Peter Snyder Principal Privacy Researcher at Brave Software

Publications

• Local Frames: Exploiting Inherited Origins to Bypass Content Blockers
  1. Alisha Ukani
  2. Hamed Haddadi
  3. Alex C. Snoeren
  4. Peter Snyder
  CCS 2025 fix: adguard fix: brave fix: duckduckgo fix: safari fix: ublock origin arxiv dataset
• Nebula: Efficient, Private and Accurate Histogram Estimation
  1. Ali Shahin Shamsabadi
  2. Peter Snyder
  3. Ralph Giles
  4. Aurélien Bellet
  5. Hamed Haddadi
  CCS 2025 arxiv blog
• Measuring the Accuracy and Effectiveness of PII Removal Services
  1. Jiahui HE
  2. Peter Snyder
  3. Hamed Haddadi
  4. Fabian E. Bustamante
  5. Gareth Tyson
  PETS 2025 arxiv
• Web Execution Bundles: Reproducible, Accurate, and Archivable Web Measurements
  1. Florian Hantke
  2. Peter Snyder
  3. Hamed Haddadi
  4. Ben Stock
  USENIX 2025 arxiv code dataset
• A First Look at Related Website Sets
  1. Stephen McQuistin
  2. Peter Snyder
  3. Hamed Haddadi
  4. Gareth Tyson
  IMC 2024 short paper arxiv blog
• Unbundle-Rewrite-Rebundle: Runtime Detection and Rewriting of Privacy-Harming Code in JavaScript Bundles
  1. Mir Masood Ali
  2. Peter Snyder
  3. Chris Kanich
  4. Hamed Haddadi
  CCS 2024 arxiv code
• Understanding the Privacy Risks of Popular Search Engine Advertising Systems
  1. Salim Chouaki
  2. Oana Goga
  3. Hamed Haddadi
  4. Peter Snyder
  IMC 2023 arxiv dataset slides: pdf
• A First Look at the Privacy Harms of the Public Suffix List
  1. Stephen McQuistin
  2. Peter Snyder
  3. Colin Perkins
  4. Hamed Haddadi
  5. Gareth Tyson
  IMC 2023 short paper dataset
• Pool-Party: Exploiting Browser Resource Pools for Web Tracking
  1. Peter Snyder
  2. Soroush Karami
  3. Arthur Edelstein
  4. Ben Livshits
  5. Hamed Haddadi
  USENIX 2023 fix: brave fix: safari arxiv blog code demo slides: keynote slides: pdf
• Measuring UID Smuggling in the Wild
  1. Audrey Randall
  2. Peter Snyder
  3. Alisha Ukani
  4. Alex C. Snoeren
  5. Geoffrey M. Voelker
  6. Stefan Savage
  7. Aaron Schulman
  IMC 2022 arxiv
• STAR: Secret Sharing for Private Threshold Aggregation Reporting
  1. Alex Davidson
  2. Peter Snyder
  3. E. B. Quirk
  4. Joseph Genereux
  5. Ben Livshits
  6. Hamed Haddadi
  CCS 2022 best paper arxiv code ietf proposal slides: pdf
• Blocked or Broken? Automatically Detecting When Privacy Interventions Break Websites
  1. Michael Smith
  2. Peter Snyder
  3. Moritz Haller
  4. Ben Livshits
  5. Hamed Haddadi
  6. Deian Stefan
  PETS 2022 arxiv code
• Measuring the Privacy vs. Compatibility Trade-off in Preventing Third-Party Stateful Tracking
  1. Jordan Jueckstock
  2. Peter Snyder
  3. Shaown Sarker
  4. Alexandros Kapravelos
  5. Ben Livshits
  WWW 2022 arxiv
• SugarCoat: Programmatically Generating Privacy-Preserving, Web-Compatible Resource Replacements for Content Blocking
  1. Michael Smith
  2. Peter Snyder
  3. Ben Livshits
  4. Deian Stefan
  CCS 2021 code dataset
• Towards Realistic and Reproducible Web Crawl Measurements
  1. Jordan Jueckstock
  2. Shaown Sarker
  3. Peter Snyder
  4. Aidan Beggs
  5. Panagiotis Papadopoulos
  6. Matteo Varvello
  7. Ben Livshits
  8. Alexandros Kapravelos
  WWW 2021 arxiv code dataset
• Detecting Filter List Evasion With Event-Loop-Turn Granularity JavaScript Signatures
  1. Quan Chen
  2. Peter Snyder
  3. Ben Livshits
  4. Alexandros Kapravelos
  S&P 2021 arxiv dataset slides: pdf
• Who Filters the Filters: Understanding the Growth, Usefulness and Efficiency of Crowdsourced Ad Blocking
  1. Peter Snyder
  2. Antoine Vastel
  3. Ben Livshits
  SIGMETRICS 2020 arxiv slides: pdf
• Filter List Generation for Underserved Regions
  1. Alexander Sjosten
  2. Peter Snyder
  3. Antonio Pastor
  4. Panagiotis Papadopoulos
  5. Ben Livshits
  WWW 2020 arxiv dataset
• Keeping Out the Masses: Understanding the Popularity and Implications of Internet Paywalls
  1. Panagiotis Papadopoulos
  2. Peter Snyder
  3. Dimitrios Athanasakis
  4. Ben Livshits
  WWW 2020 arxiv
• AdGraph: A Machine Learning Approach to Automatic and Effective Adblocking
  1. Umar Iqbal
  2. Peter Snyder
  3. Shitong Zhu
  4. Ben Livshits
  5. Zhiyun Qian
  6. Zubair Shafiq
  S&P 2020 arxiv blog
• SpeedReader: Reader Mode Made Fast and Private
  1. Mohammad Ghasemisharif
  2. Peter Snyder
  3. Andrius Aucinas
  4. Ben Livshits
  WWW 2019 arxiv blog code (brave)
• Most Websites Don’t Need to Vibrate: A Cost–Benefit Approach to Improving Browser Security
  1. Peter Snyder
  2. Cynthia Taylor
  3. Chris Kanich
  CCS 2017 code slides: pdf
• Fifteen Minutes of Unwanted Fame: Detecting and Characterizing Doxing
  1. Peter Snyder
  2. Periwinkle Doerfler
  3. Chris Kanich
  4. Damon McCoy
  IMC 2017 @code slides: pdf
• CDF: Predictably Secure Web Documents
  1. Peter Snyder
  2. Laura Watiker
  3. Cynthia Taylor
  4. Chris Kanich
  ConPro 2017 code slides: pdf
• Browser Feature Usage on the Modern Web
  1. Peter Snyder
  2. Lara Ansari
  3. Cynthia Taylor
  4. Chris Kanich
  IMC 2016 slides: keynote slides: pdf
• Characterizing Fraud and Its Ramifications in Affiliate Marketing Networks
  1. Peter Snyder
  2. Chris Kanich
  Journal of Cybersecurity 2016 journal listing
• The Effect of Repeated Login Prompts on Phishing Susceptibility
  1. Peter Snyder
  2. Michael K. Reiter
  3. Chris Kanich
  LASER 2016 slides: keynote slides: pdf
• No Please, After You: Detecting Fraud in Affiliate Marketing Networks
  1. Peter Snyder
  2. Chris Kanich
  WEIS 2015 extended slides: pdf
• "I Saw Images I Didn't Even Know I Had": Understanding User Perceptions of Cloud Storage Privacy
  1. Jason Clark
  2. Peter Snyder
  3. Damon McCoy
  4. Chris Kanich
  CHI 2015
• Cloudsweeper and Data-Centric Security
  1. Peter Snyder
  2. Chris Kanich
  ACM SIGCAS Computers and Society 2014 listing
• Cloudsweeper: Enabling Data-Centric Document Management for Secure Cloud Archives
  1. Peter Snyder
  2. Chris Kanich
  CCSW 2013

Popular Press

• Tested: Microsoft Recall can still capture credit cards and passwords, a treasure trove for crooks news The Register Aug 01, 2025
• Google's Hotseat Hypocrisy news Open Web Advocacy Jul 04, 2025
• Browser Extensions are DANGEROUS video Naomi Brockwell: NBTV Apr 18, 2025
• Microsoft's playdate in Google's Privacy Sandbox gets messy news The Register Apr 04, 2024
• Harmonizing User Privacy with Web Functionality and Ad-Blocking Technology podcast The Brave Technologist Podcast Mar 27, 2024
• Google Chrome coders really, truly, absolutely ready to cull third-party cookies from 2024 news The Register Nov 14, 2023
• The Dangers of Browser Extensions video Naomi Brockwell: NBTV Aug 01, 2022
• Google postpones Chrome's third-party cookie bonfire yet again news The Register Jul 29, 2022
• How To STOP Tracking Links! video Naomi Brockwell: NBTV May 21, 2022
• Privacy-centric search engines DuckDuckGo and Brave are spiking, per new study news The Drum Apr 27, 2022
• Brave, DuckDuckGo to unplug Google's AMP where possible news The Register Apr 21, 2022
• DuckDuckGo's private Mac browser can't replace Chrome or Safari, yet news Fast Company Apr 19, 2022
• Google resumes shoveling stuff into its 'Privacy Sandbox' news The Register Mar 29, 2022
• Brave Takes the Spring Out of Creepy Bounce Tracking news The Register Mar 09, 2022
• Google Will Stop Tracking You Across Android, But Not Any Time Soon news TechRadar Feb 16, 2022
• A Major Chip Deal Collapses podcast BBC Tech Tent Feb 11, 2022
• Should You Share Your Data With Tech Companies? news Consumer Reports Feb 08, 2022
• Google Just Gave You the Best Reason Yet to Finally Quit Using Chrome news Inc. Jan 26, 2022
• Google Slammed Over Ad-cookie Replacement Flip-Flop news BBC Jan 26, 2022
• Google Introduces a New System for Tracking Chrome Browser Users news The New York Times Jan 25, 2022
• Google Reveals Latest Attempt at Cookies Replacement news AdAge Jan 25, 2022
• Global Privacy Control Popularity Grows as Legal Status Up in Air news Bloomberg Law Dec 21, 2021
• Tool protects users' private data while they browse news National Science Foundation Dec 14, 2021
• Internet Advertising Is About to Change. Here's What Consumers Need to Know. news Consumer Reports Nov 08, 2021
• Google’s vague privacy cure-all is showing up in new proposals, but some say it could break the internet news DigiDay Aug 30, 2021
• The incredibly sneaky way websites sidestep privacy tools to spy on you news Fast Company Aug 12, 2021
• Concern trolls and power grabs: Inside Big Tech’s angry, geeky, often petty war for your privacy news Protocol Jul 13, 2021
• Ad Blockers with Pete Snyder podcast Technical Marketing Handbook Jul 13, 2021
• Google pledges not to build backdoors in FLoC but not everyone's convinced news AndroidCentral Jun 02, 2021
• We Checked 250 iPhone Apps—This Is How They’re Tracking You news The WireCutter (NYT) May 06, 2021
• Google and the Age of Privacy Theater news Wired Mar 18, 2021
• What's Up with the Apple App Store's Privacy Changes? news TheMarkup Mar 16, 2021
• How Apple, Google, and other browser makers are quietly duking it out over the future of the web news Business Insider Dec 22, 2020
• Google Chrome's crackdown on ad blockers and browser extensions, Manifest v3, is now available in beta news The Register Dec 10, 2020
• The digital switch that blocks all websites from selling your personal data news DigitalTrends Nov 23, 2020
• I Scanned the Websites I Visit with Blacklight, and It’s Horrifying. Now What? news TheMarkup Sep 22, 2020
• Google Is Working On A New Web Standard Called WebBundles Which Is Dangerous To The Privacy Of Internet Users, Security Researchers Warned news Digital Information World Sep 01, 2020
• Brave Takes Brave Stand Against Google's Plan to Turn Websites into Ad-Blocker-Thwarting Web Bundles news The Register Aug 27, 2020
• Google’s New Web Standard Could Disable Your Ad-Blocker news TechRadar Aug 27, 2020
• The Battle for Your Privacy on the Web With Pete Snyder podcast Software Sessions Aug 12, 2020
• Google's Plan for Chrome Capability has a Big Security Risk news C|Net Jul 29, 2020
• Aggrieved Ad Tech Types Decry Google Dominance in W3C Standards – Who Writes the Rules and for Whom? news The Register Jul 17, 2020
• FYI: Your Browser can pick up Ultrasonic Signals You Can't Hear, and That Sounds Like a Privacy Nightmare to Some news The Register May 07, 2020
• What the FLoC? Browser makers queue up to decry Google's latest ad-targeting initiative as invasive tracking news The Register Apr 14, 2020
• Google Chrome 80 Released With Controversial Deep Linking Upgrade news Forbes Feb 23, 2020
• Chrome Deploys Deep-Linking Tech in Latest Browser Build Despite Privacy Concerns news The Register Feb 20, 2020
• Google's Second Stab at Preserving Both Privacy and Ad Revenue Draws Fire news The Register Feb 10, 2020
• If You Want an Example of How User Concerns do not Drive Software Development, Check Out This Google-backed API news The Register Dec 06, 2019
• Protecting Your Online Privacy radio Science Friday Dec 01, 2017
• Why People Ruin Others’ Lives by Exposing All Their Data Online news NewScientist Nov 13, 2017
• First Large-Scale Doxing Study Reveals Motivations and Targets for Cyber Bullying news ScienceDaily Nov 07, 2017
• Gotta Have Standards? Security Boffins not API about Bloated Browsers news The Register Oct 24, 2017
• Privacy on the Modern Web podcast The Provocateur Jul 31, 2017

Other Technical Work

• Global Privacy Control (GPC)
  1. Robin Berjon
  2. Sebastian Zimmeck
  3. Ashkan Soltani
  4. David Harbage
  5. Peter Snyder
  W3C 2025 source: html website Proposed spec to allow browser users to assert legal privacy rights in a privacy preserving manner.
• Privacy Principals W3C 2025 Guidance document for specification authors, on how to protect and improve privacy in Web standards.
• The Off-The-Record Response Header Field
  1. Mark Pilgrim
  2. Sofía Celi
  3. Peter Snyder
  4. Shivan Kaul Sahib
  IETF 2025 Proposal for a HTTP response header field that enables a server to inform the client that the requested website should be treated as 'off-the-record.' The purpose is to indicate that the server considers the content sensitive in some way, and the client may choose not to retain any record of accessing it.
• STAR: Distributed Secret Sharing for Private Threshold Aggregation Reporting
  1. Alex Davidson
  2. Shivan Kaul Sahib
  3. Peter Snyder
  IETF 2025 blog Proposal for a cryptographic system for a high performance, low trust system form enforcing k-anonymity protections.
• W3C Security and Privacy Questionnaire
  1. Theresa O’Connor
  2. Peter Snyder
  W3C 2025 source: bikeshed Guidance document for specification authors, on how to identify and mitigate privacy and security risks in Web standards proposals.
• Reader Mode-Optimized Attention Application
  1. Ben Livshits
  2. Peter Snyder
  3. Andrius Aucinas
  US Patent 2024 google patents link paper US patent (US-11960834-B2) covering Brave's unique, privacy preserving reader mode approach.
• Improving Web Privacy And Security with a Cost-Benefit Analysis of the Web API 2018 slides: pdf source: latex My thesis, presenting a thorough measurement of WebAPI use, and ways those findings can be used to better protect the privacy and security of web users. Written for the completion of my PhD.
• Yao's Garbled Circuits: Recent Directions and Implementations 2014 slides: pdf source: latex Literature review of performance and security developments in using Yao's Protocol for secure function evaluation. Written for my degree's "Written Critique and Presentation" requirement.

Blogging

• Privacy Feature Updates in Brave (Blog Series) Brave Blog Aug 17, 2022 Blog series of updates on new privacy features in Brave, and new privacy concerns Brave targets.
• First-Party Sets: Tearing Down Privacy Defenses Just as They're Being Built WebStandards@Brave May 19, 2022
• Google's Topics API: Rebranding FLoC Without Addressing Key Privacy Issues WebStandards@Brave Jan 26, 2022
• Privacy And Competition Concerns with Google's Privacy Sandbox WebStandards@Brave Jan 26, 2022
• Why Brave Disables FLoC
  Written with:

  1. Brendan Eich
  Brave Blog Apr 12, 2021 Description of the privacy harms and categorical errors in Google's FLoC proposal
• Global Privacy Control, a new Privacy Standard Proposal, now Available in Brave’s Desktop and Android Testing Versions
  Written with:

  1. Anton Lazarev
  WebStandards@Brave Oct 07, 2020 Brave authors and implements a new proposal for opting users out of online tracking.
• WebBundles Harmful to Content Blocking, Security Tools, and the Open Web WebStandards@Brave Aug 25, 2020 WebBundles are extremely bad for researchers, blocking tools, and folks hoping to preserve a user-editable web.
• Brave, Fingerprinting, and Privacy Budgets
  Written with:

  1. Ben Livshits
  WebStandards@Brave Dec 06, 2019 Discussion of why Google's Privacy Budget proposal for combating browser fingerprinting would not be effective, and what alternatives Brave is pursuing.
• Privacy Anti-Patterns In Standards W3C Blog Jun 12, 2019 Description of several privacy-harming patterns observed as part of PING, the W3C's privacy review group, how these anti-patterns make it difficult to protect user privacy on the web.
• Brave's Concerns with the Client-Hints Proposal
  Written with:

  1. Pranjal Jumde
  2. Tom Lowenthal
  3. Brian Clifton
  WebStandards@Brave May 09, 2019 Discussion of concerns with the proposed Client Hints standard, and why it would be harmful for web privacy.
• Understanding Redirection-Based Tracking
  Written with:

  1. Ben Livshits
  Brave Blog Aug 12, 2018 Blog post description research lead at Brave regarding the frequency and parties involved in bounce-tracking. Conducted as part of designing Brave's improvements to Safari's Intelligent Tracking Prevention 2.0.
• The Mounting Cost of Stale Ad Blocking Rules
  Written with:

  1. Antoine Vastel
  2. Ben Livshits
  Brave Blog Jul 18, 2018 Blog post describing research lead at Brave regarding the number and cost of the accumulation of stale rules in EasyList.

Teaching

• Instructor for Software Design - UIC CS342 2017
• Teaching Assistant for Computer Networks - UIC CS450 2017, 2015

Selected Talks

• Testimony in Favor of Required Browser Opt-Out Signals: AB 3048 other California Senate Judiciary Committee 2024 bill: pdf video
• Web Tracking In Practice and Product invited talk ECE 598 - Digital Identity @ University of Illinois at Champaign Urbana 2024 slides: keynote video
• Designing Cryptography for Small Organizations and Projects
  1. Sofia Celi
  2. Alex Davidson
  3. Peter Snyder
  conference presentation RWC 2023
• SugarCoat: Programmatically Generating Privacy-Preserving, Web-Compatible Resource Replacements for Content Blocking invited talk NGN Webinar: Imperial College London 2022 announcement slides: pdf video: youtube
• Online Tracking, What Can Be Done About it, and Who's Doing it invited talk CS253 - Web Security @ Stanford 2021 slides: keynote slides: pdf
• Improving the Coverage and Compatibility of Web Content Blocking in Brave Browsers invited talk Stanford Security Lunch 2021
• Best-of-Breed Content Blocking in Brave: Three Projects to Improve the Depth, Breath, and Usefulness of Blocking at Scale invited talk MADWeb 2020 slides: pdf
• Brave, Fingerprinting, and Privacy on the Web invited talk CS253 - Web Security @ Stanford 2019 slides: pdf video
• Privacy, Standards and Anti-Patterns invited talk PEARG 2019 slides: pdf
• Brave, Privacy and Standards invited talk WWW 2019 slides: pdf
• Web Privacy Beyond Extensions: New Browsers Are Pursuing Deep Privacy Protections conference presentation USENIX Enigma 2019 slides: pdf
• No Please, After You: Detecting Fraud in Affiliate Marketing Networks invited talk Department of Information Engineering at Chinese University of Hong Kong 2015 slides: pdf

Significant Programs and Code

• Brave Browser 2025 PRs Features and bugfixes I've added to the Brave browser while working at Brave.
• University of Illinois at Chicago Computer Science Thesis Template 2025 source (Oddly!) I still maintain the thesis template for my university's PhD thesis.
• Fingerprinting Protections 2021 additional APIs hardening technique change Improved the technique used to block fingerprinting related Web API methods to reduce the impact on non-fingerprinting related code, and expanded the set of blocked Web API methods to cover five more, previously allowed, methods used for fingerprinting users.
• Web API Manager Browser Extension 2019 firefox extension source WebExtension, cross-browser extension that allows users to improve their privacy and security online by controlling what browser functionality web hosts have access to. Web API functionality access controls can be defined in general, or on a per host level, and can allow, for example, only trusted hosts to have access to privacy-risky browser functionality like high resolution timers, WebGL and WebRTC.
• CDF: Abstractions for Security Guarantees in Interactive Web Applications 2017 paper source Built client and server-side tools for implementing CDF, a document format for building dynamic, interactive web applications that provide increased security and privacy guarantees for users of commodity web browsers.
• FormBug 2015 source A Firefox extension to make dealing and developing form based applications easier. I just maintain it now, but wrote it back when I was doing web development work.
• Dijkstra's Algorithm (Objective-C implementation) 2014 cocoapods source Library to perform Dijkstra in Objective-C (for iOS and OSX).
• Cloudsweeper 2013 paper Web app to measure and mitigate the frequency of plaintext password sharing in Gmail archives. The public tool allows users to redact or encrypt-in-place found passwords. The site has had over 2,500 users and has secured over 38,000 messages
• Machine Learning for Automatic 8bit Song Generation 2013 slides: ppt source Library to write original NES chip-style soundtracks using a corpus of 39 classic NES games and machine learning.

Non-Technical Writing

• In Chicago's Old Town and elsewhere, NIMBY opponents block new housing
  Written with:

  1. Steven Vance
  op-ed Chicago SunTimes May 28, 2024
• Get rid of parking mandates that keep Chicago car-centric letter to the editor Chicago SunTimes Mar 14, 2024

Positions and Accomplishments

• I am Brave's AC member in the W3C.
• I did an Reddit AMA about privacy and Brave.
• I co-chair PING, the group responsible for reviewing the privacy aspects of new web standards.
• Our paper on Web API security and privacy was a finalist in the CSAW’17 Applied Research Competition.
• I was a fellow in UIC's Electronic Security and Privacy IGERT.
• I organized a crypto reading group at UIC.
• I placed first as the Symantec Cyber Challenge Competition, held at UIC.
• I twice served as the president for the UIC computer science graduate student association.
• I advise TIMBY, a community investigating website and project, on web and application security issues.

Misc. Bits

• I was invited to be on the Judge Judy show once.
• I was half of the Chicago chiptune band 🍒🍒💣.
• I sang and played guitar in a Chicago power-pop band called The Pleasure Centers.
• A while back I played in a LOST-themed band called Sonic Weapon Fence.
• Sometimes I record chiptune music solo.
• Before it closed, I volunteered tutoring Chicago high school students as part of the East Village Youth Program.

Community Involvement