Asmit Nayak

Asmit Nayak

Research Assistant

University of Wisconsin-Madison

About Me

I am a Ph.D. student in Computer Science at the University of Wisconsin-Madison, advised by Prof. Kassem Fawaz, where I research Applied ML in Usable Privacy. My work focuses on enhancing Online Safety and Transparency by building Automated Systems leveraging Large Language Models (LLMs), Computer Vision, and Systems Security techniques.

I apply these methods to challenges such as Detecting Deceptive Web Patterns, Analyzing Browser Extension risks, and Understanding Privacy Labels.

Education

Ph.D. in Computer Sciences

University of Wisconsin-Madison

2021 - Present

Advisor: Kassem Fawaz

B.S. in Computer Engineering

University of Wisconsin-Madison

2018 - 2021

Honors: Dean's List - 2019, 2020, 2021

B.S. in Computer Sciences

University of Wisconsin-Madison

2018 - 2021

In the News

News on Detecting Malicious Browser Extension

"UW-Madison research proves your browser extension could grab your password and sensitive info"

Channel 3000, October 31, 2023. [Read More]

"From ********* to EZacces$! Your browser extension could grab your password and sensitive info"

UW News, October 27, 2023. [Read More]

News on Automated Enforcement of Cookies

"AI-powered browser extension to automatically click away cookie pop-ups now promised"

The Register, April 12, 2022. [Read More]

"A clever new browser extension eliminates one of the worst problems with the web"

techradar, April 13, 2022. [Read More]

Selected Publications

For the full list of publications, see Publications, or visit my Google Scholar profile.

Asmit Nayak , Shirley Zhang Info , Yash Wani Info , Rishabh Khandelwal , Kassem Fawaz (2024)

Automatically Detecting Online Deceptive Patterns in Real-time

In ArXiv Pre-Print

PDF

Rishabh Khandelwal Info , Asmit Nayak Info , Paul Chung , Kassem Fawaz (2024)

Unpacking Privacy Labels: A Measurement and Developer Perspective on Google's Data Safety Section

In USENIX Security 2024

PDF

Asmit Nayak Info , Rishabh Khandelwal Info , Earlence Fernandes , Kassem Fawaz (2024)

Experimental Security Analysis of Sensitive Data Access by Browser Extensions

In The Web Conference 2024

PDF

Experience

Wisconsin Privacy and Security Group logo

Research Assistant

Wisconsin Privacy and Security Group

Jun 2022 - Present Madison, WI

Responsibilities include:

  • Did cool research on privacy.
  • Published groundbreaking papers.
S3D Carnegie Mellon University logo

Visiting Researcher

S3D Carnegie Mellon University

Feb 2025 - May 2025 Pittsburgh, PA

University of Wisconsin-Madison logo

Graduate Teaching Assistant

University of Wisconsin-Madison

Aug 2021 - Dec 2022 Madison, WI

Responsibilities include:

  • Delivered guest lectures on Reinforcement Learning during the Summer 2022 term.
Wisconsin Privacy and Security Group logo

Research Intern

Wisconsin Privacy and Security Group

May 2021 – Aug 2021 Madison, WI

Responsibilities include:

  • Created the CookieEnforcer web-extension in JS to automatically disable unnecessary cookies.
  • Created a server in Django to conduct User Studies and collect user data to conduct statistical analysis on it.
  • Created the backend server to interact with the CookieEnforcer web-extension.
  • Worked towards building the base model to support a web extension to automatically set and dismiss cookie notices
Wisconsin Privacy and Security Group logo

Undergraduate Research Assistant

Wisconsin Privacy and Security Group

Jun 2020 – May 2021 Madison, WI

Responsibilities include:

  • Worked on using NLP techniques and group them based on similarity using unsupervised learning.
  • Created a text-extraction program to extract immediate texts from the raw HTML code, based on their relative position to the main element.

Projects

Thumbnail for Automated Detection of Deceptive Patterns on Web

Automated Detection of Deceptive Patterns on Web

2024-05 – Present

To combat deceptive web design, I created a multi-modal framework for performing Deceptive Pattern classification from website screenshots. My contributions included developing a pipeline to generate synthetic websites with automatic element localization, which I used to fine-tune YOLOv10 models for visual analysis. Additionally, I developed an LLM-assisted annotation process to build a unique DP dataset, which I then used to distill efficient T5 and small LLM models for deceptive pattern detection.

Thumbnail for Understanding Privacy Labels - Google & Apple

2023-05 – 2024-05

My work focused on examining the effectiveness and consistency of Google's Data Safety Section (DSS). I designed and implemented a mixed-methods approach to analyze DSS practices, which revealed significant reporting inconsistencies and trends. To understand the developer perspective, I conducted a user study highlighting their struggles and strategies when submitting DSS information, pointing to a need for better guidelines. Furthermore, I developed a system to automatically identify cross-listed apps on the Play Store and App Store and scrape their respective privacy labels. Analyzing these labels allowed me to identify and characterize inconsistencies in privacy disclosures across platforms.

Thumbnail for Detecting Malicious Browser Extension

2022-10 – 2023-05

I conducted an extensive study into browser extension security risks. I demonstrated vulnerabilities in Chrome's review process by developing a proof-of-concept extension that bypassed Web Store checks. Through my analysis of 10K+ domains and 160K+ Chrome extensions, I identified critical security loopholes related to password protection and permissions. Additionally, I created an LLM-powered framework to automate the advanced analysis of extension code for detecting sensitive data access and malicious behavior.

Thumbnail for Automated Enforcement of Cookies

2021-05 – 2022-09

An automated system using machine learning to analyze website cookie notices and enforce the most privacy-preserving options for users.