Magnetometer is a less known sensor. It equips web browsers with the ability to read the magnetic field strength using the built-in magnetometer device sensors and the W3C Magnetometer API. It might be useful in some specific use cases such as peripheral devices (like a gamepad, to control the user’ Read More
I was hesitant to speak about contact tracing apps because so many people speak on the subject and the ratio of repeating the same cliches over and over is also high. Little insightful things are left to be said in this rather simple problem. But recently it emerged that a Read More
I never thought it would come to this but this is a privacy analysis is of the “ctrl-f”. You know, the find-in-page functionality: when the user wants to find an occurrence of the word “cat”, control-f shortcut or the manual menu selection opens the find-in-page prompt. So exciting? Perhaps not. Read More
I wanted to steer clear from the topic of SARS-CoV-19. But it is now clear that thee global coronavirus epidemic/spread introduces an extraordinary situation, warranting special considerations for individual and organization, as well as collective cybersecurity. We are all in this is due to a confluence of many related Read More
Recently the US has conducted a process modeled over Eisenhower-era Red-Teaming designed to figure out how to tackle the Cold War era risks posed by Soviet Union. Just applied to cybersecurity. Sounds exciting if not fuzzy? The report is now released and it is an extremely interesting strategic assessment. It Read More
Over the past few years, waves of shocking privacy misuses, data breaches, and abuses have crashed on the world's biggest companies and billions of their users. At the same time, many countries have bolstered their data protection rules. Europe set the tone in 2016 with the General Data Read More
Privacy vulnerabilities in mechanisms designed to improve privacy are not something expected. On the contrary, they are the last place where you’d expect a privacy bug. Intelligent Tracking Prevention (ITP) is an impressive feature of Safari, the default browser used on iPhones, iPads, and Macs. It was the first Read More
Ireland just released its cybersecurity strategy. It is a very interesting document because, considering the size of the country, Ireland is a crucial backbone of the EU digital economy. Ireland knows this and it mentioned in the strategy very prominently: around 30% of “data” are based in Ireland. Big global Read More
Users increasingly encounter moments when a website asks for permission to gather some personal data or access to their device hardware: "Can we access your GPS position? Your microphone or camera? Your Bluetooth? Can we send you push notifications about breaking news or premium chocolate subscription offers?" Permissions, Read More
Software can officially and formally be munitions. Since December 2019 offensive software even more so. At least in the context of the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, whose members are different countries around the world. The treaty regulates the selling of munitions Read More
Contrary to what you may read in the popular press, there are rules when it comes to cyberattacks. Today, probably all countries regulate cybercrime in domestic law. All countries agree also that international law rules apply to cyberspace, including cyberattacks and also cyberwarfare. I recently covered positions of two example Read More
The Netherlands recently released a document describing their views and position on the application of international law to cyberspace and cyberattacks. This is a very reasoned document and contains great insight. Just like a similar French document (with a big catch - see later; my analysis here), it is short Read More
Developments of the web introduce new ways of using technology. Sometimes the evolution brings positive changes that are not obvious initially. But some events highlight the significance. Like for example the periodic controversy about the removal of certain mobile apps from certain managed application stores (like Google Play, or Apple Read More
You may have heard of the cliché “there are no rules in cyberwar". It is false. There are rules. The trick is how those apply. Countries rarely speak clearly how they see or would see things. Most countries accept that international law applies to cyberspace, including to cyber operations Read More
Cyber conflicts involving state actors are quickly becoming a geopolitical reality. Perhaps the most cited example, the alleged Russian interference in the 2016 U.S. election, is a continued source of conflict in U.S.-Russia relations. The story took another turn last October when the U.S. Cyber Command Read More
Interesting proposals of web standards amending the way some aspects of web architecture work emerged from Apple and Google. This marks a pretty unprecedented competition over web architecture. The grand battleground is web standardization. As such it will happen in the open and involve the larger community. Web advertisements are Read More
Organizations voluntarily creating big public data breaches are rare. Recently it became widely known that the Public Transport Victoria (PTV) published a dataset of possibly over 15 million users. It was “anonymized”, but PTV may now still face a $336,000 data protection fine. How did this happen? Data Science Read More
Recently cyber insurance gained fame because of the refusal of two major firms (1), 2) to cover the costs of NotPetya ransomwiper. The explanation, “war-like activity” exclusion model clause (CL.380, “Institute Cyber Attack Exclusion“; a fairly standard sample here) result in a fairly entertaining case from the international law Read More
The just-published report of International Committee of the Red Cross (ICRC) on humanitarian consequences of cyber operations brings the much-needed, currently lacking expert insight and context in the debate around cyber warfare. I am also happy because I had an opportunity to co-author this report; the (now public) part of Read More
We live in times of profound technological impacts and accelerating history. Technology is increasingly influencing fundamental aspects of societies. Some technologies have great potential but their impact in the long term is difficult to imagine in advance by most. My background is compounded. I have experience in security engineering, walked Read More
Welcome to the privacy analysis of Progressive Web Applications. With new features in steady supply, the web is changing in exciting ways. One of the more interesting trends is the concept of Progressive Web Applications (PWA). PWAs use modern and powerful web features to further blur the boundaries between web Read More
In 2009, as people grew concerned over the pervasiveness of web tracking, the idea of adding Do Not Track (DNT) to browsers gained traction across the web. By enabling the setting, the browser attaches “DNT: 1” to a web request, effectively telling the site that user does not wish to Read More
Real-Time Bidding is a technology enabling the targeting of content to mobile and web users. Real-Time Bidding has numerous problems. * Security, including malvertising (abusing ads infrastructure to deliver malware); affecting hundreds of millions of user visits; delivering malware. * Privacy, as it is a mass market for personal data, with vague Read More
For the first time in the “history of cyber conflicts” (call it like that) we have seen the media of one country signaling an offensive cyberattack on a target located in another country, and the media of the targeted country confirm that the operation has happened. This is without a Read More
Chances are that you may have heard about General Data Protection Regulation (GDPR) by now. Even if not from expert circles, training or media reporting, then certainly you must have felt the remarkable experience from the reinforced cookie pop-ups (a fact not difficult to predict in advance). But more seriously, Read More