David Choffnes
YOU?
Author Swipe
View article: Empirically Measuring Data Localization in the EU
Empirically Measuring Data Localization in the EU Open
EU data localization regulations limit data transfers to non-EU countries with the GDPR. However, BGP, DNS and other Internet protocols were not designed to enforce jurisdictional constraints, so implementing data localization is challengi…
View article: Promises, Promises: Understanding Claims Made in Social Robot Consumer Experiences
Promises, Promises: Understanding Claims Made in Social Robot Consumer Experiences Open
Social robots are a class of emerging smart consumer electronics devices that promise sophisticated experiences featuring emotive capabilities, artificial intelligence, conversational interaction, and more. With unique risk factors like em…
View article: Echoes of Privacy: Uncovering the Profiling Practices of Voice Assistants
Echoes of Privacy: Uncovering the Profiling Practices of Voice Assistants Open
Many companies, including Google, Amazon, and Apple, offer voice assistants as a convenient solution for answering general voice queries and accessing their services. These voice assistants have gained popularity and can be easily accessed…
View article: Poster: Security and Privacy Heterogeneous Environment for Reproducible Experimentation (SPHERE)
Poster: Security and Privacy Heterogeneous Environment for Reproducible Experimentation (SPHERE) Open
To transform cybersecurity and privacy research into a highly integrated, community-wide effort, researchers need a common, rich, representative research infrastructure that meets the needs across all members of the research community, and…
View article: Gig Work at What Cost? Exploring Privacy Risks of Gig Work Platform Participation in the U.S.
Gig Work at What Cost? Exploring Privacy Risks of Gig Work Platform Participation in the U.S. Open
In recent years, "gig work" platforms have gained popularity as a way for individuals to earn money; as of 2021, 16% of Americans have at some point earned money from such platforms. Despite their popularity and their history of unfair dat…
View article: Echoes of Privacy: Uncovering the Profiling Practices of Voice Assistants
Echoes of Privacy: Uncovering the Profiling Practices of Voice Assistants Open
Many companies, including Google, Amazon, and Apple, offer voice assistants as a convenient solution for answering general voice queries and accessing their services. These voice assistants have gained popularity and can be easily accessed…
View article: Fair or Fare? Understanding Automated Transcription Error Bias in Social Media and Videoconferencing Platforms
Fair or Fare? Understanding Automated Transcription Error Bias in Social Media and Videoconferencing Platforms Open
As remote work and learning increases in popularity, individuals, especially those with hearing impairments or who speak English as a second language, may depend on automated transcriptions to participate in business, school, entertainment…
View article: SunBlock: Cloudless Protection for IoT Systems
SunBlock: Cloudless Protection for IoT Systems Open
With an increasing number of Internet of Things (IoT) devices present in homes, there is a rise in the number of potential information leakage channels and their associated security threats and privacy risks. Despite a long history of atta…
View article: Tracking, Profiling, and Ad Targeting in the Alexa Echo Smart Speaker Ecosystem
Tracking, Profiling, and Ad Targeting in the Alexa Echo Smart Speaker Ecosystem Open
Smart speakers collect voice commands, which can be used to infer sensitive information about users. Given the potential for privacy harms, there is a need for greater transparency and control over the data collected, used, and shared by s…
View article: In the Room Where It Happens: Characterizing Local Communication and Threats in Smart Homes
In the Room Where It Happens: Characterizing Local Communication and Threats in Smart Homes Open
The network communication between Internet of Things (IoT) devices on the same local network has significant implications for platform and device interoperability, security, privacy, and correctness. Yet, the analysis of local home Wi-Fi n…
View article: Behind the Scenes: Uncovering TLS and Server Certificate Practice of IoT Device Vendors in the Wild
Behind the Scenes: Uncovering TLS and Server Certificate Practice of IoT Device Vendors in the Wild Open
IoT devices are increasingly used in consumer homes. Despite recent works in characterizing IoT TLS usage for a limited number of in-lab devices, there exists a gap in quantitatively understanding TLS behaviors from devices in the wild and…
View article: Localizing Traffic Differentiation
Localizing Traffic Differentiation Open
Network neutrality is important for users, content providers, policymakers, and regulators interested in understanding how network providers differentiate performance. When determining whether a network differentiates against certain traff…
View article: BehavIoT: Measuring Smart Home IoT Behavior Using Network-Inferred Behavior Models
BehavIoT: Measuring Smart Home IoT Behavior Using Network-Inferred Behavior Models Open
Smart home IoT platforms are typically closed systems, meaning that there is poor visibility into device behavior. Understanding device behavior is important not only for determining whether devices are functioning as expected, but also ca…
View article: Protected or Porous: A Comparative Analysis of Threat Detection Capability of IoT Safeguards
Protected or Porous: A Comparative Analysis of Threat Detection Capability of IoT Safeguards Open
Consumer Internet of Things (IoT) devices are increasingly common, from smart speakers to security cameras, in homes. Along with their benefits come potential privacy and security threats. To limit these threats a number of commercial serv…
View article: Not Your Average App: A Large-scale Privacy Analysis of Android Browsers
Not Your Average App: A Large-scale Privacy Analysis of Android Browsers Open
The transparency and privacy behavior of mobile browsers has remained widely unexplored by the research community. In fact, as opposed to regular Android apps, mobile browsers may present contradicting privacy behaviors. On the one end, th…
View article: Not Your Average App: A Large-scale Privacy Analysis of Android Browsers
Not Your Average App: A Large-scale Privacy Analysis of Android Browsers Open
The transparency and privacy behavior of mobile browsers has remained widely unexplored by the research community. In fact, as opposed to regular Android apps, mobile browsers may present contradicting privacy behaviors. On the one end, th…
View article: Internet scale reverse traceroute
Internet scale reverse traceroute Open
International audience
View article: Exploring Deceptive Design Patterns in Voice Interfaces
Exploring Deceptive Design Patterns in Voice Interfaces Open
Deceptive design patterns (sometimes called "dark patterns") are user interface design elements that may trick, deceive, or mislead users into behaviors that often benefit the party implementing the design over the end user. Prior work has…
View article: Moby: A Blackout-Resistant Anonymity Network for Mobile Devices
Moby: A Blackout-Resistant Anonymity Network for Mobile Devices Open
Internet blackouts are challenging environments for anonymity and censorship resistance. Existing popular anonymity networks (e.g., Freenet, I2P, Tor) rely on Internet connectivity to function, making them impracticable during such blackou…
View article: A Comparative Study of Dark Patterns Across Web and Mobile Modalities
A Comparative Study of Dark Patterns Across Web and Mobile Modalities Open
Dark patterns are user interface elements that can influence a person's behavior against their intentions or best interests. Prior work identified these patterns in websites and mobile apps, but little is known about how the design of plat…
View article: AnyOpt
AnyOpt Open
The key to optimizing the performance of an anycast-based system (e.g., the root DNS or a CDN) is choosing the right set of sites to announce the anycast prefix. One challenge here is predicting catchments. A naïve approach is to advertise…
View article: Blocking Without Breaking: Identification and Mitigation of Non-Essential IoT Traffic
Blocking Without Breaking: Identification and Mitigation of Non-Essential IoT Traffic Open
Despite the prevalence of Internet of Things (IoT) devices, there is little information about the purpose and risks of the Internet traffic these devices generate, and consumers have limited options for controlling those risks. A key open …
View article: ZLeaks: Passive Inference Attacks on Zigbee based Smart Homes
ZLeaks: Passive Inference Attacks on Zigbee based Smart Homes Open
Zigbee is an energy-efficient wireless IoT protocol that is increasingly being deployed in smart home settings. In this work, we analyze the privacy guarantees of Zigbee protocol. Specifically, we present ZLeaks, a tool that passively iden…
View article: Blocking without Breaking: Identification and Mitigation of\n Non-Essential IoT Traffic
Blocking without Breaking: Identification and Mitigation of\n Non-Essential IoT Traffic Open
Despite the prevalence of Internet of Things (IoT) devices, there is little\ninformation about the purpose and risks of the Internet traffic these devices\ngenerate, and consumers have limited options for controlling those risks. A key\nop…
View article: The COVID-19 Pandemic and the Technology Trust Gap
The COVID-19 Pandemic and the Technology Trust Gap Open
Industry and government tried to use information technologies to respond to the COVID-19 pandemic, but using the internet as a tool for disease surveillance, public health messaging, and testing logistics turned out to be a disappointment.…
View article: A Haystack Full of Needles
A Haystack Full of Needles Open
Consumer Internet of Things (IoT) devices are extremely popular, providing users with rich and diverse functionalities, from voice assistants to home appliances. These functionalities often come with significant privacy and security risks,…
View article: A Haystack Full of Needles: Scalable Detection of IoT Devices in the Wild
A Haystack Full of Needles: Scalable Detection of IoT Devices in the Wild Open
Consumer Internet of Things (IoT) devices are extremely popular, providing users with rich and diverse functionalities, from voice assistants to home appliances. These functionalities often come with significant privacy and security risks,…
View article: When Speakers Are All Ears: Characterizing Misactivations of IoT Smart Speakers
When Speakers Are All Ears: Characterizing Misactivations of IoT Smart Speakers Open
Internet-connected voice-controlled speakers, also known as smart speakers , are increasingly popular due to their convenience for everyday tasks such as asking about the weather forecast or playing music. However, such convenience comes w…