The online advertising ecosystem has a notorious lack of transparency, and many practices that may be harmful to users' security, privacy, and user experience are hidden from the public. In this line of work, we qualitatively characterize and quantitatively measure of potentially deceptive and harmful advertising on the web, including how users' perceive "bad" ads, the prevalence of low quality clickbait ads on news websites, and misleading techniques and partisan targeting in online political advertising. Some of our other work has shed light on how prices in online ad auctions are (and aren't) correlated with demographic and behavioral targeting, using measurements from real users' browsers.

Smart homes and IoT pose new security and privacy challenges, because they are multi-user, multi-device systems that can affect the environment and privacy of all inhabitants in a home, which can cause interpersonal tensions and privacy issues between the people living and visiting the home. Our work has studied end users' security and privacy concerns with smart homes (including some of the initial findings on tensions between primary and secondary users), and has explored designs for smart home access controls and transparency features to provide better privacy and user experiences for secondary users.

In related work, we have also studied low-tech, UI-bound techniques for violating others' security and privacy in the intimate partner and parent-child contexts, such as phone and account authentication bypasses and AirTag tracking, and how these techniques spread on social media platforms like TikTok.