Güneş Acar

Assistant Professor
Radboud University

I am a tenured assistant professor at the Digital Security group of Radboud University. I am also affiliated with iHub, Radboud's interdisciplinary research hub on digitalization and society.

My research focuses on security and privacy threats​ from websites​​, mobile apps​ and IoT devices​, with a special emphasis on novel ​online tracking​ mechanisms. I also study anonymous communication​ networks such as Tor, and investigate deceptive and manipulative (dark) design patterns​.

Current and past positions:

Selected Publications

See my dblp, ORCID, or Google Scholar pages for the full list of publications.

Academic and Other Services

  • 2024: Co-Chair, HotPETs 2024
  • 2023-24: Vice Program Chair, PETS 2024
  • 2023: Expert panel member for the Empirical Study on Dark Commercial Patterns (commissioned by the OECD)
  • 2023: Poster and Demo Chair, PETS 2023
  • 2022: Expert committee member for the Canada Foundation for Innovation’s 2023 Innovation Fund competition.

Program Committee Memberships

  • 2024: ISC
  • 2023: ACM CCS, PoPETs, MADWeb, ConPro, SecWeb
  • 2022​: USENIX Security, PoPETs, MADWeb, ConPro, SecWeb
  • 2021​: USENIX Security, PoPETs, MADWeb, ConPro, SecWeb, CFail
  • 2020: USENIX Security, Financial Crypto, SecWeb
  • 2019​: PoPETs, ESORICS Poster Session
  • 2018​: PoPETs
  • 2017: PoPETs, DPM, IWPE
  • 2016: IWPE, IFIP SEC

External Reviews

  • 2016: PETS
  • 2015: PETS, ESSOS
  • 2014: ACM CCS, PETS, ESORICS, SPACE
  • 2013: PETS, WPES, HotPETs
  • 2012: USENIX FOCI

Grants and Achievements

  • Vidi Grant in Applied and Engineering Sciences (2025-2030)

    A Web Security and Privacy Observatory (WeSPO)

  • 🏆 2022 CNIL-Inria Award for Privacy Protection (2023)

    Leaky Forms: A Study of Email and Password Exfiltration Before Form Submission (USENIX Security'22)

  • 🏆 Top Reviewer Award, Privacy Enhancing Technologies Symposium (2022)

    Given to "reviewers [who] consistently performed constructive, but critical, i.e. helpful, reviews on time and followed up in the discussions. It covers roughly 30% of senior and regular PC".

  • Runner-up for the Caspar Bowden Award for Outstanding Research in Privacy Enhancing Technologies (2021)

    Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices (CCS'19)

  • Runner-up for the The Andreas Pfitzmann Best Student Paper Award (2021)

    The CNAME of the Game: Large-scale Analysis of DNS-based Tracking Evasion (PoPETS'21)

  • Runner-up for the CNIL-Inria Privacy Protection Prize (2020)

    No Boundaries: Data Exfiltration by Third Parties Embedded on Web Pages (PETS’20)

  • Postdoctoral Research Fellowship, FWO, Research Foundation - Flanders (2019-2022)

    Ranked 1st in the Expert Panel: Informatics and Knowledge Technology. Awarded in 2017, suspended until 2019 due to my position at Princeton University.

  • Mobile Web Inspector: A Mobile Web Measurement Tool for JavaScript Analysis (2020-)

    Project grant by armasuisse, The Swiss Federal Office for Defence Procurement. This project provides the funding for Asuman Senol who I co-supervise with Claudia Diaz (PI). I was involved in writing the grant application, preparing the job posting, interviewing the candidates, and making the hiring decision.

  • 🏆 Future of Privacy Forum’s Annual Privacy Papers for Policymakers Award (2020)

    Dark Patterns at Scale: Findings from a Crawl of 11K Shopping Websites (CSCW’19)

  • Runner-up for the Caspar Bowden Award for Outstanding Research in Privacy Enhancing Technologies (2018)

    How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services (CCS’17)

  • Finalist for the Best Paper Award at the ACM CCS (2017)

    How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services (CCS’17)

  • Runner-up for the Caspar Bowden Award for Outstanding Research in Privacy Enhancing Technologies (2015)

    FPDetective: Dusting the Web for Fingerprinters (CCS’13)

  • FWO Long-term Travel Grant (August-Sep 2014)

    For the internship at the Electronic Frontier Foundation (EFF), San Francisco, CA, USA.

  • Privacy Enhancing Technologies Symposium​ Stipend (2013, 2014, 2016)
  • UNICEF-Turkey Student Grant​ for the IAMCR Conference (2011)

Talks

Unveiling Shadows: An Interactive Exploration of the Online Tracking Ecosystem

  • Keynote at the NLUUG Fall Conference, Utrecht, 5 November 2024
  • IEEE Benelux Life Member Affinity Group Event Radboud University, 29 August 2024
  • Tutorial at the SURF Security and Privacy Conference, Rotterdam, 28 June 2024

Targeted and Troublesome: Tracking and Advertising on Children’s Websites

  • ACM (The Netherlands Authority for Consumers and Markets) DigiDay meeting, The Hague, 21 November 2023

Why some online trackers accidentally collect your passwords?

  • Keynote at the SURF Security and Privacy Conference, Utrecht, 29 June 2023

An empirical (CS) research perspective & potentials for interdisciplinary collaboration

  • Workshop: Exploring the Relationship Between Market Power and Data Protection, Utrecht University, Utrecht, 15 May 2023

Training on Web Technologies, Online Tracking and Dark Patterns

  • Finnish Competition and Consumer Authority, Helsinki, 6 May 2022

Distinguished Lectures on Security & Privacy

  • University of Regensburg, Regensburg, 11-12 November 2021

No Boundaries: Data Exfiltration by Third Parties Embedded on Web Pages

  • Brave Research Reading Group, online, 11 February 2021
  • MIT CSAIL Security Seminar, online, 17 December 2020
  • The US Senate (private briefing to senate staffers; hosted by Rafi Martina) - Washington, D.C., 28 February 2018
  • PrivacyCon 2018, Federal Trade Commission (FTC) - Washington, D.C., 28 February 2018
  • Electronic Frontier Foundation (EFF) - San Francisco, CA, 2 February 2018
  • International Computer Science Institute (ICSI) - Berkeley, CA, 1 February 2018

Dark Patterns at Scale: Findings from a Crawl of 11K Shopping Websites

  • Workshop: Data-driven Marketing: Opportunities, Challenges and Ethics , Queen Mary University London, London, 17 March 2023
  • e-Enforcement Academy, European Commission: (training given to over 40 members of European consumer protection authorities). Online, 22 September 2021
  • Symposium Consumer and Data Privacy: The Digital Revolution of Legal, Social and Economic Interaction - Maastricht, 24 January 2020
  • Mozilla Security Research Summit - Vienna, 8 November 2019
  • Maastricht Law & Tech Lab launching event - Maastricht, 17 October 2019

How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services

Battery Status Not Included: Assessing Privacy in Web Standards

  • IETF Privacy Enhancements and Assessments Research Group (PEARG) - 7 November 2018

Online Tracking Technologies and Web Privacy

  • European Data Protection Supervisor (EDPS) Working Meeting, Leuven, 20 June 2017

Advanced Online Tracking: A look into the Past and the Future

  • University College of London, Academic Centre of Excellence for Cyber Security Research - London, 24 November 2016

Web Privacy & Tracking

User Control over Web Tracking

  • II. Internet Privacy Engineering Network (IPEN) Workshop - Leuven, 5 June 2015

Facebook's Tracking Capabilities Through Social Plug-ins

  • Belgian Privacy Commission - Brussels, 9 March 2015

The Web Never Forgets: Persistent Tracking Mechanisms in the Wild

  • IMDEA Software - Madrid, 30 October 2015
  • Dutch Data Protection Agency - The Hague, NL, 16 October 2014
  • UC Berkeley, TRUST Security Seminar - Berkeley, CA, 11 September 2014

FPDetective: Dusting the Web for Fingerprinters

  • French Data Protection Agency (CNIL) - Paris, 7 April 2014
  • Federal Trade Commission (FTC), Bureau of Consumer Protection, New York City, NY, 21 February 2014

Obfuscation for and against Device Fingerprinting

  • Symposium on Obfuscation at NYU, New York City, NY, 15 February 2014

Software

GitHub: @gunesacar

Lead developer:

  • tor-browser-selenium: Tor Browser automation with Selenium. Used in numerous studies involving Tor Browser automation and by the SecureDrop whistleblower platform by the Freedom of the Press Foundation.
  • fpdetective: A crawler based on a modified Chromium to detect font-based fingerprinting (CCS’13)
  • modCrawler: A crawler based on a modified Firefox to detect canvas fingerprinting (CCS’14)
  • privacy-policy-historical: The web frontend and GitHub backend for the Princeton-Leuven Longitudinal Corpus of Privacy Policies (WWW'21)
  • OpenWPM-mobile: A mobile web privacy measurement framework based on OpenWPM (CCS’18)

Contributed to:

Press

Press coverage

Media collaborations

Supervision

PhD students:

PhD Alumni:

Master:

  • A. Kokkelmans Catching Skimmer Scripts in Action Using a Hybrid Analysis of JavaScript Code, 2024.
  • K. Frings An Analysis of Third-party Tracking on Online EU pharmacies, 2024. 🏆 2024 KHMW Scriptieprijs Responsible Internet, 2nd prize
  • M. Philipse Post-Third-Party Cookies: Analyzing Google's Protected Audience API, 2024.
  • G. Borst AutoCloudAudit: Combining Tools for pPerforming Cloud Security Assessments, 2024
  • L. Casini Measuring the Adoption of Device Class Fingerprinting, 2024.
  • S. W. de Vries leak-detect: Automatic Login Form Leakage Detection for Website Administrators and Researchers, 2023 🏆 2023 Joop Bautz Information Security Award
  • S. van Duijnhoven Information Security Strategies for Industrial IoT environments: A Practical Approach for Original Equipment Manufacturers, 2023.
  • D. de Muinck Keizer Profiling Mobile Users: User Identification Through Analysis of LTE App Traffic, 2023.
  • T. van Ouwerkerk Evading the Policy: A Measurement on Referrer Policy Circumvention in 3k E-commerce Websites, 2022.
  • D. Roefs Large-scale Login and Registration Form Identification Using the Common Crawl Dataset, 2022
  • T. Rázmán Forensic Test Suite for Tor Browser, 2022.

Contact

  • Email: g.acar@cs.ru.nl
  • Address: Mercator 1 Toernooiveld 212 6525EC Nijmegen The Netherlands
  • Office: 03.01
Built with purecss, favicon-generator, google-webfonts-helper.