Recent Work

<<

Summary

I work at Brave Software, shipping privacy features in the browser and conducting privacy reviews across the company. I previously worked at Salesforce on DNS privacy and (in an earlier team) on privacy & data governance. I have a keen interest in privacy-respectful standards and am active in the IETF and W3C. I care a lot about social implications of technology, and was an Internet of Rights fellow at ARTICLE 19, a UK-based human rights organization. I am currently on the Advisory Council of Open Tech Fund's Information Controls Fellowship.

Academic

  1. Co-chair, NDSS 2021 DNS Privacy Workshop.
  2. "Bringing Content Blocking To The Masses: Dealing with Filter List Development, Maintenance and Compatibility for 50 Million Users" - Talk given at USENIX PEPR '22.
  3. "DNS Privacy Vs." - Panel at USENIX PEPR '22.
  4. Artifact reviewer, PoPETS 2021.

Standards

  1. Co-chair, Oblivious HTTP Application Intermediation (OHAI) at IETF.
  2. RFC 9103: Encrypted DNS Zone Transfers.
  3. Co-chair, Privacy Research Group at IETF/IRTF.
  4. Invited expert, W3C Privacy Interest Group.
  5. April Fools' Day 🎉 RFC, RFC 8962: Establishing the Protocol Police.

Open Source

  1. Brave
    • PRs for Brave browser.
    • De-AMP feature got a lot of press and trended on Hacker News and other places.
  2. SugarCoat
    • Autogenerate privacy-preserving JavaScript resource replacements.
    • Popular on Hacker News, Reddit and other places.
  3. XFR-over-TLS support for NSD
    • Add support for RFC 9103 to the NSD auth server.
  4. Co-maintainer of and contributer to tough-cookie.
    • RFC6265 Cookies and CookieJar for Node.js
    • 30 million weekly downloads

Writing

  1. De-AMP - #1 on Hacker News, and featured in The Verge, ZDNet, Engadget.
  2. Normalization of privacy violations - #1 on Hacker News

Mentoring

  1. Mentor for MITPOSSE.
  2. IETF Guide - I mentor newcomers to IETF to help them active and contributing members of IETF. One mentee blogged about it!

List of Patents