From June 19 - June 30, I attended a research seminar hosted by Proper Data at the University of California: Irvine. Over the next 9 days, I learned much how browsers, TikTok, and smart speakers tracked users. I also got to build a Mycroft virtual assistant, using a Raspberry Pi machine, and present my findings to faculty and other researchers.

Before coming to this workshop, I had limited knowledge regarding how data is collected. I knew about the California Privacy Act, which required websites to inform users about how they collected data and opt out if they wanted to. I also knew that sometimes when I interacted with an advertisement, more of the same advertisements would show up on different websites. I myself had a Google Home, and was skeptical it was listening in on me. How were all these things related? Well, Proper Data is involved in researching all of this.

Proper Data is a team of researchers at University of California: Irvine, studying how personal data is collected online (mobile, web, and internet of things), in order to safe guard privacy and reform public policy. The director of the team and primary investigator is Dr. Athina Markopoulou.

At the seminar I learned about:

Advertisements and Tracking, with Hieu Le, PhD Student & Curriculum Lead:

1. How advertisers bid for spots on sites and use contextual and behavior based advertisements

2. How advertisers use cookies / HTTP requests to share and consolidate profiles across different websites (stateful tracking)

3. How adblockers can block these HTTP requests

4. How adblockers can't block everything, due to Canvas Fingerprinting, a form of stateless tracking method

5. How privacy focused browsers, like Brave, can stop canvas fingerprinting

6. I encourage everyone to use https://coveryourtracks.eff.org/ and test the privacy of their most frequented browser.

Research Methodology for Studying Network with Jad Al Aaraj, PhD Student

1. How to use Wireshark / TCPdump to capture network traffic on browsers / Alexa Virtual Assistant

2. I installed TCPdump onto the Mycroft Virtual assistant in order to look at whether any information was being sent to advertising agencies

3. This was a nice introduction into how ProperData conducted its research. I was able to use their custom scripts to analyze the network traffic, which was organized into various types of charts (bar graph, pi chart, etc.)

Practical experience I gained:

Raspberry Pi & Mycroft with Ernest Garrision, Curriculum Lead at ProperData

1. I flashed Raspberry Pi OS onto a SD card and installed the OS, setting up login/password and network options

2. I downloaded Mycroft, a virtual assistant, using the terminal and set up the microphone input / speaker output

3. I installed Mycroft skills, like moviemaster, crystal ball, Pokemon, and created a custom Shrek skill with my partner, using the terminal and Git

TikTok and Network Traffic:

1. I recorded network traffic on TikTok using the Chromium's developer tools.

2. With the terminal I was able to use Proper Data's custom script to convert the data to a csv, where I was able to look at which domains network traffic was being sent to

Presentation and Research Skills:

1. My partner and I conducted research on a TikTok account that was geared towards Fashion. We used user actions, like liking, following, or reposting to change the "For You" page towards cats / food.

2. We also used TCPdump to analyze our TikTok Network traffic during this time and found that TikTok was recording our time zone, screen resolution, operating system, which seems harmless, but together the information creates a unique user profile.

3. My partner and I were rewarded 1st place for our poster board. We presented our findings on a poster board, had a poster board session and a 6 minute presentation to researchers and faculty.

For our hardwork, we were given our own RaspBerry Pi! I can't wait to start working on more projects. Thank you so much!

Special Thanks:

I want to thank UCI's ProperData team for granting me this opportunity to learn their research methods and about internet privacy regarding IoT and browsers. I especially enjoyed Ernest's segment on Raspberry Pi and the National Science Foundation for funding UCI Catering (the food was glorious and I walked away five pounds heavier). I especially want to thank my partner Marina Wild for working with me on this project.