Eric Zeng


Here is a selection of some of my current and previous research projects. For a full list of publications, please see this page.

Investigating "Bad" Ads and Ad Targeting

The online advertising ecosystem has a notorious lack of transparency, and many practices that may be harmful to users' security, privacy, and user experience are hidden from the public. In this line of work, we qualitatively characterize and quantitatively measure of potentially deceptive and harmful advertising on the web, including how users' perceive "bad" ads, the prevalence of low quality clickbait ads on news websites, and misleading techniques and partisan targeting in online political advertising. Some of our other work has shed light on how prices in online ad auctions are (and aren't) correlated with demographic and behavioral targeting, using measurements from real users' browsers.

Various pieces of measurement infrastructure that we built for this project are available on GitHub, including adscraper, a Puppeteer-based tool for scraping display ad content from websites, and Ad Ecologist, a browser extension for observing header bidding auctions and scraping ad content from real users' browsers. More information and datasets are also available at

Multi-User Security and Privacy Issues in Smart Homes

Smart homes and IoT pose new security and privacy challenges, because they are multi-user, multi-device systems that can affect the environment and privacy of all inhabitants in a home, which can cause interpersonal tensions and privacy issues between the people living and visiting the home. Our work has studied end users' security and privacy concerns with smart homes (including some of the initial findings on tensions between primary and secondary users), and has explored designs for smart home access controls and transparency features to provide better privacy and user experiences for secondary users.

In related work, we have also studied low-tech, UI-bound techniques for violating others' security and privacy in the intimate partner and parent-child contexts, such as phone and account authentication bypasses and AirTag tracking, and how these techniques spread on social media platforms like TikTok.