Jonathan Mayer

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Jonathan Mayer (CIS)

Jonathan Mayer (born February 5, 1987) is an American computer scientist and lawyer. He is a PhD candidate in computer science at Stanford University and is also a fellow at the Center for Internet and Society[1] and the Center for International Security and Cooperation.[2] During his graduate studies he was a consultant at the California Department of Justice.

Mayer's research focuses on technology policy, especially concerning computer security and privacy. He was selected as one of Forbes 30 Under 30 in 2014 for his contributions to those areas.[3]


Mayer is a Chicago, Illinois, United States, native and attended the Latin School of Chicago.[4] He received his AB from Princeton University in 2009 through the Woodrow Wilson School of Public and International Affairs. During his undergraduate studies he competed in the 2007 DARPA Grand Challenge[5] and Intelligent Ground Vehicle Competition.[6]

Mayer began his graduate work at Stanford University in 2009, where he was its first student to pursue both a PhD through the computer science department and a JD at Stanford Law School.[7] Mayer received his JD in 2013.

Web browser fingerprinting[edit]

Mayer's research when at Princeton studied the feasibility of tracking web browsers with partial identifiers like display resolution and extensions.[8] His advisor was Professor Edward William Felten. Mayer's research found that it was possible to fingerprint web browsers. The Electronic Frontier Foundation's subsequent study reached the same conclusions using a bigger data set. There are businesses now using browser fingerprints in products.

Do Not Track[edit]

In mid-2010, Mayer and another Stanford researcher Arvind Narayanan argued for Do Not Track in HTTP headers.[9][10] They built Do Not Track prototypes for clients and servers.[11] Working with Mozilla, they wrote the influential Internet Engineering Task Force Internet Draft of Do Not Track.[12][13]

Ultimately the World Wide Web Consortium has begun standardizing Do Not Track through the Tracking Protection Working Group.[14] Mayer was an active and influential participant in this group and has been described as "key spokesperson"[15] who had a "more interesting and productive career as a student than most tenured faculty".[16]

Mayer's thoughts about Do Not Track have concerned online advertising businesses. Randall Rothenberg, CEO of the Interactive Advertising Bureau, called him a "Bolshevik of the Internet world" and "anathema to anybody who's trying to earn any kind of living using the digital supply chain."[17] At one point, the Senior Director of IAB tried to get Mayer kicked out of his studies at Stanford .[18]

On July 30, 2013 Mayer resigned from his job with the W3C working group.[19][20] His resignation letter faulted advertising members for impeding progress and W3C for bad leadership.[21] Some working group members later tried to bring him back as a leader but this did not happen.[22]

Web tracking practices[edit]

Between 2011 and 2012 Mayer posted on illegal web tracking businesses.[23] His contributions include the following.

  • Most advertising businesses track users even after users opt out of cookies.[24][25]
  • Epic Marketplace has used CSS history sniffing to uncover medical and financial information for advertising purposes.[26] The business contested Mayer's research as "bogus".[27] However, the Federal Trade Commission later brought complaints against Epic Marketplace, citing Mayer's research.[28]
  • Microsoft has used ETags to track people and create zombie cookies on some websites.[29] Microsoft stopped this practice after it was brought to their attention.
  • User websites leak personal information to other websites.[30][31] In 2012, Mayer found leaks on Barack Obama's and Mitt Romney's election websites even though both candidates claimed that all this information was anonymous.[32][33][34]
  • Google and other businesses have circumvented Apple Safari cookie blocking, as the 'Wall Street Journal reported on its first page.[35] After this, the Federal Trade Commission fined Google $22.5 million.[36] Google settled with state attorneys general for $17 million.[37] This FTC fine was the largest in that agency's history.

Mobile application privacy policies[edit]

The California Online Privacy Protection Act requires websites to post privacy policies. Attorney General Kamala Harris argued that this law applies to mobile applications as well. Mayer was a consultant for implementing that law on mobile applications. That initiative produced a large settlement with all mobile platforms on February 22, 2012.[38]

Mozilla Firefox cookie blocking[edit]

In December 2012, Mayer proposed that Mozilla Firefox use the same cookie blocking mechanism as Apple Safari.[39] He wrote the code patch as a community contributor and Mozilla adopted it. Representatives from the online advertising business have objected and criticize both Mayer and Mozilla.[40][41][42] Businesses also had Congress members write letters to Mozilla.[43] It was expressing false concerns about abducted children and natural disasters. Mozilla has since changed from Safari's cookie blocking mechanism, instead joining up with Cookie Clearinghouse's privacy initiative.[44] Mayer has said that he is disappointed in Mozilla's decision but remains involved on the advisory board for Cookie Clearinghouse.[45]

National Security Agency Laws[edit]

The All Writs Act (lecture in 2014)

After Edward Snowden leaked documents in 2013, Mayer has researched National Security Agency laws.[46][47]

One of Mayer's projects has focused on Internet surveillance with FISA Amendments Act. Mayer concludes that NSA's "one-end foreign" rules allow them to spy on American citizens.[48] His conclusions are part of the Director of National Intelligence Review Group on Intelligence and Communications Technologies reporting.[49]

Another of Mayer's projects has looked at telephone metadata in conjunction with the Patriot Act. Working with another Stanford researcher, Patrick Mutchler, Mayer concludes that metadata is very sensitive.[50]


  • Forbes 30 Under 30 of 2014[3]
  • Stanford Interdisciplinary Graduate Fellowship[51]


  1. ^ "Jonathan Mayer | Center for Internet and Society". Retrieved 2015-02-27. 
  2. ^ Center for International Security and Cooperation Profile Page
  3. ^ a b "Jonathan Mayer, 26 - In Photos: 2014 30 Under 30: Law & Policy". Forbes. 1970-01-01. Retrieved 2015-02-27. 
  4. ^ "Alumnus Jonathan Mayer '05 was recently... - The Latin School of Chicago - Official Alumni Page". Facebook. 2014-02-19. Retrieved 2015-02-27. 
  5. ^ Gross, Katerina (2006-10-24). "DARPA crew readies for new challenge". The Daily Princetonian. Retrieved 2015-02-27. 
  6. ^ "Princeton Alumni Weekly - Google Books". Retrieved 2015-02-27. 
  7. ^ "Graduate student soars to tech policy stardom". Stanford Daily. Retrieved 2015-02-27. 
  8. ^ "Princeton Alumni Weekly: Who's Afraid of Jonathan Mayer?". Retrieved 2015-02-27. 
  9. ^ "“Do Not Track” Explained | 33 Bits of Entropy". 2010-09-20. Retrieved 2015-02-27. 
  10. ^ "Do Not Track : Universal Web Tracking Opt-out" (PDF). Retrieved 2015-02-27. 
  11. ^ "Do Not Track - Universal Web Tracking Opt Out". Retrieved 2015-02-27. 
  12. ^ "draft-mayer-do-not-track-00 - Do Not Track: A Universal Third-Party Web Tracking Opt Out". Retrieved 2015-02-27. 
  13. ^ "Summary of W3C DNT Workshop Submissions". 2011-05-05. Retrieved 2015-02-27. 
  14. ^ "W3C Tracking Protection Working Group". Retrieved 2015-02-27. 
  15. ^ "Blog | Ghostery Enterprise". Retrieved 2015-02-27. 
  16. ^ "Re: Resignation from the Tracking Protection Working Group from Aleecia M. McDonald on 2013-07-31 ( from July 2013)". Retrieved 2015-02-27. 
  17. ^ Ebbert, John (2013-07-01). "IAB Vs Mozilla: Randall Rothenberg Takes The Gloves Off – AdExchanger". Retrieved 2015-02-27. 
  18. ^ "Re: Your W3C affiliation with Stanford University? from Joseph Lorenzo Hall on 2012-10-25 ( from October 2012)". Retrieved 2015-02-27. 
  19. ^ Aquino, Judith (2013-07-31). "Jonathan Mayer To ‘Do Not Track’ Working Group: I Quit – AdExchanger". Retrieved 2015-02-27. 
  20. ^ "Jonathan Mayer Quits 'Do Not Track' Standardization Group". Business Insider. 2013-07-31. Retrieved 2015-02-27. 
  21. ^ "Resignation from the Tracking Protection Working Group from Jonathan Mayer on 2013-07-30 ( from July 2013)". Retrieved 2015-02-27. 
  22. ^ "Re: Peter Swire's appointment to President's Review Group, and resignation as Co-Chair from Kevin Kiley on 2013-08-28 ( from August 2013)". Retrieved 2015-02-27. 
  23. ^ "Stanford grad student investigates online privacy - San Jose Mercury News". Retrieved 2015-02-27. 
  24. ^ Mae, Ki (2011-07-15). "Study Compares Third-Party Trackers’ Privacy Policies to Business Practices". Adweek. Retrieved 2015-02-27. 
  25. ^ "Stanford study shows opting out of Web tracking not so easy - San Jose Mercury News". Retrieved 2015-02-27. 
  26. ^ Goodin, Dan (2012-12-05). "Online marketer tapped browser flaw to see if visitors were pregnant". Ars Technica. Retrieved 2015-02-27. 
  27. ^ "Epic Calls History Stealing Claim Bogus". Retrieved 2015-02-27. 
  28. ^ "Epic Marketplace, Inc. | Federal Trade Commission". Retrieved 2015-02-27. 
  29. ^ Angwin, Julia (2011-08-18). "Latest in Web Tracking: Stealthy 'Supercookies' - WSJ". Retrieved 2015-02-27. 
  30. ^ Melvin, Jasmin. "Websites leak more info than consumers are aware of". Reuters. Retrieved 2015-02-27. 
  31. ^ "How Web's Biggest Sites Leak Personal Data to Google and Facebook | Digital - Advertising Age". 2011-10-11. Retrieved 2015-02-27. 
  32. ^ "Romney and Obama Campaigns Leaking Web Site Visitor Data". The New York Times. Retrieved 2015-02-27. 
  33. ^ "Obama And Romney Campaign Sites Both Leak Identifying Data About Users To Tracking Firms". Forbes. Retrieved 2015-02-27. 
  34. ^ Andy Greenberg, [1], Forbes, 1/11/12
  35. ^ Angwin, Julia (2012-02-17). "Google Tracked iPhones, Bypassing Apple Browser Privacy Settings - WSJ". Retrieved 2015-02-27. 
  36. ^ "Google Will Pay $22.5 Million to Settle FTC Charges it Misrepresented Privacy Assurances to Users of Apple's Safari Internet Browser | Federal Trade Commission". 2012-08-09. Retrieved 2015-02-27. 
  37. ^ "Google to Pay $17 million to Settle Privacy Case". The New York Times. Retrieved 2015-02-27. 
  38. ^ "Attorney General Kamala D. Harris Secures Global Agreement to Strengthen Privacy Protections for Users of Mobile Applications | State of California - Department of Justice - Kamala D. Harris Attorney General". 2012-02-22. Retrieved 2015-02-27. 
  39. ^ [2][dead link]
  40. ^ "Industry Aligns Against Mozilla's Third-Party Cookie Blocking Plan". Retrieved 2015-02-27. 
  41. ^ "IAB Will Fight Mozilla Privacy Move | Digital - Advertising Age". 2013-03-08. Retrieved 2015-02-27. 
  42. ^ "Firefox cookie blocking effort delayed again, as Mozilla commitment wavers". Retrieved 2015-02-27. 
  43. ^ [3][dead link]
  44. ^ Temple, James (2013-11-05). "Mozilla anticookie tool plans crumbling". SFGate. Retrieved 2015-02-27. 
  45. ^ "Advisory Board". Retrieved 2015-02-27. 
  46. ^ "Meet Jonathan Mayer, The Stanford Ph.D. Student Who's Reverse-Engineering The NSA". 2014-02-18. Retrieved 2015-02-27. 
  47. ^ Mendoza, Martha (2014-03-26). "Experts say NSA rules leave privacy vulnerable". Retrieved 2015-02-27. 
  48. ^ "Internet Surveillance Under Section 702 of the FISA Amendments Act" (PDF). Retrieved 2015-02-27. 
  49. ^ "Liberty and security in a Changing World" (PDF). Retrieved 2015-02-27. 
  50. ^ Farivar, Cyrus (2014-03-12). "Volunteers in metadata study called gun stores, strip clubs, and more". Ars Technica. Retrieved 2015-02-27. 
  51. ^ "Re: Your W3C affiliation with Stanford University? from Jonathan Mayer on 2012-10-24 ( from October 2012)". Retrieved 2015-02-27. 

External links[edit]