Profile picture
Arvind Narayanan @random_walker
, 15 tweets, 5 min read Read on Twitter
My team has been doing this research for six years and I’ve asked myself this question many, many times. Here are my thoughts.
First, we do need *some* academic research, because tracking techniques have gotten so tricky that you do need Ph.D.-level smarts (and time commitment) to uncover them. I’ve been fortunate to work with @s_englehardt and many other super smart people.
But the software that we built for this research, OpenWPM, is open source, and usable by anyone who can program. Many others have used it, but almost all academic researchers. Why? Who are the other entities who could be doing this, and why haven’t they? github.com/citp/OpenWPM
Let’s go through them one by one.

1. Investigative journalists should be doing this work, and some have, most notably @JuliaAngwin and her team. In fact, it was their What They Know series way back in 2010 that inspired me to start researching the topic! wsj.com/public/page/wh…
But the press could be doing *far* more. Why isn’t that happening? My guess: the financial troubles of journalism combined with inadequate tech expertise.
2. Civil liberties organizations should be doing this work, because web privacy isn’t just about harms to individuals — it’s about a functioning democracy.
I think the main impediment is again tech expertise. The EFF is the most notable exception. They’ve done good work in this space, especially Privacy Badger, but I’d love to see more from them and for more such org's to hire technologists. eff.org/privacybadger
3. Browser vendors should be doing this work, and their absence is conspicuous. Historically they’ve tried to be “neutral” on privacy, which I’ve criticized. This is starting to change (and we also have privacy-focused browsers like Brave).
Browsers shouldn't try to be neutral on privacy because neutrality is an illusion. randomwalker.info/publications/w…
4. The ad tech industry’s self regulatory agencies *could* do this work (in a slightly different hypothetical universe). There are a bunch of these organizations, but they are hilariously ineffective, even though some of them have competent tech people. wiki.appnexus.com/display/indust…
As always, self regulation only works if there is a threat of actual regulation. In the U.S., except for a brief window 5–6 years ago, that threat hasn’t existed. The obvious question is whether GDPR will change anything. Let’s wait and see.
To drive home the point, there are a bunch of self regulations that trackers are supposed to abide by, and most of the crap we’ve been uncovering would actually be permitted by these rules! Even in the rare cases when they aren’t, enforcement tends to be nonexistent.
5. What about actual regulators? The FTC has done some interesting research (petsymposium.org/2017/papers/is…), but their enforcement powers are minimal. They can only police a limited set of abuses, and only in the most egregious cases. ftc.gov/news-events/pr…
So there we have it. It’s a sorry state of affairs. Have I missed any other entities who could be doing the work of policing the web (or are actually doing it)?
On a poignant note, @s_englehardt will graduate next year (and won’t be in an academic research role); our capability to do this work at Princeton will be decimated. We’d love to partner with organizations to ensure that there will be regular web privacy scanning using OpenWPM.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Arvind Narayanan
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!