• Donate
  • Log In
Home
  • About
    • About
      • About Us
      • Our Board of Directors
      • Board Meeting Minutes
      • Board Elections
      • Updates & Announcements
      • Our Staff
      • Governance & Financials
      • Lifetime Achievement Award
  • Events
    • Events
      • Upcoming
      • Past
      • Conference FAQ
      • Conference Policies
      • Code of Conduct
      • Calls for Papers
      • Author Resources
      • Grant Opportunities
      • Best Papers
      • Test of Time Awards
  • Join & Support
    • Join & Support
      • Become a Member
      • Ways to Give
      • Our Supporters
      • Student Opportunities
      • Sponsorship Opportunities
  • Archive
    • Archive
      • Proceedings
      • Multimedia
      • ;login: Archive
      • Short Topics in System Administration Series
      • Journal of Education in System Administration (JESA)
      • Journal of Election Technology and Systems (JETS)
      • Computing Systems Journal
  • Search
Join the conversation
Back to ;login: Online

NSDI'23 Test of Time Award

ShareMeNot Became the Privacy Badger Extension
June 2, 2023
Interview
Authors: 
Franzi Roesner, Gennie Gebhart, Rik Farrow
Article shepherded by: 
Rik Farrow

When I heard that Franzi Roesner's 2012 graduate research paper had won the NSDI'23 Test of Time Award, I wasn't that surprised. I had liked the idea behind the paper, and the research that lead to a useful web browser extension was not only sound, but also seemed like something we needed at the time, and still need today.

ShareMeNot detected social widget trackers, such as the Facebook "Like" button, included on other websites. ShareMeNot would then replace the widgets with local stand-ins that allowed user to still choose to use the widget without the side effect of being tracked when they didn't use it.

Roesner shared the extension and continued supporting it for several years, until July of 2014. At that point, the Electronic Frontier Foundation incorporated ShareMeNot in its own tool, Privacy Badger.

Franzi Roesner and Yoshi Kohno on receipt of their Test of Time award at NSDI'23.

Rik Farrow: Did you plan on supporting ShareMeNot when you presented your 2012 NSDI paper?

Frazi Roesner: I'm not quite sure what I expected with ShareMeNot, but I don't think it was for its descendent to still be in active use 10 years later. I was a bit surprised at the degree of uptake the tool had initially, probably a reflection of the budding public concern about web trackers at the time. For a couple of years I was maintaining it and doing bug fixes myself. Then in early 2014 Peter Eckersley (RIP :() at the EFF reached out to us about integrating ShareMeNot or its ideas into a new tracker blocking tool they were building, which became Privacy Badger. I ended up working with the EFF in the summer of 2014 to integrate and transition ShareMeNot's code directly into Privacy Badger, and since then it has lived on and been maintained mostly without me by the EFF.

RF: How did you come up with the idea for the tool? Was this something suggested by your advisor?

FR: If I'm remembering correctly, the project developed out of conversations with (my co-authors) Yoshi Kohno and David Wetherall – one of them might have a clearer memory of the exact origin. In my memory, it started with a meeting in David's office around questions like: "People are starting to talk about this web tracking thing. What is a tracker, actually, technically? How are they connected on the web? Are there different types of trackers? What defenses work against them?" In the initial phase of the project I did a lot of manual loading of websites, looking at wireshark traces, and building my own demo sites. That led us to develop the taxonomy of trackers that we presented in the paper [1,2], which we then measured on the web with crawls. The idea for ShareMeNot arose because our results showed us that these types of "Personal" trackers (such as the Facebook Like button, which was big at the time) were (a) prevalent but (b) not well-covered by existing defenses.

There's also a more meta answer to this question, which relates to my favorite advice that I ever received and that I now often pass onto students. I was a second-year PhD student at the time of this project, and I was in a (I think common) slump in which I didn't know what to work on because nothing seemed important or interesting enough. In a conversation with Ed Lazowska, he advised me to stop worrying about how important a project was and to just pick something and really commit to working on it for a few months. That turned out to be this project :). I often pass on this advice because you can't really tell where a project is going to lead (let alone shape where it will lead) until you actually spend time and energy really engaged with it, so you have to avoid getting stuck before you even start.

RF to Gennie Gebhart of EFF : My first question is about EFF. How common is it for EFF to incorporate other peoples' code into your own software projects?

Gennie Gebhart: EFF’s technical projects both contribute to and benefit from the open source ecosystem, so it’s fairly common for us to work with volunteers and other interested programmers to improve our projects. The interesting thing about incorporating the ShareMeNot code is how it’s evolved over time. The core idea – to block a particular element and replace it with a click-to-activate placeholder – has stood the test of time and lives on in Privacy Badger as well as many other popular privacy extensions. Even as the social buttons that ShareMeNot initially addressed fade in popularity, the approach still applies to widgets like comments (e.g. Disqus) and video (e.g. YouTube).

RF: Privacy Badger seems to me to be a very useful extension to a web browser, and I've used it since it first came out. How many people use Privacy Badger? Does it appear to be popular?

GG: Privacy Badger is the eigth most popular extension in the Firefox store, so I definitely think it’s fair to say it’s popular! We estimate it has 3-5 million daily users, depending on how you count. (For example, we can make general assumptions about how many of our Firefox users might turn off telemetry, which otherwise excludes them from the count.)

Appendix
References: 

[1] Franziska Roesner, Tadayoshi Kohno, and David Wetherall, Detecting and Defending Against Third-Party Tracking on the Web, in Proceedings NSDI'12 2012: https://www.usenix.org/conference/nsdi12/technical-sessions/presentation...

[2] Franziska Roesner, Christopher Rovillos, Tadayoshi Kohno, and David Wetherall, ShareMeNot: Balancing Privacy and Functionality of Third-Party Social Widgets: ;login: August 2012, Volume 37, Number 4: https://www.usenix.org/system/files/login/articles/roesner.pdf

Article Categories: 
Security
Programming
Last updated June 2, 2023
Authors: 
Franziska (Franzi) Roesner is an Associate Professor in the Paul G. Allen School of Computer Science & Engineering at the University of Washington, where she co-directs the Security and Privacy Research Lab. Her research focuses broadly on computer security and privacy for end users of existing and emerging technologies. Her work has studied topics including online tracking and advertising, security and privacy for sensitive user groups, security and privacy in emerging augmented reality (AR) and IoT platforms, and online mis/disinformation. She is the recipient of a Consumer Reports Digital Lab Fellowship, an MIT Technology Review ”Innovators Under 35” Award, an Emerging Leader Alumni Award from the 4 University of Texas at Austin, a Google Security and Privacy Research Award, and an NSF CAREER Award. Her work has received paper awards or runners-up at USENIX Security, the IEEE Symposium on Security & Privacy, the ACM Internet Measurement Conference (IMC), and the ACM Web Conference, as well as Test of Time Awards at the USENIX Symposium on Networked Systems Design & Implementation (NSDI) and the IEEE Symposium on Security & Privacy. She serves on the USENIX Security and USENIX Enigma Steering Committees, and she previously served as part of the DARPA ISAT advisory group.
[email protected]
Gennie is the Managing Director of Technology at the Electronic Frontier Foundation, where she oversees the organization's Engineering & Design, Public Interest Technology, and Technical Operations teams. Her research and writing primarily focuses on consumer privacy and security, with an emphasis on third-party tracking, platform policy, and secure messaging, as well as content moderation and open access. Gennie is also an Affiliate Associate Professor at the University of Washington Allen School of Computer Science & Engineering and serves on the program committees of several computer security research venues. Prior to joining EFF, she was a Henry Luce Scholar in Laos and Thailand, and earned a Master of Library and Information Science from the University of Washington Information School.
[email protected]
Rik Farrow has been a consultant for 40 years working first as a programmer, next in system administration then in security. He has written two books, as well as worked as the technical editor for a Unix magazine and for two editions of a popular operating system book. He also taught Unix and Internet security during the 90s internationally, and worked as a volunteer for USENIX program and steering committees. Rik has been the editor of ;login: since 2005.
[email protected]
  • Log in to post comments
USENIX logo
  • Contact USENIX
  • Privacy Policy

© USENIX 2025
EIN 13-3055038

Website designed and built by Giant Rabbit LLC
Powered by Backdrop CMS

We need contributions from individuals like you.

USENIX conferences directly influence the development of computing systems and products used worldwide. Contribute today to support this vital work for the next 50 years.

Secure the Future of USENIX

Donate
Close