Press

The Technology 202
September 17, 2020 | Cat Zakrzewski, Washington Post

Facebook also previewed the Oculus Quest 2, the next generation of its virtual-reality gaming device. Some Twitter users honed in on the privacy costs of the technology. Serge Egelman, director of usable security and privacy at the International Computer Science Institute at Berkeley: [quote from a tweet] "If I wanted to build a massive facial recognition database, this is exactly the type of product I'd sell at a loss."

Ads may not provide benefits companies say they do
August 26, 2020 | Daniel Tkacik, CMU CyLab

“We wanted to know: in the absence of ads, would people be choosing products that are cheaper or more expensive?” says Alisa Frik, who led the study as a visiting researcher at the Heinz College and is currently a postdoctoral researcher at the International Computer Science Institute at UC-Berkeley. “We also wanted to see if people would be spending more or less time searching for products, and whether they would be more or less satisfied with their choices.”

“The techniques are the ones you see with malware,” Serge Egelman, research director of the Usable Security & Privacy Group at the International Computer Science Institute at the University of California at Berkeley, said of Jiguang’s data collection.

TikTok Tracked User Data Using Tactic Banned by Google​
August 11, 2020 | Kevin Poulson and Robert McMillan, WSJ

Most major mobile apps collect a range of data on users, practices that privacy advocates have long found alarming but that tech companies defend as providing highly customized experiences and targeted advertising. Data collection varies by company. About 1% of Android apps collect MAC addresses, according to a 2018 study by AppCensus, a mobile-app analysis firm that consults with companies on their privacy practices.

TikTok, WeChat Bans Not Crucial To US Security: Experts
August 7, 2020 | Paul Handley, International Business Times

"WeChat is bad," said Nicholas Weaver, a lecturer in computer security at the University of California in Berkeley. "It uses encrypted links to WeChat's servers in China... but the servers see all messages, so the Chinese government can see any message it wants," he said.

In that sense, thieves involved in ID theft may be better off targeting data brokers like IDI and their customers than the major credit bureaus, said Nicholas Weaver, a researcher at the International Computer Science Institute and lecturer at UC Berkeley.

"I think I’m a savvy, educated user, and the reality is, no, that’s actually not enough," says Vern Paxson, cofounder of the network traffic analysis firm Corelight and a researcher at the University of California, Berkeley, who worked on the study along with Jianjun Chen, a postdoctoral researcher at the International Computer Science Institute, and Jian Jiang, senior director of engineering at Shape Security.

The potential for spear-phishing is significant, says Vern Paxson, a professor at the University of California at Berkeley and one of the researchers investigating the issues.

Google Sued for Allegedly Tracking App Users After They Opt Out
July 15, 2020 | Allen St. John, Consumer Reports

“At its heart, Google is a marketing platform,” says Serge Egelman, chief technical officer for AppCensus, a firm that analyzes technology for privacy and security, and a researcher at the University of California, Berkeley.

“Cellular equipment is special, it is specifically designed to be wiretapped and attackers have used this facility to conduct wiretapping attacks,” Nicholas Weaver, a senior staff researcher on computer security at the University of California, Berkeley, told International Business Times in an email.

Pages