CyLab Security & Privacy Institute
Carnegie Mellon University
Here is a selection of some of my current and previous research projects. For a full list of publications, please see this page.
Investigating "Bad" Ads and Ad Targeting
The online advertising ecosystem has a notorious lack of transparency, and many practices that may be harmful to users' security, privacy, and user experience are hidden from the public. In this line of work, we qualitatively characterize and quantitatively measure of potentially deceptive and harmful advertising on the web, including how users' perceive "bad" ads, the prevalence of low quality clickbait ads on news websites, and misleading techniques and partisan targeting in online political advertising. Some of our other work has shed light on how prices in online ad auctions are (and aren't) correlated with demographic and behavioral targeting, using measurements from real users' browsers.
Various pieces of measurement infrastructure that we built for this project are available on GitHub, including adscraper, a Puppeteer-based tool for scraping display ad content from websites, and Ad Ecologist, a browser extension for observing header bidding auctions and scraping ad content from real users' browsers. More information and datasets are also available at badads.cs.washington.edu.
Multi-User Security and Privacy Issues in Smart Homes
Smart homes and IoT pose new security and privacy challenges, because they are multi-user, multi-device systems that can affect the environment and privacy of all inhabitants in a home, which can cause interpersonal tensions and privacy issues between the people living and visiting the home. Our work has studied end users' security and privacy concerns with smart homes (including some of the initial findings on tensions between primary and secondary users), and has explored designs for smart home access controls and transparency features to provide better privacy and user experiences for secondary users.
In related work, we have also studied low-tech, UI-bound techniques for violating others' security and privacy in the intimate partner and parent-child contexts, such as phone and account authentication bypasses and AirTag tracking, and how these techniques spread on social media platforms like TikTok.
Characterizing and Measuring Misleading and Harmful Online Ad Content at Scale
USENIX Engima (2023)
What Factors Affect Targeting and Bids in Online Advertising? A Field Measurement Study
FTC PrivacyCon (2022)
(Watch on FTC website, starts at 3:04:58)
Polls, Clickbait, and Commemorative $2 Bills: Problematic Political Advertising on News and Media Websites Around the 2020 U.S. Elections
ACM Internet Measurement Conference (2021)
(with Miranda Wei)
User Perceptions of Problematic Ads
Political ads during the 2020 presidential election cycle collected personal information and spread misleading information
Skeptic Check: Stay Skeptical - Deceptive Ads
SETI - Big Picture Science
Misleading ads, masquerading as news you can trust
KUOW - The Record with Bill Radke
Q&A: UW researchers clicked ads on 200 news sites to track misinformation