Protecting personal data when using blockchain technology is tricky, may be full of surprises, and cumbersome. According to the European Data Protection Board opinion, which this assessment and advice is inspired with, the inherent characteristics of blockchain—like immutability or decentralisation—pose serious compliance issues with the General Data Protection Read More
A new proposal to reduce the granularity of the Accept-Language header aims to decrease web fingerprinting surface to improve user privacy and reduce risks. Problem Today, when we connect to a website, the browser sends an Accept-Languageheader listing all of our preferred languages — often including specific locales like en-US, fr-CA, Read More
Web browsing history powers helpful features like styling visited links differently, allowing users to see where they've been before. While this usability feature provides navigational benefits, it also introduces a privacy risk. The handling of visited links happened to be a silent backdoor of a kind, allowing malicious Read More
Ten years ago, I defended my Ph.D. thesis at the French INRIA (now: Institute for Research in Digital Science and Technology). It feels like the right time to reflect on how the privacy landscape has evolved since then. At that time, web privacy leaks and tracking were widespread. However, Read More
Pseudonymisation is a technical and organisational measure and a data protection measure under the GDPR. It is a risk-reduction measure that minimizes the likelihood and impact of data protection breaches. It allows for controlled re-identification through stored additional information (secret information). Unlike anonymisation, which irreversibly removes the ability to link Read More
The Supreme Court’s decision to uphold the Protecting Americans from Foreign Adversary Controlled Applications Act is a significant moment for both technology and geopolitics. Beginning January 19, 2025, TikTok is to be removed from U.S. app stores unless it completely severs its ties with its Chinese parent company, Read More
Meta considers a future where AI-generated bots, avatars or artificial accounts seamlessly integrate into its platforms, filling networks with artificial agents that mimic human users. I must repeat: according to the (so far vague) remarks, these bots are supposedly to interact with people, generate content, and have profiles indistinguishable from Read More
The year began with more positive tones than 2023, setting me on a trajectory to work on a second book, which I completed this year. Book I published a second book: Propaganda: From Disinformation and Influence to Operations and Information Warfare (you may get it in many places, for example Read More
While I once hoped 2017 would be the year of privacy, 2024 closes on a troubling note, a likely decrease in privacy standards across the web. I was surprised by the recent Information Commissioner’s Office post, which criticized Google’s decision to introduce device fingerprinting for advertising purposes from Read More
The Background Sync API (alternatively, periodic) enables web apps to defer tasks until the user has a stable connection. It may be useful for apps processing data offline. It introduces curious capabilities in web platforms, so it's important to understand the security and privacy footprint. Here I explore Read More
Are risks related to the processing of personal data, as referenced in the GDPR, fixed and exhaustive? They are not. The regulation provides a non-exhaustive list of risks solely as a foundation for protecting fundamental rights. Administrators must assess and address additional, context-specific risks beyond those explicitly listed. This requires Read More
Promoting disinformation out of proportions can cause harm. But how so, after all, it informs about the issue? Well, without this information, perhaps the disinformation content would not reach wider audiences at all. The propagandists would have failed.... How to boost Russian propaganda? The SDA, Disinformation Factory, employed over 100 Read More
My 2nd book is out. That was a long and eventful journey. In short, lots of work. Get it from any store of your choice, like Amazon or Routledge (but be sure to understand that the ebook format from this place is specific). Thanks for reading Lukasz Olejnik on Cyber, Read More
We are at a historical moment where countries are introducing regulations of content distributed online and via social media. In Europe, such regulation is the Digital Services Act (DSA), which is still in its early phases, and we are yet to see its full impact and enforcement in action. Content Read More
Technological advances and rising risks posed by cyberattacks, AI, and autonomous systems are outpacing the rules. This shift blurs the lines between civilians and combatants, threatening core principles of warfare and civilian protection. Changes in our world occurring faster than ever before. The concern of International Committee of the Red Read More
We live in the information age. We are subjected to stimuli or informational influences in various forms. It can be text, sound, images, videos. Posts in social media, articles, news. Made by a wide variety of creators, authors, institutions, organisations, manufacturers, services operating openly or covertly. Developments in technology are Read More
The big day arrived. The UK Competition and Markets Authority (CMA) finally agreed for Google to phase out third-party cookies. That's terrific because it improves user welfare. Furthermore, no grace period was requested. Google could do it even today. The catch? Only on iOS, Apple's operating Read More
Google announced that they are... Not phasing out third-party cookies? And after 4+ years of development, this is a striking change. I explain what to make out of it. Fast-forward: unclear for at least 1-2 months. It is a response to part of industry criticism, but also regulatory oversight. At Read More
The Digital Markets Act is one of the least understood EU technology laws, yet it has tangible impacts—both positive and negative—on the technology landscape. We’ll use the opportunity to study an interesting and real-world case. It concerns the practice of Chrome preloading its web browser extension so Read More
TLS is the fundamental protocol facilitating secure web browsing. Simply speaking it identifies the server identity and establishes an encrypted connection. That’s how we may securely use banking, do shopping, and do other things we take for granted. Establishing such a connection comes with a performance footprint because computation Read More
I track the Privacy Sandbox migration process since it's day 1 announcement. Having written some notes about architectural aspects, initial assessments, including identification of data leaks, When analysing the proposals and imagining the future system, I realised that there's a need to somehow guide the future Read More
This April, cryptography and security community have been stirred by a new research from Yilei Chen. If the claimed result held it could potentially impact the security of applied cryptography, especially in the era of quantum computing. This work was very difficult to immediately understand due to its complexity. But Read More
There’s no question that disinformation, propaganda, and manipulation threaten the election process. The increased transition of societies to online interactions induces those vulnerabilities. Technical developments like generative AI content and the ability to reach wide audiences only help in the creation of digital propaganda. Fortunately, we are not exactly Read More
Privacy of ambient light sensor revisited Read More
Data protection (GDPR) complaint against unlawful data processing by OpenAI's GPT. Infringement of data protection principles and data protection by design. Read More