I work on socio-technical security and privacy: how technology acts as an amplifier to make security and privacy more difficult and interesting. My interests are both in exploiting Internet technologies and also fixing them. I've worked on things like Do Not Track, Anti-Phishing measures, junk email, and web application security. My current focus is trying to figure out how to match up consumer expectation with behaviors of the online marketplace.