AI-enabled browsers add an agentic layer across email, calendars, and connected apps. Or just allow mechanisation of a web browser via AI. Having been a routine user of web browser automation tools since 15+ years, I appreciate the new potential. However, it is important to note that the web platform, Read More
Quantum information processing and quantum technologies are in the spotlight. Quantum computing specifically, thanks to the reports of the Quantum Supremacy result. The field got a 2025 Nobel Prize and rightly so. The ongoing process will measurably transform technology, funding, to some degree even certain areas of policy in very Read More
There’s a steady trend in web browser threat landscape. It's about cryptocurrency wallet stealing when attackers are preparing malicious Firefox extensions that mimic real wallets to steal seed phrases. Seed phrases enable full access to a crypto wallet, allowing anyone who has them to restore, control, and Read More
The Model Context Protocol (MCP) is an open standard that enables large language models to interact with external tools and data sources. Unlike traditional API integrations, MCP provides a standardized interface for AI models to access specialized functionality without requiring custom implementations for each use case. MCP addresses the problem Read More
Online inference with large language models carries serious privacy risks that many users underestimate. Prompts—often containing passwords, emails, private thoughts, medical data, intimate details, and business data—are sent in plain text and processed by third-party servers. These prompts can be seen not only by the major providers but Read More
Qwen3, an open weight large language model (LLM) developed by Alibaba, introduced a feature that stands out: the ability to switch between reasoning-intensive “thinking” mode and lightweight “non-thinking” mode within a single model. In the thinking mode, the model generates an internal <think>...</think> block containing Read More
This may well be one of the greatest strategic and business U-turns of the century: backtracking on a project more than seven years in the making, and an attempt to reshape an entire web ecosystem and its funding model. Google’s recent decision to halt its plans to phase out Read More
Protecting personal data when using blockchain technology is tricky, may be full of surprises, and cumbersome. According to the European Data Protection Board opinion, which this assessment and advice is inspired with, the inherent characteristics of blockchain—like immutability or decentralisation—pose serious compliance issues with the General Data Protection Read More
A new proposal to reduce the granularity of the Accept-Language header aims to decrease web fingerprinting surface to improve user privacy and reduce risks. Problem Today, when we connect to a website, the browser sends an Accept-Languageheader listing all of our preferred languages — often including specific locales like en-US, fr-CA, Read More
Web browsing history powers helpful features like styling visited links differently, allowing users to see where they've been before. While this usability feature provides navigational benefits, it also introduces a privacy risk. The handling of visited links happened to be a silent backdoor of a kind, allowing malicious Read More
Ten years ago, I defended my Ph.D. thesis at the French INRIA (now: Institute for Research in Digital Science and Technology). It feels like the right time to reflect on how the privacy landscape has evolved since then. At that time, web privacy leaks and tracking were widespread. However, Read More
Pseudonymisation is a technical and organisational measure and a data protection measure under the GDPR. It is a risk-reduction measure that minimizes the likelihood and impact of data protection breaches. It allows for controlled re-identification through stored additional information (secret information). Unlike anonymisation, which irreversibly removes the ability to link Read More
The Supreme Court’s decision to uphold the Protecting Americans from Foreign Adversary Controlled Applications Act is a significant moment for both technology and geopolitics. Beginning January 19, 2025, TikTok is to be removed from U.S. app stores unless it completely severs its ties with its Chinese parent company, Read More
Meta considers a future where AI-generated bots, avatars or artificial accounts seamlessly integrate into its platforms, filling networks with artificial agents that mimic human users. I must repeat: according to the (so far vague) remarks, these bots are supposedly to interact with people, generate content, and have profiles indistinguishable from Read More
The year began with more positive tones than 2023, setting me on a trajectory to work on a second book, which I completed this year. Book I published a second book: Propaganda: From Disinformation and Influence to Operations and Information Warfare (you may get it in many places, for example Read More
While I once hoped 2017 would be the year of privacy, 2024 closes on a troubling note, a likely decrease in privacy standards across the web. I was surprised by the recent Information Commissioner’s Office post, which criticized Google’s decision to introduce device fingerprinting for advertising purposes from Read More
The Background Sync API (alternatively, periodic) enables web apps to defer tasks until the user has a stable connection. It may be useful for apps processing data offline. It introduces curious capabilities in web platforms, so it's important to understand the security and privacy footprint. Here I explore Read More
Are risks related to the processing of personal data, as referenced in the GDPR, fixed and exhaustive? They are not. The regulation provides a non-exhaustive list of risks solely as a foundation for protecting fundamental rights. Administrators must assess and address additional, context-specific risks beyond those explicitly listed. This requires Read More
Promoting disinformation out of proportions can cause harm. But how so, after all, it informs about the issue? Well, without this information, perhaps the disinformation content would not reach wider audiences at all. The propagandists would have failed.... How to boost Russian propaganda? The SDA, Disinformation Factory, employed over 100 Read More
My 2nd book is out. That was a long and eventful journey. In short, lots of work. Get it from any store of your choice, like Amazon or Routledge (but be sure to understand that the ebook format from this place is specific). Thanks for reading Lukasz Olejnik on Cyber, Read More
We are at a historical moment where countries are introducing regulations of content distributed online and via social media. In Europe, such regulation is the Digital Services Act (DSA), which is still in its early phases, and we are yet to see its full impact and enforcement in action. Content Read More
Technological advances and rising risks posed by cyberattacks, AI, and autonomous systems are outpacing the rules. This shift blurs the lines between civilians and combatants, threatening core principles of warfare and civilian protection. Changes in our world occurring faster than ever before. The concern of International Committee of the Red Read More
We live in the information age. We are subjected to stimuli or informational influences in various forms. It can be text, sound, images, videos. Posts in social media, articles, news. Made by a wide variety of creators, authors, institutions, organisations, manufacturers, services operating openly or covertly. Developments in technology are Read More
The big day arrived. The UK Competition and Markets Authority (CMA) finally agreed for Google to phase out third-party cookies. That's terrific because it improves user welfare. Furthermore, no grace period was requested. Google could do it even today. The catch? Only on iOS, Apple's operating Read More
Google announced that they are... Not phasing out third-party cookies? And after 4+ years of development, this is a striking change. I explain what to make out of it. Fast-forward: unclear for at least 1-2 months. It is a response to part of industry criticism, but also regulatory oversight. At Read More