Iskander Sanchez-Rola

Iskander Sanchez-Rola

Iskander Sanchez-Rola

Iskander Sanchez-Rola is currently Principal Researcher. He holds a Ph.D. in Computer Science from the University of Deusto (Spain), advised by Igor Santos and Davide Balzarotti. He has carried out various research stays, including CERT Coordination Center in Carnegie Mellon University, EURECOM, and University of California, Santa Barbara.

His main research interest is web security and privacy (e.g., user tracking or browser fingerprinting), and has authored multiple research papers in top venues.More information about him can be found on his personal website:

Selected Academic Papers

Journey to the Center of the Cookie Ecosystem: Unraveling Actors' Roles and Relationships

In Proceedings of the 42nd IEEE Symposium on Security and Privacy (S&P 2021) Our analysis lets us paint a highly detailed picture of the cookie ecosystem, discovering an intricate network of connections between players that reciprocally exchange information and include each other's content in web pages whose owners may not even be aware.

Can I Opt Out Yet? GDPR and the Global Illusion of Cookie Control

In Proceedings of the 14th ACM Asia Conference on Computer and Communications Security (ACM ASIACCS 2019)
We evaluate both the information presented to users and the actual tracking implemented through cookies; we find that the GDPR has impacted website behavior in a truly global way, both directly and indirectly. On the other hand, we find that tracking remains ubiquitous.

Dirty Clicks: A Study of the Usability and Security Implications of Click-related Behaviors on the Web

In Proceedings of The Web Conference (WWW 2020)
We present the first comprehensive study of the possible security and privacy implications that clicks can have from a user perspective, analyzing the disconnect that exists between what is shown to users and what actually happens after.

BakingTimer: Privacy Analysis ofServer-Side Request Processing Time

In Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC 2019)
We propose a new history sniffing technique based on timing the execution of server-side request processing code. This method is capable of retrieving partial or complete user browsing history, and it does not require any permission.

click to top

Back to Top