Despite the growing international conversation on general data protection, vis-à-vis regulations like the EU’s General Data Protection Regulation and California’s Consumer Protection Act, our online privacy is at risk. Non-experts lack the tools they need to enforce their privacy choices and the transparency they need to understand the tracking ecosystem. In this thesis, I will discuss online tracking. I develop a new tool for empowering users to enforce their privacy preferences, investigate the ways users think about, react to, and assess online tracking after being exposed to a tracker's perspective of their online habits, and, in proposed work, systematize the state of knowledge as it relates to measuring legal compliance with laws regulating online tracking and other aspects of digital life.
To start, I set out to provide users with a tool to help them protect their online identities. My collaborators and I focused on a cookie-less form of tracking known as canvas fingerprinting. We measured canvas fingerprinting in a half-a-million website scrape and then built a supervised machine learning model to predict when JavaScript programs engaged in this type of tracking, in turn building an accurate and robust tracking blocker. I next turned to understanding the user's perspective of online tracking. I conducted a two-part survey canvassing participants' opinions toward tracking after being exposed to tracking transparency. After using our custom Chrome browser extension for one week, participants provided their opinions on visualizations of their own browsing habits (e.g., when a tracker would think they go to sleep or what potentially sensitive interests a tracker might think they have). Finally, in my proposed work, I intend to systematize knowledge as it relates to laws adjacent to online tracking. There has been a worldwide groundswell in the enactment of privacy-focused regulations like the General Data Protection Regulation or the California Consumer Protection Act. A corollary scientific effort has sought to measure the efficacy of these laws---giving rise to part legal and part measurement analysis, posing challenging problems in legal interpretation, ethics, and technical rigor. I intend to survey scientific papers produced in the last five years and generate a set of guidelines to help future researchers conduct robust, valid, and ethical work in this area.
Nathan Reitinger is a PhD candidate at the University of Maryland in the Department of Computer Science. He has written extensively on data sanitization, tracking technologies, legal interpretations of artificial intelligence and 3D printing, and cryptographic deniability. He holds an M.S. from Columbia University and a J.D., magna cum laude, from Michigan State University.