I track the Privacy Sandbox migration process since it's day 1 announcement. Having written some notes about architectural aspects, initial assessments, including identification of data leaks, When analysing the proposals and imagining the future system, I realised that there's a need to somehow guide the future Read More
This April, cryptography and security community have been stirred by a new research from Yilei Chen. If the claimed result held it could potentially impact the security of applied cryptography, especially in the era of quantum computing. This work was very difficult to immediately understand due to its complexity. But Read More
There’s no question that disinformation, propaganda, and manipulation threaten the election process. The increased transition of societies to online interactions induces those vulnerabilities. Technical developments like generative AI content and the ability to reach wide audiences only help in the creation of digital propaganda. Fortunately, we are not exactly Read More
Privacy of ambient light sensor revisited Read More
Data protection (GDPR) complaint against unlawful data processing by OpenAI's GPT. Infringement of data protection principles and data protection by design. Read More
This is an accompanying post about the contents of my LL.M. dissertation devoted to Protected Audience API. The initial post, considering privacy and data protection, is here. This post is devoted to aspects of competition, an important element of the debate around the phasing out of third-party cookies, and Read More
Data protection assessment of Privacy Sandbox's Protected Audience API. It can be deployed and designed in compliance with GDPR. Read More
2023 began unexpectedly difficult due to a serious health condition (and surgery), but now it’s fine - I just need to keep track of regular monitoring/tests. The first month resonated with the rest of this year. However, I managed to do quite a lot of stuff this year. Read More
My name is Lukasz Olejnik. I have been disabled since the end of primary school. In 1999, I underwent a brain tumor surgery in a very difficult location. It goes without saying that the consequences of such a procedure can be very serious; in my case, it resulted just in Read More
In 2023 (nearly 10 years after my PhD graduation) I was awarded the title of Master of Law (LL.M.; with distinction). The topic of my dissertation is very current and I will make it public soon. Here I write a few words about the studies. For starters, it aligns Read More
Philosophy of Cybersecurity by Lukasz Olejnik. Book about cybersecurity, risks, including cyberwar. Read More
The European Commission presented a proposal for a regulation introducing the digital currency euro. It is the so-called CBDC (central bank digital currency). Unfortunately, the content of this regulation is disturbing. Let's start with the fact that reconciling the very idea of "decentralization of payments" and Read More
This post about cybersecurity, cyberwarfare and international law is exploring the cross sections between technology, law, and policy. Previously I analysed some strategic documents of various States (e.g. 1, 2, 3, 4, 5, 6). So to speak: I know this landscape quite well. In 2023 the landscape is mature Read More
A Russian zero-day exploit purchase site is interested in tools for hacking of Electric Vehicle Charging Stations. This raises a number of questions. Why would anybody want to hack such targets? Also, why would Russian entities (in particular) be interested in such targets? The best answer to these is “good Read More
This is the year of cyberwarfare. Activities during the Russian war in Ukraine show it very clearly. But this post is about reports, cyber threat intelligence, and communication of the kind. Crucial at high-tension times, they should be crisp. We should consider/expect high level of quality/competencies when composing Read More
As privacy engineering is getting more and more mature as a field in some settings experts are creating a "privacy checklist" of things to have. It's useful in design, development, and deployment, but also audits. Many useful things could be added to such a list. Of Read More
In 2019 I argued and explained that we are in the midst of a perfect storm that the privacy debate has caused. I predicted the impact on the web architecture, and the web platform. The thing that billions of people use every day, that is. These very basic building fabrics Read More
The European Union is regulating disinformation. Well, sort of. While the issue is indeed discussed in regulations such as the Digital Services Act, it seems that the “executive” arm is the Code on Disinformation, as of now strengthened. It builds on the previous 2018 version which I criticised here. The Read More
Some time ago I wrote about “how GDPR fines work”, be calculated, including what technical aspects may be considered during such a calculation, the article is here, and it is quite a case study. It’s still good and all, but this time, finally, EU data protection authorities agreed on Read More
Is the US building Stuxnet 2/3? Cyber tools that can act behind isolated (even air-gapped) networks to cause physical destruction, sometimes called “cyber weapons”, a generalised term, not exactly justified considering how such tools work (but in simplified cases, it is sometimes used). This was the functionality of Stuxnet Read More
A very dangerous cyber tool has been identified and analysed. It’s targeting industrial control systems - the hardware/software that is often running at industrial sites (like manufacturing, but also power grids, nuclear plants, and go figure). Based on these analyses, I make a big picture assessment. Created by Read More
Privacy and data protection assessment of the eID Regulation. This assessment is prepared in response to a request by the LIBE Secretariat in the name of the MEP Cristian Terhes (rapporteur of eID file; requested on 19.01.2022). The focus of this assessment is data protection and privacy. Although Read More
Can phishing precautions and training cause harm? It turns out this may be true in many cases. Phishing is the act of gaining a victim's confidence to convince them to engage in self-harming activities, for example leading to self-hacking their systems, parting with money, or data. Or of Read More
I already devoted some space to cyber insurance. Since then, the situation evolved. Oh no, cyber insurance Cyber insurers have a big problem: it is unclear how to “assess” the risk. Some events might be especially tricky. This means a lot of risk to the insurers. They are, for example, Read More
Europe is continuing its fight against mechanised political influence, propaganda, disinformation. Package restricting the use of targeted political ads is the new chapter. In this note, I critically analyse the proposals. This analysis will also help to understand what might lie ahead for non-political ads in the future. It’s Read More