lab,
working under the kind and knowledgable guidance of Chris Kanich.
I research web security and privacy, including browser hardening techniques and
measuring how the growth of the Web API has impacted user privacy and security.
I use this research to build access control systems for browser functionally
and tools for deploying web applications that provide stronger
privacy and security guarantees for users.
- I Scanned the Websites I Visit with Blacklight, and It’s Horrifying. Now What?TheMarkupSep 22, 2020news
- Google Is Working On A New Web Standard Called WebBundles Which Is Dangerous To The Privacy Of Internet Users, Security Researchers WarnedDigital Information WorldSep 01, 2020news
- Brave Takes Brave Stand Against Google's Plan to Turn Websites into Ad-Blocker-Thwarting Web BundlesThe RegisterAug 27, 2020news
- Google’s New Web Standard Could Disable Your Ad-BlockerTechRadarAug 27, 2020news
- The Battle for Your Privacy on the Web With Pete SnyderSoftware SessionsAug 12, 2020podcast
- Google's Plan for Chrome Capability has a Big Security RiskC|NetJul 29, 2020news
- Aggrieved Ad Tech Types Decry Google Dominance in W3C Standards – Who Writes the Rules and for Whom?The RegisterJul 17, 2020news
- FYI: Your Browser can pick up Ultrasonic Signals You Can't Hear, and That Sounds Like a Privacy Nightmare to SomeThe RegisterMay 07, 2020news
- Google Chrome 80 Released With Controversial Deep Linking UpgradeForbesFeb 23, 2020news
- Chrome Deploys Deep-Linking Tech in Latest Browser Build Despite Privacy ConcernsThe RegisterFeb 20, 2020news
- Google's Second Stab at Preserving Both Privacy and Ad Revenue Draws FireThe RegisterFeb 10, 2020news
- If You Want an Example of How User Concerns do not Drive Software Development, Check Out This Google-backed APIThe RegisterDec 06, 2019news
- Protecting Your Online PrivacyScience FridayDec 01, 2017radio
- Why People Ruin Others’ Lives by Exposing All Their Data OnlineNewScientistNov 13, 2017news
- First Large-Scale Doxing Study Reveals Motivations and Targets for Cyber BullyingScienceDailyNov 07, 2017news
- Gotta Have Standards? Security Boffins not API about Bloated BrowsersThe RegisterOct 24, 2017news
- Privacy on the Modern WebThe ProvocateurJul 31, 2017podcast
- Global Privacy Control, a new Privacy Standard Proposal, now Available in Brave’s Desktop and Android Testing Versions
- Peter Snyder
- Anton Lazarev
Brave BlogOct 07, 2020 - WebBundles Harmful to Content Blocking, Security Tools, and the Open Web (Standards Updates #2)
- Peter Snyder
Brave BlogAug 25, 2020 - What’s Brave Done For My Privacy Lately #5: Grab Bag
- François Marier
- Pranjal Jumde
- Ivan Efremov
- Peter Snyder
Brave BlogJul 20, 2020 - What’s Brave Done For My Privacy Lately? Episode #4: Fingerprinting Defenses 2.0
- Peter Snyder
- Brian Johnson
- Ben Livshits
Brave BlogMay 18, 2020 - What’s Brave Done For My Privacy Lately? Episode #3: Fingerprint Randomization
- Mark Pilgrim
- Peter Snyder
- Ben Livshits
Brave BlogMay 05, 2020 - What’s Brave Done For My Privacy Lately? Episode #2: Third-Party Cosmetic Filtering
- Anton Lazarev
- Andrius Aucinas
- Peter Snyder
- Pete Miller
Brave BlogFeb 20, 2020 - What’s Brave Done For My Privacy Lately-Episode #1: Web Resource Replacements
- Anton Lazarev
- Andrius Aucinas
- Brian Bondy
- Peter Snyder
Brave BlogJan 23, 2020 - Brave, Fingerprinting, and Privacy Budgets
- Peter Snyder
- Ben Livshits
Brave BlogDec 06, 2019 - Privacy Anti-Patterns In Standards
- Peter Snyder
W3C BlogJun 12, 2019 - Brave's Concerns with the Client-Hints Proposal
- Peter Snyder
- Pranjal Jumde
- Tom Lowenthal
- Brian Clifton
Brave BlogMay 09, 2019 - Understanding Redirection-Based Tracking
- Peter Snyder
- Ben Livshits
Brave BlogAug 12, 2018 - The Mounting Cost of Stale Ad Blocking Rules
- Antoine Vastel
- Peter Snyder
- Ben Livshits
Brave BlogJul 18, 2018
-
Instructor for Software Design – UIC CS342
2017
-
TA for Computer Networks – UIC CS450
2017,
2015
-
Best-of-Breed
Content Blocking in Brave: Three Projects to Improve the Depth, Breath, and Usefulness of Blocking
at Scale
invited talk
MADWeb
2020
-
Brave, Fingerprinting, and Privacy on the Web
invited talk
CS253 - Web Security course at Stanford
2019
-
Privacy, Standards and Anti-Patterns
invited talk
PEARG
at IETF
2019
-
Brave, Privacy and Standards
invited talk
WWW, W3C Track
2019
-
Web Privacy Beyond Extensions: New Browsers Are Pursuing Deep Privacy Protections
conference talk
USENIX Enigma
2019
-
Browser Feature Usage on the Modern Web
invited talk
UIC SIG Security
2017
-
Carnival of Privacy and Security Delights
conference presentation
- Jason Archer
- Nathanael Bassett
- Peter Snyder
AoIR
2016
-
Doxing and the Dark Web: Detecting, Measuring and Addressing Malicious Information Disclosures Online
invited talk
Homewood-Flossmoor Science Pub
2016
-
No Please, After You: Detecting Fraud in Affiliate Marketing Networks
invited talk
Department of Information Engineering at the CUHK,
hosted by Prof. Zhang Kehuan 張克環教授
2015
-
No Please, After You: Detecting Fraud in Affiliate Marketing Networks
invited talk
DePaul University's Security Daemon's group
2015
-
One Thing Leads to Another: Credential Based Privilege Escalation
poster
CODASPY
2015
-
Serving Two Masters: An Empirical Study of Browser API Cooptation
Student Knowledge Exchange at Notre Dame
2015
-
Cloudsweeper:
Enabling Data-Centric Document Management for Secure Cloud Archives
poster
GCASR
2014
-
Surveillance Defense: Small Easy Steps for Security and Privacy
invited talk
The Media Consortium
2014
-
PageGraph
PageGraph is an under-development, research effort to instrument Brave, blink and v8, to allow
for complete attribution of document modifications, network requests, script execution, and privacy-relevant
Web API accesses.
-
Fingerprinting Protection Improvements in Brave Browser
Improved the technique used to block fingerprinting related Web API methods
to reduce the impact on non-fingerprinting related code, and expanded the set
of blocked Web API methods to cover five more, previously allowed, methods used for
fingerprinting users.
-
Web API Manager Browser Extension
WebExtension, cross-browser extension that allows users to improve their privacy and security
online by controlling what browser functionality web hosts have access to. Web API functionality access controls can be
defined in general, or on a per host level, and can allow, for example, only trusted hosts to have access to privacy-risky
browser functionality like high resolution timers, WebGL and WebRTC.
-
Cloudsweeper
Webservice tool to measure and mitigate the frequency of plaintext password sharing in Gmail
archives. The public tool allows users to redact or encrypt-in-place found passwords. The site has had over 2,500
users and has secured over 38,000 messages
-
CDF: Abstractions for
Security Guarantees in Interactive Web Applications
Built client and server-side tools for implementing CDF, a document format for building dynamic,
interactive web applications that provide increased security and privacy guarantees for users of
commodity
web browsers.
-
Machine
Learning for Automatic 8bit Song Generation
Library to write original NES chip-style soundtracks using a corpus of 39 classic NES games and
machine learning.
-
Objective-C Dijkstra implementation
Library to perform Dijkstra in Objective-C (for iOS and OSX).
-
FormBug
A Firefox extension to make dealing and developing form based applications easier. I just
maintain it now, but wrote it back when I was doing web development work.
