Sid is Associate Professor of Computer Science and Software Engineering at Rose-Hulman Institute of Technology, where he studies and teaches security, privacy, and computer systems. His research focuses on online identity theft, tracking (web and physical devices), protection measures, web security policy, and data privacy. Sid designed and implemented many of the security and privacy-related features in Firefox including Do Not Track and Content Security Policy, and enjoys hacking on open source projects. He has published numerous papers on privacy and security and holds a Ph.D. in Computer Science from Indiana University. When he's not in front of a computer, he's usually at the controls of an airplane or underneath a leaky, broken car with a wrench.
Ever since I can remember I've liked tinkering with things -- taking them apart, seeing how they work, changing them a little and seeing if I can put them back together. When I was a kid, I constructed a makeshift sail that can be attached to roller skates and used it to accelerate down a hill in a church parking lot, putting many cars at risk of kid-shaped dents. I am tropically inclined (I like sandy beaches), and am often motivated by the concept of a vacation, a deadline, or the possibility of competition.
When I was 13, I took a summer job at a large telephone company and learned a little bit about IT infrastructure. I got an "in" with my local Telco technicians and learned how to wire POTS, T1 lines, and experimented with a brand new technology called "ISDN". For some odd reason, I have a memory of hanging out with my Mom and a few telco execs who were talking about this thing called "xDSL" that would be the wave of the future. I just laughed because I was so amazed by ISDN, I couldn't imagine yet another new digital link would come out so soon. After all, weren't we supposed to get fiber lines?
At this point in my life, I was interested in social deviants (ahem, Hackers and Phreaks) and how they came up with crazy stuff like blue boxes. In a sad attempt to become an electrical genius (taking apart a handheld TV with hopes of making a Van Eck device) I burned myself with hot solder. My interests quickly shifted to social engineering.
In college, I gave up on my goals of becoming a security expert and decided to become the best damn programmer I could. This is where I met a security guru who, when asked how he became so accomplished, gave me the best advice for an aspiring anything: "Read and try everything you can. If you spend enough time on something, you'll end up an expert." I didn't believe him -- he seemed to know things that only come with talent. Little did I know, he was right.
I went off to grad school in hopes of figuring out what I wanted to do (I was more-or-less scared of the real world, after having worked internships at many companies). I dabbled in this and that, started focusing on programming languages, then the school started hiring Security faculty. I quickly reverted back to my old interests.
Research: I'm currently researching socio-technical security problems in the (dismal) world wide web, and more generally, the Internet. Created as an information sharing tool, it is now a humongous Metaverse where people get lost and swindled. My interests are both in the arena of exploiting Internet technologies and also fixing them. My Ph.D. dissertation was a whack at understanding problems with web technologies at a fundamental level, and fixing many various problems with a big stick.
I've played with mobile devices (like the iPhone) and wifi routers (the kind you use to make your home Broadband Internet connection more usable) and created a proof-of-concept hack that indirectly makes a router a man-in-the-middle to enable Pharming. Some work I've done involves Invasive Browser Sniffing whereby a website can learn about your browser history using some CSS tricks. My grad school advisor and I also developed some countermeasures to this "problem" that can be deployed by worried website owners who want to protect their customers.
I teach things like computer architecture, digital forensics, privacy, and security at Rose-Hulman. I was one of the main developers on Content Security Policy in Firefox where I was a Principal Engineer, and am always searching for ways to better secure the web and keep your data safe.