Jonathan Kingston

• Led cross-platform technical design, authoring foundational architectural designs adopted across Apple, Android, Windows, and Extension platforms, spanning privacy infrastructure, experimentation frameworks, and AI features.
• Drove AI feature development from research to production for Duck.ai: page context architecture, relevance-based content selection, evaluation pipelines, and MHTML-based snapshot formats. Reduced model-attached context by over 25% with no loss in answer recall.
• Designed and maintained a shared AI-assisted development environment spanning all company codebases: a coordination monorepo providing build tooling, prompt engineering, test suites, and shared context for AI agents, enabling engineers to work across unfamiliar repositories and review code via cloud agents asynchronously. Currently extending this with agentic website testing built in Rust on endpoint machines.
• Built automation systems that extended team capacity: created review automation for privacy configuration changes handling roughly 1/6th of all config reviews, and applied AI-assisted workflows to privacy triage and bug investigation, reducing workloads that would otherwise overwhelm manual capacity.
• Advised on 25+ projects spanning web security, browser architecture, and AI privacy, mentoring engineers through cross-platform integration challenges and architectural decisions while building documentation, tooling, and direct support to develop independent capability and reduce key-person risk.
• Developed reporting dashboards in Python to surface cross-platform breakage patterns, prioritise investigations, and track resolution progress across browser engines.
• Instigated cross-platform code sharing infrastructure in Swift, Kotlin, and TypeScript, including JavaScript content script framework, remote privacy configuration, and experimentation frameworks used across all platforms.
• Co-managed an external partnership to integrate a Chromium-based WebView (C++, C#) into the Windows application.
• Designed and implemented robust fingerprinting resistance mechanisms preventing invasive trackers.
• Led web compatibility investigations across browser engines, managing a pipeline of over 50 known issues (from core rendering, DOM, and API breakages to cross-platform architectural regressions) across four platforms. Advised projects to resolve breakages at scale through Client Hints and on-device monitoring capabilities, and communicated findings to engine partners and standards bodies.
• Consistently identified simpler architectural alternatives to complex proposals, reducing scope and unblocking dependent work across teams.

Part of the research and development team responsible for reverse engineering advertising malware.

• Reported and mitigated same origin vulnerabilities within web browsers.
• Added sandboxing feature to Firefox and reported/fixed other browser security issues.
• Discovered and mitigated new categories of malvertising.
• Implemented new development practices and processes.

Firefox Content Security Team

Worked in several teams at Mozilla and promoted to Senior Engineer and a DOM security peer. Worked on a wide array of privacy and security areas ranging from the HTML parser, networking, security sensitive code and the UI of Firefox. Worked in Rust, JavaScript, C++ across all common operating systems.

Content Security

• Module peer for DOM:Security responsible for CSP, SRI, Mixed Content Blocker and integral security implementations of loading documents along with isSecureContext.
• Security bug triage and analysis. Diagnosis of critical security flaws in various products.
• Reduction of problematic attack vector API surface areas such as Application Cache and unprompted sensor usage.
• Drove HTTPS adoption through mixed content reduction and implementation of HTTPS-only mode.
• Conducted candidate interviews and hiring reviews. Mentored Outreachy candidates, running projects and providing direct technical guidance.

Product Innovation

• Built the Secure Proxy extension from early prototype to public beta and continued maintenance.
• DNS Over HTTPS (DoH), involved from the initial measurement experimentation to the implementation and US rollout.
• Facebook Container, involved from the initial prototype to code auditing and review. Responsible for the underlying Containers technology in the browser.

Cyber security education and auditing

• Responsible for managing front end architecture and development of secure education, training and auditing platforms.
• Introduction of development methodologies and changing company practice.

Internet products and services (123-reg)

• Architect of the domain search page and back office. Enhanced 'first meaningful result' performance to under a second, improving conversion.
• Mentor to developers; responsible for maintaining coding standards, cookbooks and training documents.

Earlier Career

Insight, Senior Developer (Jan 2011 - Dec 2012) · Scratchmedia, Lead PHP and Rails Developer (Sep 2009 - Jan 2011) · Vidicom / Boku, Lead PHP and Front End Developer (Aug 2007 - Aug 2009) · Scratchmedia, Freelance Web Developer (Feb 2006 - Aug 2007)

Member of the W3C TAG Privacy Principles task force (representing DuckDuckGo), contributing to a foundational specification for privacy on the web platform.

Privacy reviewer for the W3C Privacy Interest Group, reviewing web specifications for privacy implications.

Spoke at the WebAppSec Berlin F2F on Ember's SRI implementation. Contributed to CSP, SRI, and Credential Management API specifications. Ongoing contributions to WHATWG HTML and W3C web platform specs.

Investigating MHTML as a self-contained, high-fidelity web page format for use in retrieval-augmented generation pipelines, evaluation workflows, and web archival. Cross-browser research into MHTML rendering and serialisation behaviour, with contributions to Chromium and Firefox issue trackers and canvas proposal documented on my blog.

Open-source Chrome extension for capturing high-fidelity web page snapshots using MHTML and annotating them for labelling and review. Designed for building question-answering datasets from real web content, training data for retrieval and RAG systems, and structured content review workflows.

macOS menubar app providing system-wide voice-to-text transcription using on-device Whisper models via CoreML. All processing runs locally - voice data never leaves the device. Built in Swift with features including intelligent punctuation inference, smart model management, and voice commands.

Dissertation focus: on-device agentic AI, exploring on-device models for decision making in web interaction and breakage detection. Informed by my professional browser engineering experience.