I am the senior privacy researcher at Brave Software,
where I work on new ways to improve privacy and security on the web,
and to measure the risk of new threats to Brave browser users.
Before joining Brave, I worked on my PhD in the Computer Science department
at the University of Illinois at Chicago in the BITS Lab,
working under the kind and knowledgable guidance of Chris Kanich.
I research web security and privacy, including browser hardening techniques and
measuring how the growth of the Web API has impacted user privacy and security.
I use this research to build access control systems for browser functionally
and tools for deploying web applications that provide stronger
privacy and security guarantees for users.
Instructor for Software Design – UIC CS342
TA for Computer Networks – UIC CS450
Content Blocking in Brave: Three Projects to Improve the Depth, Breath, and Usefulness of Blocking
and Privacy on the Web
CS253 - Web Security course at Stanford
Standards and Anti-Patterns
at abbr title="Internet Engineering Task Force">IETF
WWW, W3C Track
Privacy Beyond Extensions: New Browsers Are Pursuing Deep Privacy Protections
Browser Feature Usage on the Modern Web
UIC SIG Security
Carnival of Privacy and Security Delights
- Jason Archer
- Nathanael Bassett
- Peter Snyder
Doxing and the Dark Web: Detecting, Measuring and Addressing Malicious
Information Disclosures Online
Homewood-Flossmoor Science Pub
No Please, After You: Detecting Fraud in Affiliate Marketing
Department of Information Engineering at the CUHK,
hosted by Prof. Zhang Kehuan 張克環教授
No Please, After You: Detecting Fraud in Affiliate Marketing Networks
DePaul University's Security Daemon's group
One Thing Leads to Another: Credential Based Privilege Escalation
Serving Two Masters: An Empirical Study of Browser API Cooptation
Student Knowledge Exchange at Notre Dame
Enabling Data-Centric Document Management for Secure Cloud Archives
Defense: Small Easy Steps for Security and Privacy
The Media Consortium
PageGraph is an under-development, research effort to instrument Brave, blink and v8, to allow
for complete attribution of document modifications, network requests, script execution, and privacy-relevant
Web API accesses.
Fingerprinting Protection Improvements in Brave Browser
Improved the technique used to block fingerprinting related Web API methods
to reduce the impact on non-fingerprinting related code, and expanded the set
of blocked Web API methods to cover five more, previously allowed, methods used for
Web API Manager Browser Extension
WebExtension, cross-browser extension that allows users to improve their privacy and security
online by controlling what browser functionality web hosts have access to. Web API functionality access controls can be
defined in general, or on a per host level, and can allow, for example, only trusted hosts to have access to privacy-risky
browser functionality like high resolution timers, WebGL and WebRTC.
Webservice tool to measure and mitigate the frequency of plaintext password sharing in Gmail
archives. The public tool allows users to redact or encrypt-in-place found passwords. The site has had over 2,500
users and has secured over 38,000 messages
CDF: Abstractions for
Security Guarantees in Interactive Web Applications
Built client and server-side tools for implementing CDF, a document format for building dynamic,
interactive web applications that provide increased security and privacy guarantees for users of
Learning for Automatic 8bit Song Generation
Library to write original NES chip-style soundtracks using a corpus of 39 classic NES games and
Objective-C Dijkstra implementation
Library to perform Dijkstra in Objective-C (for iOS and OSX).
A Firefox extension to make dealing and developing form based applications easier. I just
maintain it now, but wrote it back when I was doing web development work.