Most software engineers opt for careers in the tech industry rather than academia, which makes university-based researchers all the more vital, said Arvind Narayanan, an associate professor of computer science.
“We can make the world better by working on the problems that the tech industry doesn’t focus on — or even actively ignores — because those things get in the way of business interests,” Narayanan said. “This includes trying to show how certain technologies being deployed are not really serving society in the way that they should, and figuring out what we can do to realign those diverging interests.”
Online privacy, for example, is at odds with companies’ eagerness to gather as much information as possible about their users so they can better meet users’ needs — and market products to them. “Data brokers” specialize in collecting and selling personal information, from age, gender, and address to a propensity for gambling or drinking. Users typically have no idea their personal information is being scooped up, and there is a general lack of transparency about what is collected and how it is used.
This is where Narayanan and his research team come in: “We want to shed light on the dark corners of online tracking,” he said.
To track the trackers, he, graduate student Steven Englehardt, and postdoctoral researcher Günes Acar built a bot that visits 1 million websites each month and records everything that happens behind the scenes — from cookies to so-called fingerprinting technologies — to identify visitors. So far, they have found a number of privacy violations, including programs that either intentionally or accidentally collect sensitive information such as passwords and medical prescriptions.
“Websites can install scripts that basically act like someone watching over your shoulder and recording everything you do — every keystroke, every movement — and then send all of that information to a third party,” Narayanan said.
By exposing the problem, he hopes to appeal to both policymakers and browser designers — whose technologies are essential for viewing and interacting with websites — to enact privacy protections.
“Putting the burden on individuals to protect themselves is not the best approach,” Narayanan said. “There are ways to take collective action so that we don’t sleepwalk into a surveillance society.”