I am a tenure track assistant professor at the Digital Security group of Radboud University Nijmegen.

Between 2019 and 2021, I was an FWO postdoctoral research fellow at the COSIC research group of KU Leuven.

Between 2017 and 2019, I was a postdoctoral research associate at the Princeton University's Center for Information Technology Policy.

I obtained my PhD at COSIC in 2017 under the supervision of Claudia Diaz and Bart Preneel.

I conduct large-scale empirical studies of security and privacy threats​ from websites​​, mobile apps​ and IoT devices​, with a special emphasis on novel ​online tracking​ mechanisms. I also study anonymous communication​ networks such as Tor, and investigate deceptive and manipulative (dark) design patterns​.

Selected Publications

See my dblp, ORCID, or Google Scholar pages for the full list of publications.

Academic Service

Program Committee Memberships

  • 2021​: USENIX Security, MADWeb, ConPro, SecWeb, CFail
  • 2020: USENIX Security, Financial Crypto, SecWeb
  • 2019​: PoPETs, ESORICS Poster Session
  • 2018​: PoPETs
  • 2017: PoPETs, DPM, IWPE
  • 2016: IWPE, IFIP SEC

External Reviews

  • 2016: PETS
  • 2015: PETS, ESSOS
  • 2014: ACM CCS, PETS, ESORICS, SPACE
  • 2013: PETS, WPES, HotPETs
  • 2012: USENIX FOCI

Grants and Achievements

  • Runner-up for the Caspar Bowden Award for Outstanding Research in Privacy Enhancing Technologies (2021)
  • Runner-up for the The Andreas Pfitzmann Best Student Paper Award (2021)
  • Runner-up for the CNIL-Inria Privacy Protection Prize (2020)
  • Postdoctoral Research Fellowship, FWO, Research Foundation - Flanders (2019-2022)
  • Mobile Web Inspector: A Mobile Web Measurement Tool for JavaScript Analysis (2020-)
  • Future of Privacy Forum’s Annual Privacy Papers for Policymakers Award (2020)
  • Runner-up for the Caspar Bowden Award for Outstanding Research in Privacy Enhancing Technologies (2018)
  • Finalist for the Best Paper Award at the ACM CCS (2017)
  • Runner-up for the Caspar Bowden Award for Outstanding Research in Privacy Enhancing Technologies (2015)
  • FWO Long-term Travel Grant (August-Sep 2014)
  • Privacy Enhancing Technologies Symposium​ Stipend (2013, 2014, 2016)
  • UNICEF-Turkey Student Grant​ for the IAMCR Conference (2011)

Talks

No Boundaries: Data Exfiltration by Third Parties Embedded on Web Pages

  • Brave Research Reading Group, online, 11 February 2021
  • MIT CSAIL Security Seminar, online, 17 December 2020
  • The US Senate (private briefing to senate staffers; hosted by Rafi Martina) - Washington, D.C., 28 February 2018
  • PrivacyCon 2018, Federal Trade Commission (FTC) - Washington, D.C., 28 February 2018
  • Electronic Frontier Foundation (EFF) - San Francisco, CA, 2 February 2018
  • International Computer Science Institute (ICSI) - Berkeley, CA, 1 February 2018

Dark Patterns at Scale: Findings from a Crawl of 11K Shopping Websites

  • Symposium Consumer and Data Privacy: The Digital Revolution of Legal, Social and Economic Interaction - Maastricht, January 24, 2020
  • Mozilla Security Research Summit - Vienna, 8 November 2019
  • Maastricht Law & Tech Lab launching event - Maastricht, 17 October 2019

How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services

Battery Status Not Included: Assessing Privacy in Web Standards

  • IETF Privacy Enhancements and Assessments Research Group (PEARG) - 7 November 2018

Online Tracking Technologies and Web Privacy

  • European Data Protection Supervisor (EDPS) Working Meeting, Leuven, 20 June 2017

Advanced Online Tracking: A look into the Past and the Future

  • University College of London, Academic Centre of Excellence for Cyber Security Research - London, 24 November 2016

Web Privacy & Tracking

User Control over Web Tracking

  • II. Internet Privacy Engineering Network (IPEN) Workshop - Leuven, 5 June 2015

Facebook's Tracking Capabilities Through Social Plug-ins

  • Belgian Privacy Commission - Brussels, 9 March 2015

The Web Never Forgets: Persistent Tracking Mechanisms in the Wild

  • IMDEA Software - Madrid, 30 October 2015
  • Dutch Data Protection Agency - The Hague, NL, 16 October 2014
  • UC Berkeley, TRUST Security Seminar - Berkeley, CA, 11 September 2014

FPDetective: Dusting the Web for Fingerprinters

  • French Data Protection Agency (CNIL) - Paris, 7 April 2014
  • Federal Trade Commission (FTC), Bureau of Consumer Protection, New York City, NY, 21 February 2014

Obfuscation for and against Device Fingerprinting

  • Symposium on Obfuscation at NYU, New York City, NY, 15 February 2014

Software

GitHub: @gunesacar

Lead developer:

  • tor-browser-selenium Tor Browser automation with Selenium 59 forks, 66 dependent repositories (as of 12/2020) including the SecureDrop whistleblower platform by the Freedom of the Press Foundation. Used in numerous studies involving Tor Browser automation.
  • fpdetective: A crawler based on a modified Chromium to detect font-based fingerprinting (CCS’13)
  • modCrawler: A crawler based on a modified Firefox to detect canvas fingerprinting (CCS’14)
  • privacy-policy-historical: The web frontend and GitHub backend for the Princeton-Leuven Longitudinal Corpus of Privacy Policies (WWW'21)
  • OpenWPM-mobile: A mobile web privacy measurement framework based on OpenWPM (CCS’18)

Contributed to:

Press

Press coverage

Media collaborations

Contact

  • Email: g.acar@cs.ru.nl
  • Address: Mercator 1 Toernooiveld 212 6525 EC NIJMEGEN The Netherlands
  • Office: 03.01
  • Tel: +31 24 36 52 077