Eric Zeng

About Me

I am a Postdoctoral Researcher in CyLab Institute at Carnegie Mellon University, where I am currently advised by Professor Lujo Bauer. My research interests are broadly in computer security and privacy, with a focus on usable security and privacy and web measurement.

I recently graduated with a PhD in Computer Science & Engineering from the University of Washington, where I was fortunate to be advised by Professor Franzi Roesner, and worked in the Security and Privacy Lab.

My research addresses security, privacy, and UX issues in online advertising, such as deceptive and misleading ads for online scams, content farms, and affiliate marketing. My recent work in this space investigated misleading political ads during the 2020 elections, such as ads disguised as polls and sensationalist political clickbait articles. My other work in usable security and privacy is broadly about identifying users' security and privacy needs and concerns in emerging technologies, such as smart homes and encrypted email.

I have also collaborated various projects with researchers in industry. I recently interned with the Cryptography and Privacy Research Group at Microsoft Research, where I am worked with Kim Laine and Esha Ghosh on authentication and recovery for decentralized services. In the past, I interned on the Google Chrome Security team, where I worked with Emily Stark on improving HTTPS adoption.

When I'm not working, I love spending my time outside, running, hiking, cycling, and skiing! I also play keyboard in a band.


2022-09-27 Our newest paper, a field study of the factors that affect ad targeting and bid values, was accepted to IMC 2022! I will be presenting our paper at IMC in Nice, and later at FTC PrivacyCon.
2022-06-13 I have finally graduated with my PhD! I have already started my new position as a postdoc at CMU's CyLab, where I'll be working with Prof. Lujo Bauer.
2022-05-16 Our new paper on Anti-Privacy and Anti-Security Advice on TikTok was just accepted to SOUPS! I will be at both SOUPS and USENIX this year.
2022-05-12 I successfully defended my dissertation! I will be graduating mid-June 2022.
2021-11-02 Our political ads paper was a runner up for Best Paper at IMC 2021!
2021-09-30 We published a new paper measuring political ads during the 2020 U.S. elections at IMC 2021
2021-01-20 Our paper on user perceptions of "bad" ads was accepted to CHI 2021, read the preprint here
2020-08-10 Attending/volunteering at USENIX and SOUPS - let's chat!
2020-05-11 I submitted my thesis proposal and passed my generals exam!
2020-02-20 Our paper on clickbait ads was accepted at ConPro 2020


What Factors Affect Targeting and Bids in Online Advertising? A Field Measurement Study

Eric Zeng, Rachel McAmis, Tadayoshi Kohno, Franziska Roesner
ACM Internet Measurement Conference 2022

Anti-Privacy and Anti-Security Advice on TikTok: Case Studies of Technology-Enabled Surveillance and Control in Intimate Partner and Parent-Child Relationships

Miranda Wei, Eric Zeng, Tadayoshi Kohno, Franziska Roesner
Symposium On Usable Privacy and Security (2022)
[ Slides ]

Polls, Clickbait, and Commemorative $2 Bills: Problematic Political Advertising on News and Media Websites Around the 2020 U.S. Elections

Eric Zeng, Miranda Wei, Theo Gregersen, Tadayoshi Kohno, Franziska Roesner
ACM Internet Measurement Conference 2021
Runner-Up for Best Paper Award
[ Project Page ] [ IMC Talk ]
[ UW News ]

What Makes a "Bad" Ad? User Perceptions of Problematic Online Advertising

Eric Zeng, Tadayoshi Kohno, Franziska Roesner
ACM CHI Conference on Human Factors in Computing Systems (2021)
[ CHI Talk ] [ Dataset ] [ Data Explorer ]
[ Interview on Data Skeptic Podcast ]

Bad News: Clickbait and Deceptive Ads on News and Misinformation Websites

Eric Zeng, Tadayoshi Kohno, Franziska Roesner
Workshop on Technology and Consumer Protection (2020)
[ Slides ] [ Dataset ]
[ Big Picture Science ] [ The Record ] [ UW News ]

Fixing HTTPS Misconfigurations: An Experiment with Security Notifications

Eric Zeng, Frank Li, Emily Stark, Adriana Porter Felt, Parisa Tabriz
Workshop on the Economics of Information Security (2019)
[ Slides ]

End User Security and Privacy Concerns with Smart Homes

Eric Zeng, Shrirang Mare, Franziska Roesner
Symposium on Usable Privacy and Security (2017)
[ Slides ]

Confidante: Usable Encrypted Email - A Case Study with Lawyers and Journalists

Ada Lerner*, Eric Zeng*, Franziska Roesner
IEEE European Symposium on Security & Privacy (2017)
[ Website ] [ Slides ]

*Co-first authors listed in alphabetical order

Theses, Tech Reports, and Other Writing

Characterizing and Measuring "Bad" Ads on the Web

Eric Zeng
Doctoral Dissertation (June 2022)

Technology-Enabled Disinformation: Summary, Lessons, and Recommendations

John Akers, Gagan Bansal, Gabriel Cadamuro, Christine Chen, Quanze Chen, Lucy Lin, Phoebe Mulcaire, Rajalakshmi Nandakumar, Matthew Rockett, Lucy Simko, John Toman, Tongshuang Wu, Eric Zeng, Bill Zorn, Franziska Roesner
University of Washington Technical Report UW-CSE-18-12-02 and arXiv:1812.09383 (2018).

Industry Experience

Microsoft Research - Privacy and Cryptography Group

Research Intern
Jun 2021 - Sep 2021

I worked with Kim Laine and Esha Ghosh on a usability evaluation of a "fuzzy" authentication and recovery system for the Decentralized Identity project.

Google - Chrome Usable Security

Software Engineering Intern
Jun 2017 - Sep 2017

During my internship on the Chrome Usable Security team, I conducted research with Emily Stark on reducing internet-wide HTTPS misconfiguration rates, using Google infrastructure to scan for misconfigurations and send email notifications to website owners.

Twitter - Ads Billing

Software Engineering Intern
Jun 2015 - Sep 2015

I helped our team migrate features from a Ruby monolith to a Scala-based microservice.

Google - Chrome Extensions

Software Engineering Intern
Jun 2014 - Sep 2014

I implemented an API that allows Chrome extensions to embed their options pages inside of Chrome's settings page using an iframe-like system for process isolation.

Google - YouTube Content Protection

Engineering Practicum Intern
Jun 2013 - Sep 2013

I conducted penetration testing on Chrome’s DRM module for video decryption.