Sid Stamm / Bio
Sid Stamm is the Lead Privacy Engineer at Mozilla and is responsible for overseeing a team of engineers focused on integrating transparency and privacy into the fabric of the Web by building tools to give users more choice and control over their personal data online. Sid joined Mozilla in 2009 and has designed and developed many of the security and privacy-related features in Firefox including Do Not Track and Content Security Policy. He is the author of a number of privacy-related Firefox Add-ons including, Force TLS and Universal Behavioral Advertising Opt-Out. Sid has written and published numerous papers on privacy and security and holds a Ph.D in computer Science from the Indiana University.
Ever since I can remember I've liked tinkering with things -- taking them apart, seeing how they work, changing them a little and seeing if I can put them back together. When I was a kid, I constructed a makeshift sail that can be attached to roller skates and used it to accelerate down a hill in a church parking lot, putting many cars at risk of kid-shaped dents. I am tropically inclined (I like sandy beaches), and am often motivated by the concept of a vacation, a deadline, or the possibility of competition.
When I was 13, I took a summer job at a large telephone company and learned a little bit about IT infrastructure. I got an "in" with my local Telco technicians and learned how to wire POTS, T1 lines, and experimented with a brand new technology called "ISDN". For some odd reason, I have a memory of hanging out with my Mom and a few telco execs who were talking about this thing called "xDSL" that would be the wave of the future. I just laughed because I was so amazed by ISDN, I couldn't imagine yet another new digital link would come out so soon. After all, weren't we supposed to get fiber lines?
At this point in my life, I was interested in social deviants (ahem, Hackers and Phreaks) and how they came up with crazy stuff like blue boxes. In a sad attempt to become an electrical genius (taking apart a handheld TV with hopes of making a Van Eck device) I burned myself with hot solder. My interests quickly shifted to social engineering.
In college, I gave up on my goals of becoming a security expert and decided to become the best damn programmer I could. This is where I met a security guru who, when asked how he became so accomplished, gave me the best advice for an aspiring anything: "Read and try everything you can. If you spend enough time on something, you'll end up an expert." I didn't believe him -- he seemed to know things that only come with talent. Little did I know, he was right.
I went off to grad school in hopes of figuring out what I wanted to do (I was more-or-less scared of the real world, after having worked internships at many companies). I dabbled in this and that, started focusing on programming languages, then the school started hiring Security faculty. I quickly reverted back to my old interests.
Research: I'm currently researching security concepts in the (dismal) world wide web, and more generally, the Internet. Created as an information sharing tool, it is now a humongous Metaverse where people get lost and swindled. My interests are both in the arena of exploiting Internet technologies and also fixing them. My Ph.D. dissertation was a whack at understanding problems with web technologies at a fundamental level, and fixing many various problems with a big stick.
I've played with mobile devices (like the iPhone) and wifi routers (the kind you use to make your home Broadband Internet connection more usable) and created a proof-of-concept hack that indirectly makes a router a man-in-the-middle to enable Pharming. Some work I've done involves Invasive Browser Sniffing whereby a website can learn about your browser history using some CSS tricks. My advisor and I also developed some countermeasures to this "problem" that can be deployed by worried website owners who want to protect their customers.
I'm employed by Mozilla, and I do a variety of security and privacy related work. I was one of the main developers on Content Security Policy, and have been working with researchers to figure out how we can better secure the web and keep our users' data private.