Jonathan Mayer

Last updated
Jonathan Mayer
Jonathan mayer.png
Born (1987-02-05) February 5, 1987 (age 37)
Chicago, Illinois, U.S.
Education Princeton University (AB)
Stanford University (PhD, JD)
Occupations
  • Computer scientist
  • lawyer

Jonathan Mayer (born February 5, 1987) is an American computer scientist and lawyer. He is an Associate Professor of Computer Science and Public Affairs at Princeton University [1] affiliated with the Center for Information Technology Policy, [2] and was previously a PhD student in computer science at Stanford University and a fellow at the Center for Internet and Society [3] and the Center for International Security and Cooperation. [4] During his graduate studies he was a consultant at the California Department of Justice.

Contents

Mayer's research focuses on technology policy, especially concerning computer security and privacy. He was selected as one of Forbes 30 Under 30 in 2014 for his contributions to those areas. [5]

Biography

Mayer is a Chicago, Illinois, United States, native and attended the Latin School of Chicago. [6] He received his AB from Princeton University in 2009 through the Woodrow Wilson School of Public and International Affairs. During his undergraduate studies he was a member of the team competing in the 2007 DARPA Grand Challenge [7] and Intelligent Ground Vehicle Competition. [8]

Mayer began his graduate work at Stanford University in 2009, where he was its first student to pursue both a PhD through the computer science department and a JD at Stanford Law School. [9] Mayer received his JD in 2013.[ citation needed ]

Web browser fingerprinting

Mayer's research when at Princeton studied the feasibility of tracking web browsers with partial identifiers like display resolution and extensions. [10] His advisor was Professor Edward William Felten. Mayer's research found that it was possible to fingerprint web browsers, but could not guarantee the global uniqueness of a browser's fingerprint. [11] The Electronic Frontier Foundation's subsequent study reached the same conclusions using a bigger data set. There are businesses now using browser fingerprints in products.

Do Not Track

In mid-2010, Mayer and another Stanford researcher Arvind Narayanan argued for Do Not Track in HTTP headers. [12] [13] They built Do Not Track prototypes for clients and servers. [14] Working with Mozilla, they wrote the influential Internet Engineering Task Force Internet Draft of Do Not Track. [15] [16]

Ultimately the World Wide Web Consortium has begun standardizing Do Not Track through the Tracking Protection Working Group. [17] Mayer was an active and influential participant in this group and has been described as "key spokesperson" [18] who had a "more interesting and productive career as a student than most tenured faculty". [19]

Mayer's thoughts about Do Not Track have concerned online advertising businesses. Randall Rothenberg, CEO of the Interactive Advertising Bureau, called him a "Bolshevik of the Internet world" and "anathema to anybody who's trying to earn any kind of living using the digital supply chain." [20] At one point, the Senior Director of IAB tried to get Mayer kicked out of his studies at Stanford . [21]

On July 30, 2013 Mayer resigned from his job with the W3C working group. [22] [23] His resignation letter faulted advertising members for impeding progress and W3C for bad leadership. [24] Some working group members later tried to bring him back as a leader but this did not happen. [25]

Web tracking practices

Between 2011 and 2012 Mayer posted on illegal web tracking businesses. [26] His contributions include the following.

Mobile application privacy policies

The California Online Privacy Protection Act requires websites to post privacy policies. Attorney General Kamala Harris argued that this law applies to mobile applications as well. Mayer was a consultant for implementing that law on mobile applications.[ citation needed ] That initiative produced a large settlement with all mobile platforms on February 22, 2012. [41]

In December 2012, Mayer proposed that Mozilla Firefox use the same cookie blocking mechanism as Apple Safari. [42] He wrote the code patch as a community contributor and Mozilla adopted it. Representatives from the online advertising business have objected and criticize both Mayer and Mozilla. [43] [44] [45] Businesses also had Congress members write letters to Mozilla. [46] It was expressing false concerns about abducted children and natural disasters. Mozilla has since changed from Safari's cookie blocking mechanism, instead joining up with Cookie Clearinghouse's privacy initiative. [47] Mayer has said that he is disappointed in Mozilla's decision but remains involved on the advisory board for Cookie Clearinghouse. [48]

National Security Agency Laws

The All Writs Act (lecture in 2014)

After Edward Snowden leaked documents in 2013, Mayer has researched National Security Agency laws. [49] [50]

One of Mayer's projects has focused on Internet surveillance with FISA Amendments Act. Mayer concludes that NSA's "one-end foreign" rules allow them to spy on American citizens. [51] His conclusions are part of the Director of National Intelligence Review Group on Intelligence and Communications Technologies reporting. [52]

Another of Mayer's projects has looked at telephone metadata in conjunction with the Patriot Act. Working with another Stanford researcher, Patrick Mutchler, Mayer concludes that metadata is very sensitive. [53]

Awards

Related Research Articles

Internet privacy involves the right or mandate of personal privacy concerning the storage, re-purposing, provision to third parties, and display of information pertaining to oneself via the Internet. Internet privacy is a subset of data privacy. Privacy concerns have been articulated from the beginnings of large-scale computer sharing and especially relate to mass surveillance.

The Platform for Privacy Preferences Project (P3P) is an obsolete protocol allowing websites to declare their intended use of information they collect about web browser users. Designed to give users more control of their personal information when browsing, P3P was developed by the World Wide Web Consortium (W3C) and officially recommended on April 16, 2002. Development ceased shortly thereafter and there have been very few implementations of P3P. Internet Explorer and Microsoft Edge were the only major browsers to support P3P. Microsoft has ended support from Windows 10 onwards. Internet Explorer and Edge on Windows 10 no longer support P3P as of 2016. W3C officially obsoleted P3P on 2018-08-30. The president of TRUSTe has stated that P3P has not been implemented widely due to the difficulty and lack of value.

<span class="mw-page-title-main">HTTP cookie</span> Small pieces of data stored by a web browser while on a website

HTTP cookies are small blocks of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user's web browser. Cookies are placed on the device used to access a website, and more than one cookie may be placed on a user's device during a session.

A browser extension is a software module for customizing a web browser. Browsers typically allow users to install a variety of extensions, including user interface modifications, cookie management, ad blocking, and the custom scripting and styling of web pages.

<span class="mw-page-title-main">HTTP referer</span> HTTP header field

In HTTP, "Referer" is an optional HTTP header field that identifies the address of the web page from which the resource has been requested. By checking the referrer, the server providing the new web page can see where the request originated.

A local shared object (LSO), commonly called a Flash cookie, is a piece of data that websites that use Adobe Flash may store on a user's computer. Local shared objects have been used by all versions of Flash Player since version 6.

<span class="mw-page-title-main">HTML5</span> Fifth and previous version of HyperText Markup Language

HTML5 is a markup language used for structuring and presenting hypertext documents on the World Wide Web. It was the fifth and final major HTML version that is now a retired World Wide Web Consortium (W3C) recommendation. The current specification is known as the HTML Living Standard. It is maintained by the Web Hypertext Application Technology Working Group (WHATWG), a consortium of the major browser vendors.

<span class="mw-page-title-main">Clickjacking</span> Malicious technique of tricking a Web user

Clickjacking is a malicious technique of tricking a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects, including web pages.

Web storage, sometimes known as DOM storage, is a standard JavaScript API provided by web browsers. It enables websites to store persistent data on users' devices similar to cookies, but with much larger capacity and no information sent in HTTP headers. There are two main web storage types: local storage and session storage, behaving similarly to persistent cookies and session cookies respectively. Web Storage is standardized by the World Wide Web Consortium (W3C) and WHATWG, and is supported by all major browsers.

The W3C Geolocation API is an effort by the World Wide Web Consortium (W3C) to standardize an interface to retrieve the geographical location information for a client-side device. It defines a set of objects, ECMAScript standard compliant, that executing in the client application give the client's device location through the consulting of Location Information Servers, which are transparent for the application programming interface (API). The most common sources of location information are IP address, Wi-Fi and Bluetooth MAC address, radio-frequency identification (RFID), Wi-Fi connection location, or device Global Positioning System (GPS) and GSM/CDMA cell IDs. The location is returned with a given accuracy depending on the best location information source available.

Web tracking is the practice by which operators of websites and third parties collect, store and share information about visitors' activities on the World Wide Web. Analysis of a user's behaviour may be used to provide content that enables the operator to infer their preferences and may be of interest to various parties, such as advertisers. Web tracking can be part of visitor management.

Cross-origin resource sharing (CORS) is a mechanism to safely bypass the same-origin policy, that is, it allows a web page to access restricted resources from a server on a domain different than the domain that served the web page.

<span class="mw-page-title-main">Web browsing history</span> List of web pages a user has visited recently

Web browsing history refers to the list of web pages a user has visited, as well as associated metadata such as page title and time of visit. It is usually stored locally by web browsers in order to provide the user with a history list to go back to previously visited pages. It can reflect the user's interests, needs, and browsing habits.

Do Not Track (DNT) is a non-standard HTTP header field designed to allow internet users to opt out of tracking by websites—which includes the collection of data regarding a user's activity across multiple distinct contexts, and the retention, use, or sharing of data derived from that activity outside the context in which it occurred.

WebRTC is a free and open-source project providing web browsers and mobile applications with real-time communication (RTC) via application programming interfaces (APIs). It allows audio and video communication and streaming to work inside web pages by allowing direct peer-to-peer communication, eliminating the need to install plugins or download native apps.

Ghostery is a free and open-source privacy and security-related browser extension and mobile browser application. Since February 2017, it has been owned by the German company Cliqz International GmbH. The code was originally developed by David Cancel and associates.

<i>United States v. Google Inc.</i>

United States v. Google Inc., No. 3:12-cv-04177, is a case in which the United States District Court for the Northern District of California approved a stipulated order for a permanent injunction and a $22.5 million civil penalty judgment, the largest civil penalty the Federal Trade Commission (FTC) has ever won in history. The FTC and Google Inc. consented to the entry of the stipulated order to resolve the dispute which arose from Google's violation of its privacy policy. In this case, the FTC found Google liable for misrepresenting "privacy assurances to users of Apple's Safari Internet browser". It was reached after the FTC considered that through the placement of advertising tracking cookies in the Safari web browser, and while serving targeted advertisements, Google violated the 2011 FTC's administrative order issued in FTC v. Google Inc.

WebXR Device API is a Web application programming interface (API) that describes support for accessing augmented reality and virtual reality devices, such as the HTC Vive, Oculus Rift, Meta Quest, Google Cardboard, HoloLens, Apple Vision Pro, Magic Leap or Open Source Virtual Reality (OSVR), in a web browser. The WebXR Device API and related APIs are standards defined by W3C groups, the Immersive Web Community Group and Immersive Web Working Group. While the Community Group works on the proposals in the incubation period, the Working Group defines the final web specifications to be implemented by the browsers.

<span class="mw-page-title-main">David Baron (computer scientist)</span> American computer scientist

David Baron is an American computer scientist, web browser engineer, open web standards author, technology speaker, and open source contributor. He has written and edits several CSS web standards specifications including CSS Color Module Level 3, CSS Conditional Rules, and several working drafts. He started working on Mozilla in 1998, and was employed by Mozilla in 2003 to help develop and evolve the Gecko rendering engine, eventually as a Distinguished Engineer in 2013. He was Mozilla’s representative on the WHATWG Steering Group from 2017-2020. He has served on the W3C Technical Architecture Group (TAG) continuously since being elected in 2015 and re-elected subsequently, most recently in 2020. In 2021 he joined Google to work on Google Chrome.

<span class="mw-page-title-main">Privacy Sandbox</span> Google initiative

The Privacy Sandbox is an initiative led by Google to create web standards for websites to access user information without compromising privacy. Its core purpose is to facilitate online advertising by sharing a subset of user private information without the use of third-party cookies. The initiative includes a number of proposals, many of these proposals have bird-themed names which are changed once the corresponding feature reaches general availability. The technology include Topics API, Protected Audience, Attribution Reporting, Private Aggregation, Shared Storage and Fenced Frames as well as other proposed technologies. The project was announced in August 2019.

References

  1. "Jonathan Mayer". princeton.edu. 2018-02-07. Retrieved 2018-05-18.
  2. "Jonathan Mayer | Center for Information Technology Policy" . Retrieved 2020-02-25.
  3. "Jonathan Mayer | Center for Internet and Society". Cyberlaw.stanford.edu. Retrieved 2015-02-27.
  4. "Center for International Security and Cooperation Profile Page". Archived from the original on 2014-03-28. Retrieved 2014-03-27.
  5. 1 2 "Jonathan Mayer, 26 - In Photos: 2014 30 Under 30: Law & Policy". Forbes. 1970-01-01. Archived from the original on January 9, 2014. Retrieved 2015-02-27.
  6. "Alumnus Jonathan Mayer '05 was recently... - The Latin School of Chicago - Official Alumni Page". Facebook. 2014-02-19. Retrieved 2015-02-27.
  7. Gross, Katerina (2006-10-24). "DARPA crew readies for new challenge". The Daily Princetonian. Archived from the original on 2014-03-28. Retrieved 2015-02-27.
  8. "Princeton Alumni Weekly - Google Books". 2007. Retrieved 2015-02-27.
  9. "Graduate student soars to tech policy stardom". Stanford Daily. 2014-02-13. Retrieved 2015-02-27.
  10. "Princeton Alumni Weekly: Who's Afraid of Jonathan Mayer?". Paw.princeton.edu. Retrieved 2015-02-27.
  11. Eckersley, Peter, How Unique Is Your Web Browser? (PDF), Electronic Frontier Foundation, p. 9
  12. ""Do Not Track" Explained | 33 Bits of Entropy". 33bits.org. 2010-09-20. Archived from the original on 2010-09-24. Retrieved 2015-02-27.{{cite web}}: CS1 maint: unfit URL (link)
  13. "Do Not Track : Universal Web Tracking Opt-out" (PDF). Iab.org. Retrieved 2015-02-27.
  14. "Do Not Track - Universal Web Tracking Opt Out". Donottrack.us. Retrieved 2015-02-27.
  15. "draft-mayer-do-not-track-00 - Do Not Track: A Universal Third-Party Web Tracking Opt Out". Tools.ietf.org. Retrieved 2015-02-27.
  16. "Summary of W3C DNT Workshop Submissions". Freedom-to-tinker.com. 2011-05-05. Retrieved 2015-02-27.
  17. "W3C Tracking Protection Working Group". W3.org. Retrieved 2015-02-27.
  18. "Blog | Ghostery Enterprise". Evidon.com. Archived from the original on 2014-03-27. Retrieved 2015-02-27.
  19. "Re: Resignation from the Tracking Protection Working Group from Aleecia M. McDonald on 2013-07-31 (public-tracking@w3.org from July 2013)". Lists.w3.org. Retrieved 2015-02-27.
  20. Ebbert, John (2013-07-01). "IAB Vs Mozilla: Randall Rothenberg Takes The Gloves Off – AdExchanger". Adexchanger.com. Retrieved 2015-02-27.
  21. "Re: Your W3C affiliation with Stanford University? from Joseph Lorenzo Hall on 2012-10-25 (public-tracking@w3.org from October 2012)". Lists.w3.org. Retrieved 2015-02-27.
  22. Aquino, Judith (2013-07-31). "Jonathan Mayer To 'Do Not Track' Working Group: I Quit – AdExchanger". Adexchanger.com. Retrieved 2015-02-27.
  23. "Jonathan Mayer Quits 'Do Not Track' Standardization Group". Business Insider. 2013-07-31. Retrieved 2015-02-27.
  24. "Resignation from the Tracking Protection Working Group from Jonathan Mayer on 2013-07-30 (public-tracking@w3.org from July 2013)". Lists.w3.org. Retrieved 2015-02-27.
  25. "Re: Peter Swire's appointment to President's Review Group, and resignation as Co-Chair from Kevin Kiley on 2013-08-28 (public-tracking@w3.org from August 2013)". Lists.w3.org. Retrieved 2015-02-27.
  26. "Stanford grad student investigates online privacy - San Jose Mercury News". Mercurynews.com. 2012-04-02. Retrieved 2015-02-27.
  27. Mae, Ki (2011-07-15). "Study Compares Third-Party Trackers' Privacy Policies to Business Practices". Adweek. Retrieved 2015-02-27.
  28. "Stanford study shows opting out of Web tracking not so easy - San Jose Mercury News". Mercurynews.com. 2011-07-21. Retrieved 2015-02-27.
  29. Goodin, Dan (2012-12-05). "Online marketer tapped browser flaw to see if visitors were pregnant". Ars Technica. Retrieved 2015-02-27.
  30. "Epic Calls History Stealing Claim Bogus". Adotas.com. 2011-07-21. Archived from the original on 2015-02-27. Retrieved 2015-02-27.
  31. "Epic Marketplace, Inc. | Federal Trade Commission". Ftc.gov. 2012-12-05. Retrieved 2015-02-27.
  32. Angwin, Julia (2011-08-18). "Latest in Web Tracking: Stealthy 'Supercookies' - WSJ". Online.wsj.com. Retrieved 2015-02-27.
  33. Melvin, Jasmin (11 October 2011). "Websites leak more info than consumers are aware of". Reuters. Retrieved 2015-02-27.
  34. "How Web's Biggest Sites Leak Personal Data to Google and Facebook | Digital - Advertising Age". Adage.com. 2011-10-11. Retrieved 2015-02-27.
  35. "Romney and Obama Campaigns Leaking Web Site Visitor Data". The New York Times . November 2012. Retrieved 2015-02-27.
  36. "Obama And Romney Campaign Sites Both Leak Identifying Data About Users To Tracking Firms". Forbes. Retrieved 2015-02-27.
  37. Andy Greenberg, , Forbes, 1/11/12
  38. Angwin, Julia (2012-02-17). "Google Tracked iPhones, Bypassing Apple Browser Privacy Settings - WSJ". Online.wsj.com. Retrieved 2015-02-27.
  39. "Google Will Pay $22.5 Million to Settle FTC Charges it Misrepresented Privacy Assurances to Users of Apple's Safari Internet Browser | Federal Trade Commission". Ftc.gov. 2012-08-09. Retrieved 2015-02-27.
  40. Miller, Claire Cain (19 November 2013). "Google to Pay $17 million to Settle Privacy Case". The New York Times . Retrieved 2015-02-27.
  41. "Attorney General Kamala D. Harris Secures Global Agreement to Strengthen Privacy Protections for Users of Mobile Applications | State of California - Department of Justice - Kamala D. Harris Attorney General". Oag.ca.gov. 2012-02-22. Retrieved 2015-02-27.
  42. "818340 – Block cookies from sites I haven't visited". Archived from the original on 2013-03-08. Retrieved 2013-03-08.
  43. "Industry Aligns Against Mozilla's Third-Party Cookie Blocking Plan". Adexchanger.com. 13 March 2013. Retrieved 2015-02-27.
  44. "IAB Will Fight Mozilla Privacy Move | Digital - Advertising Age". Adage.com. 2013-03-08. Retrieved 2015-02-27.
  45. "Firefox cookie blocking effort delayed again, as Mozilla commitment wavers". Blog.sfgate.com. Retrieved 2015-02-27.
  46. "Mozilla's decision to block all third-party cookies by default in Firefox browsers | Congressman Mike Pompeo". Archived from the original on March 28, 2014. Retrieved March 27, 2014.
  47. Temple, James (2013-11-05). "Mozilla anticookie tool plans crumbling". SFGate. Retrieved 2015-02-27.
  48. "Advisory Board". Cch.law.stanford.edu. Retrieved 2015-02-27.
  49. "Meet Jonathan Mayer, The Stanford Ph.D. Student Who's Reverse-Engineering The NSA". Huffingtonpost.com. 2014-02-18. Retrieved 2015-02-27.
  50. Mendoza, Martha (2014-03-26). "Experts say NSA rules leave privacy vulnerable". Bigstory.ap.org. Archived from the original on 2015-02-28. Retrieved 2015-02-27.
  51. "Internet Surveillance Under Section 702 of the FISA Amendments Act" (PDF). Dni.org. Retrieved 2015-02-27.
  52. "Liberty and security in a Changing World" (PDF). whitehouse.gov . Archived (PDF) from the original on 2017-01-24. Retrieved 2015-02-27 via National Archives.
  53. Farivar, Cyrus (2014-03-12). "Volunteers in metadata study called gun stores, strip clubs, and more". Ars Technica. Retrieved 2015-02-27.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.