Profile picture
Arvind Narayanan @random_walker
, 15 tweets, 5 min read Read on Twitter
My team has been doing this research for six years and I’ve asked myself this question many, many times. Here are my thoughts.
First, we do need *some* academic research, because tracking techniques have gotten so tricky that you do need Ph.D.-level smarts (and time commitment) to uncover them. I’ve been fortunate to work with @s_englehardt and many other super smart people.
But the software that we built for this research, OpenWPM, is open source, and usable by anyone who can program. Many others have used it, but almost all academic researchers. Why? Who are the other entities who could be doing this, and why haven’t they? github.com/citp/OpenWPM
Let’s go through them one by one.

1. Investigative journalists should be doing this work, and some have, most notably @JuliaAngwin and her team. In fact, it was their What They Know series way back in 2010 that inspired me to start researching the topic! wsj.com/public/page/wh…
But the press could be doing *far* more. Why isn’t that happening? My guess: the financial troubles of journalism combined with inadequate tech expertise.
2. Civil liberties organizations should be doing this work, because web privacy isn’t just about harms to individuals — it’s about a functioning democracy.
I think the main impediment is again tech expertise. The EFF is the most notable exception. They’ve done good work in this space, especially Privacy Badger, but I’d love to see more from them and for more such org's to hire technologists. eff.org/privacybadger
3. Browser vendors should be doing this work, and their absence is conspicuous. Historically they’ve tried to be “neutral” on privacy, which I’ve criticized. This is starting to change (and we also have privacy-focused browsers like Brave).
Browsers shouldn't try to be neutral on privacy because neutrality is an illusion. randomwalker.info/publications/w…
4. The ad tech industry’s self regulatory agencies *could* do this work (in a slightly different hypothetical universe). There are a bunch of these organizations, but they are hilariously ineffective, even though some of them have competent tech people. wiki.appnexus.com/display/indust…
As always, self regulation only works if there is a threat of actual regulation. In the U.S., except for a brief window 5–6 years ago, that threat hasn’t existed. The obvious question is whether GDPR will change anything. Let’s wait and see.
To drive home the point, there are a bunch of self regulations that trackers are supposed to abide by, and most of the crap we’ve been uncovering would actually be permitted by these rules! Even in the rare cases when they aren’t, enforcement tends to be nonexistent.
5. What about actual regulators? The FTC has done some interesting research (petsymposium.org/2017/papers/is…), but their enforcement powers are minimal. They can only police a limited set of abuses, and only in the most egregious cases. ftc.gov/news-events/pr…
So there we have it. It’s a sorry state of affairs. Have I missed any other entities who could be doing the work of policing the web (or are actually doing it)?
On a poignant note, @s_englehardt will graduate next year (and won’t be in an academic research role); our capability to do this work at Princeton will be decimated. We’d love to partner with organizations to ensure that there will be regular web privacy scanning using OpenWPM.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Arvind Narayanan
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @random_walker see all

Profile picture
In 2018 the blockchain/decentralization story fell apart. For example, a study of 43 use cases found a 0% success rate. theregister.co.uk/2018/11/30/blo…
Let's talk about some mistaken assumptions about decentralization that led to the blockchain hype, and what we can learn from them.
(For context, I think the technology is sound, interesting and important from a CS perspective. That’s why I’ve been researching and teaching it since 2013. bitcoinbook.cs.princeton.edu But I’ve also been speaking/writing about the pitfalls of decentralization for ~10 years.)
Blockchain proponents have a vision of _society_ in which centralized entities are weakened/eliminated. But blockchain tech is a way to build _software_ without centralized servers. Why would the latter enable the former? It’s a leap of logic that’s left unexplained.
Read 14 tweets
Profile picture
Less than 5% of cryptographers work on creating/breaking encryption algorithms. Encryption isn't the most important or most fundamental cryptographic construction. It's also mostly a solved problem. Attackers rarely even try to break encryption; they just exploit software bugs.
Here are a few of the cool things that modern cryptographers work on.
1. Secure Multiparty Computation: a powerful & broad set of techniques that enables (e.g.) 2 hospitals to do a genetic study on their combined patient records—without either sending its records to the other.
2. Theory of cryptography: how do questions about computational complexity (such as P vs NP) relate to which cryptographic algorithms are or aren’t secure? This is best understood as a quest to reveal the computational laws of nature and isn't directly motivated by applications.
Read 6 tweets
Profile picture
The online ad tech industry has created an extraordinarily invasive surveillance infrastructure that threatens our democracy. But the most tragic thing is how little has been gained—how poorly ad tech works despite all the data.
Even if rampant ad fraud is curbed, there's a deeper reason why ad tech doesn't work: measuring the returns to advertising is a statistical problem that's near impossible even with perfect tracking. This neat paper shows why and deserves to be better known justinmrao.com/lewis_rao_near…
One reason why print/TV ads work—by conspicuously spending money, the firm signals to consumers that it is big & will stick around, is invested in its reputation, and has products worth advertising. Online ads don't achieve this. The more targeted the ad, the *weaker* the signal.
Read 3 tweets

Related threads

Profile picture
This all started because the #MetPolice & #LBRUT couldn't do their day jobs properly & decided to take the law into their own hands. It started as a small cover up 12 years ago but has turned into British State Persecution.

#Skynews #BBCNews #DailyMail #Guardian #Euronews
My company was raided. It should have been a straightforward matter. But the #MetPolice & #LBRUT forgot to seize my computer & came back to do a 2nd raid. The search warrant didn't permit a second entry, however, #LBRUT entered unlawfully

#Guardian #Telegraph #DailyMail #GMB #UK
Complaints were then made to my MP #VinceCable. He liaised with the #Metpolice & #LBRUT. And then weeks later, the search warrant was completely changed & was passed off as the search warrant executed on the day of the raids.

#DailyPolitics #Libdems #Conservatives #labour #bbcdp
Read 147 tweets
Profile picture
Cursed -Jikook Spooktober au where Jungkook gets hurt easily and Jimin, his over protective boyfriend, gets revenge by placing curses on those who hurt him but one of the curses rebounds onto Jimin and he has to keep it a secret from his bunny
TW: mention of death and possession and possibly blood depending on how the storyline goes. CONTINUE READING AT YOUR OWN RISK!
BEFORE THE STORY STARTS: there will be polls scattered throughout the story. Most will have a good choice and a bad one and others may be simple things like who the next character you want is.
Read 198 tweets
Profile picture
1/
#TRUTH

There are many inconsistencies, or even outright lies, when it comes to the "story" outlined by #ChristineBlaseyFord. Here are a few:
# people at party
# timing/year of party
# location of party
# never mentioned Kavanaugh by name until July 2018
# layout of party
# your self-identified "witnesses" all refute that they attended any such party
# your long-time friend #LelandKeyser further states she has never met #JudgeKavanaugh
# you never mentioned this assault to anyone prior to 2012 therapy session...including during long-term relationship
# you claimed the revelation of abuse came from a therapy session in 2012 w/your husband, prompted by an argument over wanting 2 front doors to your home...
Read 19 tweets
Profile picture
This all started because the #MetPolice & #LBRUT couldn't do their jobs properly & then decided to take the law into their own hands. The result of this decision has led to events stranger than fiction

#BBCNews #Skynews #Itvnews #Channel4News #ThisMorning #TheresaMay #UKGov #LBC
My company was raided. It should have been a straightforward matter. But the #MetPolice & #LBRUT forgot to seize my computer & came back to do a 2nd raid. The search warrant didn't permit a second entry, however, #LBRUT entered unlawfully

#Guardian #Telegraph #DailyMail #GMB #UK
Complaints were then made to my MP #VinceCable. He liaised with the #Metpolice & #LBRUT. And then weeks later, the search warrant was completely changed & was passed off as the search warrant executed on the day of the raids.

#DailyPolitics #Libdems #Conservatives #labour #bbcdp
Read 145 tweets
Profile picture
#Qanon Epstein Island -why is the temple on top of a mountain? How many levels might exist below? What is the significance of the colors, design and symbol above the dome? Why is this relevant?
(Q)
#Qanon- Who are the puppet masters?
House of Saud (6+++) - $4 trillion +
Rothschild (6++) - $2 trillion +
Soros (6+) - $ trillion +
Public wealth disclosures false.
(Q)
#Qanon - Many governments of the world feed the 'Eye'
Think slush funds (feeder)
Think war (feeder)
Think environmental pacts (feeder)
(Q)
Read 244 tweets
Profile picture
“Okay, let me make this clear, I won’t repeat myself.” The manager says standing in front of the 7 boy’s with a list. “Jin and Yoongi, Hoseok and Jimin, Jungkook and Tae, Joon gets his own room.” The man says before walking away and handing them the keys to the dorms. #taekook
Jungkook rolls his eyes at the decision that was made. Of course they pared him with Taehyung, everyone in their team has been wanting them to get along for years. They’ve tried everything, this isn’t surprising at all. #taekook #vkook #kookv
Taehyung on the other hand could care less about Jungkook liking him. He walks over to Namjoon timidly, the leader of the group already knowing the problem and he sighs. He unlocks the door to his own room and lets Taehyung in. #taekook #vkook #kookv
Read 199 tweets

Trending hashtags

#RussellCooke #UnityInTheCommunity #MyEmphasis #DuckRabbit #MUSTbe #Newlyn #Telecoms #AdeccoGroup #NSA #Jobs #Twickenham #MiddleEarth #MoneySaving #Birmingham #Infiltration #CleanPowerPlan #CrownCourt #Unite #journalism #LatestNews #southampton #Questions #LeParisien #CNN #Faceborg

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!