I am the senior privacy researcher at Brave Software, where I work on new ways to improve privacy and security on the web, and to measure the risk of new threats to Brave browser users.

Before joining Brave, I worked on my PhD in the Computer Science department at the University of Illinois at Chicago in the BITS Lab, working under the kind and knowledgable guidance of Chris Kanich.

Research Interests

I research web security and privacy, including browser hardening techniques and measuring how the growth of the Web API has impacted user privacy and security. I use this research to build access control systems for browser functionally and tools for deploying web applications that provide stronger privacy and security guarantees for users.

Publications

• Detecting Filter List Evasion With Event-Loop-Turn Granularity JavaScript Signatures
  1. Quan Chen
  2. Peter Snyder
  3. Benjamin Livshits
  4. Alexandros Kapravelos
  S&P 2021
  • arxiv
  • dataset
  • slides
• Who Filters the Filters: Understanding the Growth, Usefulness and Efficiency of Crowdsourced Ad Blocking
  1. Peter Snyder
  2. Antoine Vastel
  3. Benjamin Livshits
  SIGMETRICS 2020
  • arxiv
• Filter List Generation for Underserved Regions
  1. Alexander Sjosten
  2. Peter Snyder
  3. Antonio Pastor
  4. Panagiotis Papadopoulos
  5. Benjamin Livshits
  WWW 2020
  • arxiv
  • dataset
• Keeping Out the Masses: Understanding the Popularity and Implications of Internet Paywalls
  1. Panagiotis Papadopoulos
  2. Peter Snyder
  3. Benjamin Livshits
  WWW 2020
  • arxiv
• AdGraph: A Machine Learning Approach to Automatic and Effective Adblocking
  1. Umar Iqbal
  2. Peter Snyder
  3. Shitong Zhu
  4. Benjamin Livshits
  5. Zhiyun Qian
  6. Zubair Shafiq
  S&P 2020
  • pdf
  • blog post
• SpeedReader: Reader Mode Made Fast and Private
  1. Mohammad Ghasemisharif
  2. Peter Snyder
  3. Andrius Aucinas
  4. Benjamin Livshits
  WWW 2019
  • pdf
  • blog post
• Most Websites Don’t Need to Vibrate: A Cost–Benefit Approach to Improving Browser Security
  1. Peter Snyder
  2. Cynthia Taylor
  3. Chris Kanich
  CCS 2017
• Fifteen Minutes of Unwanted Fame: Detecting and Characterizing Doxing
  1. Peter Snyder
  2. Periwinkle Doerfler
  3. Chris Kanich
  4. Damon McCoy
  IMC 2017
  • code
  • slides
• CDF: Predictably Secure Web Documents
  1. Peter Snyder
  2. Laura Watiker
  3. Cynthia Taylor
  4. Chris Kanich
  ConPro 2017
  • code
  • slides
• Browser Feature Usage on the Modern Web
  1. Peter Snyder
  2. Lara Ansari
  3. Cynthia Taylor
  4. Chris Kanich
  IMC 2016
  • dataset
  • slides
• Characterizing Fraud and Its Ramifications in Affiliate Marketing Networks
  1. Peter Snyder
  2. Chris Kanich
  Journal of Cybersecurity 2016
  • journal listing
• The Effect of Repeated Login Prompts on Phishing Susceptibility
  1. Peter Snyder
  2. Michael K. Reiter
  3. Chris Kanich
  LASER 2016
  • slides
• No Please, After You: Detecting Fraud in Affiliate Marketing Networks
  1. Peter Snyder
  2. Chris Kanich
  WEIS 2015
  • slides
  • extended
• "I Saw Images I Didn't Even Know I Had": Understanding User Perceptions of Cloud Storage Privacy
  1. Jason Clark
  2. Peter Snyder
  3. Damon McCoy
  4. Chris Kanich
  CHI 2015
• Cloudsweeper and Data-Centric Security
  1. Peter Snyder
  2. Chris Kanich
  ACM SIGCAS Computers and Society 2014
• Cloudsweeper: Enabling Data-Centric Document Management for Secure Cloud Archives
  1. Peter Snyder
  2. Chris Kanich
  CCSW 2013

Blog Writing

• Brave, Fingerprinting, and Privacy Budgets 2019 Discussion of why a href="https://github.com/bslassey/privacy-budget">Google's Privacy Budget proposal for combating browser fingerprinting would not be effective, and what alternatives Brave is pursuing.
  1. Peter Snyder
  2. Ben Livshits
  • blog
• Privacy Anti-Patterns In Standards 2019 Description of several privacy-harming patterns observed as part of PING, the W3C's privacy review group, and how these anti-patterns make it difficult to protect user privacy on the web.
  1. Peter Snyder
  • blog
• Brave's Concerns with the Client-Hints Proposal 2019 Discussion of concerns with the proposed Client Hints standard, and why it would be harmful for web privacy.
  1. Peter Snyder
  2. Pranjal Jumde
  3. Tom Lowenthal
  4. Brian Clifton
  • blog
• Understanding Redirection-Based Tracking 2018 Blog post description research lead at Brave regarding the frequency and parties involved in bounce-tracking. Conducted as part of designing Brave's improvements to Safari's Intelligent Tracking Prevention 2.0.
  1. Peter Snyder
  2. Ben Livshits
  • blog
• The Mounting Cost of Stale Ad Blocking Rules 2018 Blog post describing research lead at Brave regarding the number and cost of the accumulation of stale rules in EasyList.
  1. Antoine Vastel
  2. Peter Snyder
  3. Ben Livshits
  • blog

Other Significant Writing

• Improving Web Privacy And Security with a Cost-Benefit Analysis of the Web API 2018 My thesis, presenting a thorough measurement of WebAPI use, and ways those findings can be used to better protect the privacy and security of web users. Written for the completion of my PhD.
  • slides
• Yao's Garbled Circuits: Recent Directions and Implementations 2014 Literature review of performance and security developments in using Yao's Protocol for secure function evaluation. Written for my degree's "Written Critique and Presentation" requirement.
  • slides

Teaching

• Instructor for Software Design – UIC CS342 2017
• TA for Computer Networks – UIC CS450 2017, 2015

Talks, Posters and Presentations

• Best-of-Breed Content Blocking in Brave: Three Projects to Improve the Depth, Breath, and Usefulness of Blocking at Scale invited talk MADWeb 2020
  • slides
• Brave, Fingerprinting, and Privacy on the Web invited talk CS253 - Web Security course at Stanford 2019
  • slides
  • video
• Privacy, Standards and Anti-Patterns invited talk PEARG at abbr title="Internet Engineering Task Force">IETF 2019
  • slides
• Brave, Privacy and Standards invited talk WWW, W3C Track 2019
  • slides
• Web Privacy Beyond Extensions: New Browsers Are Pursuing Deep Privacy Protections conference talk USENIX Enigma 2019
  • slides
• Browser Feature Usage on the Modern Web invited talk UIC SIG Security 2017
• Carnival of Privacy and Security Delights conference presentation
  1. Jason Archer
  2. Nathanael Bassett
  3. Peter Snyder
  AoIR 2016
  • announcement
• Doxing and the Dark Web: Detecting, Measuring and Addressing Malicious Information Disclosures Online invited talk Homewood-Flossmoor Science Pub 2016
  • announcement
• No Please, After You: Detecting Fraud in Affiliate Marketing Networks invited talk Department of Information Engineering at the CUHK, hosted by Prof. Zhang Kehuan 張克環教授 2015
  • slides
  • announcement
• No Please, After You: Detecting Fraud in Affiliate Marketing Networks invited talk DePaul University's Security Daemon's group 2015
  • slides
• One Thing Leads to Another: Credential Based Privilege Escalation poster CODASPY 2015
• Serving Two Masters: An Empirical Study of Browser API Cooptation Student Knowledge Exchange at Notre Dame 2015
  • slides
• Cloudsweeper: Enabling Data-Centric Document Management for Secure Cloud Archives poster GCASR 2014
• Surveillance Defense: Small Easy Steps for Security and Privacy invited talk The Media Consortium 2014
  • slides

Other Positions and Accomplishments

• I am Brave's AC member in the W3C.
• I co-chair PING, the group responsible for reviewing the privacy aspects of new web standards.
• Our paper on Web API security and privacy was a finalist in the CSAW’17 Applied Research Competition.
• I was a fellow in UIC's Electronic Security and Privacy IGERT.
• I organized a crypto reading group at UIC.
• I placed first as the Symantec Cyber Challenge Competition, held at UIC and hosted by the ESP-GERT program.
• I twice served as the president for the UIC computer science graduate student association.
• I advise TIMBY, a community investigating website and project, on web and application security issues.

Significant Programs and Code

• PageGraph PageGraph is an under-development, research effort to instrument Brave, blink and v8, to allow for complete attribution of document modifications, network requests, script execution, and privacy-relevant Web API accesses.
  • build instructions
• Fingerprinting Protection Improvements in Brave Browser Improved the technique used to block fingerprinting related Web API methods to reduce the impact on non-fingerprinting related code, and expanded the set of blocked Web API methods to cover five more, previously allowed, methods used for fingerprinting users.
  • improved feature blocking patch
  • blocking additional fingerprinting methods patch
  • fingerprinting bypasses
• Web API Manager Browser Extension WebExtension, cross-browser extension that allows users to improve their privacy and security online by controlling what browser functionality web hosts have access to. Web API functionality access controls can be defined in general, or on a per host level, and can allow, for example, only trusted hosts to have access to privacy-risky browser functionality like high resolution timers, WebGL and WebRTC.
  • firefox
  • chrome
  • code
• Cloudsweeper Webservice tool to measure and mitigate the frequency of plaintext password sharing in Gmail archives. The public tool allows users to redact or encrypt-in-place found passwords. The site has had over 2,500 users and has secured over 38,000 messages
• CDF: Abstractions for Security Guarantees in Interactive Web Applications Built client and server-side tools for implementing CDF, a document format for building dynamic, interactive web applications that provide increased security and privacy guarantees for users of commodity web browsers.
  • code
• Machine Learning for Automatic 8bit Song Generation Library to write original NES chip-style soundtracks using a corpus of 39 classic NES games and machine learning.
  • source
  • slides
• Objective-C Dijkstra implementation Library to perform Dijkstra in Objective-C (for iOS and OSX).
  • source
  • cocoapods
• FormBug A Firefox extension to make dealing and developing form based applications easier. I just maintain it now, but wrote it back when I was doing web development work.
  • source
  • firefox addon

Community Involvement

Venue	Position	Year
SIGCOMM CCR	External Reviewer	2020
MADWeb	PC Member	2020
WWW	PC Member	2020
CSAW	PC Member	2019
Journal of Cybersecurity	External Reviewer	2019
MADWeb	PC Member	2019
DTL Grants	Reviewer	2018
CSAW	PC Member	2018
CHI Late Breaking	External Reviewer	2018
USENIX Security	External Reviewer	2017
NDSS	External Reviewer	2017
S&P	External Reviewer	2016
CCS	External Reviewer	2016
CCS	External Reviewer	2015
NDSS	External Reviewer	2013

Non-CS Bits

• I was half of the Chicago chiptune band 🍒🍒💣.
• I sang and played guitar in a Chicago power-pop band called The Pleasure Centers.
• I volunteered tutoring Chicago high school students as part of the East Village Youth Program.
• Sometimes I record chiptune music solo.
• A while back I played in a LOST-themed band called Sonic Weapon Fence.