User Agent 2.0: What Can the Browser Do for the User?

Tuesday, January 29, 2019 - 2:00 pm2:30 pm

Ben Livshits, Brave Software

Abstract: 

Browsers are the window that the user has onto the ever-expanding web, with the good, the bad, and the ugly that it contains. Security mechanism design on the web has traditionally relied on the user to make rational, carefully-considered choices. Too often this become a barrage of prompts and dialogues, which end-users ultimately tend to ignore.

In this talk, we highlight the fact that this assumption is based on flimsy science at best, and, at worst, completely debunked. We therefore argue that the browser should do more to help the user with these decision, thereby truly stepping into the shoes of a user agent. While there may be decisions the user has to make, they must be less frequent and asked in a way where the user has a reasonable basis for making a well-informed decision. For example, a prompt to switch the browser into private browsing mode or to block all 3rd party cookies on a given site, due to the nature of the content they’re browsing may be accompanied with a side-by-side before-and-after picture.

Ben Livshits, Brave Software

Ben Livshits is the Chief Scientist for Brave Software, a company that makes a novel privacy-friendly web browser. Dr. Livshits is also an Associate Professor at Imperial College London and an affiliate professor at the University of Washington. Previously, he was a research scientist at Microsoft Research. He received a bachelor's degree in Computer Science and Math from Cornell University and his M.S. and Ph.D. in Computer Science from Stanford University.

Dr. Livshits' research interests include application of sophisticated static and dynamic analysis techniques to finding errors in programs. Ben has published papers at PLDI, POPL, Oakland Security, Usenix Security, CCS, SOSP, ICSE, FSE, and many other venues and has been on the PCs of the same conferences. He is known for his work in software reliability and especially tools to improve software security, with a primary focus on approaches to finding buffer overruns in C programs and a variety of security vulnerabilities (cross-site scripting, SQL injections, etc.) in Web-based applications. He is the author of over 100 academic papers; Ben has also received dozens of patents and multiple tech transfer awards for bringing research in practice.

BibTeX
@conference {226347,
author = {Ben Livshits},
title = {User Agent 2.0: What Can the Browser Do for the User?},
year = {2019},
address = {Burlingame, CA},
publisher = {USENIX Association},
month = jan
}

Presentation Video