Chances are that you may have heard about General Data Protection Regulation (GDPR) by now. Even if not from expert circles, training or media reporting, then certainly you must have felt the remarkable experience from the reinforced cookie pop-ups (a fact not difficult to predict in advance). But more seriously, Read More
Many countries are developing cyber capabilities, including for their military forces. Details are often secret. Public discussions are therefore always refreshing. There is a good opportunity. France just made public the elements of the offensive cyber operation doctrine. This is a good move. It helps informing the public (national, international) Read More
Today, disinformation is a broad problem touching national, international, and cyber security policies, as well as domains such as social sciences and technology, including technical cybersecurity and privacy. Different tactics are used by state and non-state actors, both internal and external. Various protective measures can deliver different outcomes, for the Read More
Cybersecurity evolves rapidly both in technology and policy terms. Countries and organisations struggle with the pace of change. Analysing particular strategies is not only useful but also interesting, as it may often constitute a form of a litmus test. On the one hand, strategies show where we, the countries, (or, Read More
Soon every website will be able to know if its visitors have a disability, or not. Well, not quite. That will relate to those who use assistive technologies (i.e. screen readers for vision-impaired), and who gave access for this feature. This thanks to Accessibility Object Model (AOM), a feature Read More
It is not often when a major product used by millions rolls out changes reducing the privacy posture. Google Chrome is a recent example. The newly released version 69 automatically signs-in users into the browser whenever the user logs into a Google Service (e.g. Gmail); the change also makes Read More
It is surprisingly difficult to find realistic, interesting and creative privacy case studies. It is perhaps even more difficult in the case of major software. There are no proper motivations for making this kind of work public (employees often paid to do some kind of work in-house; their compensation typically Read More
It is always good to observe how countries build their strategic capabilities within the cyber domain. It is truly a fascinating time for technology policy, privacy and cybersecurity, speaking here in all means: technically, strategically, diplomatically and militarily. Some countries either think about doing “something”, instead - others do. Perhaps Read More
The world is rapidly upgrading data privacy regulations. In that regard, European Union is admittedly at the forefront, with its General Data Protection Regulation. It somewhat permeates outside, spreading the good P-rays (privacy rays). India is a very importan country, the largest democracy in the world. So it is not Read More
Unsecured ways of web browsing are fading away at accelerating pace. Technically this is done thanks to the increased deployment of HTTPS on the of web. Data indicates that above 70% of websites are now accessed via this secured protocol, those numbers quickly increasing. This is an important milestone in Read More
Modern Web browsers are constantly getting new features. It makes for interesting challenges on the level of security and privacy reviews. This is how I usually look on this stuff. There are recently a lot of interesting new browser mechanisms. I previously analysed some in the past, such as proximity Read More
There are not many events out there gathering high-level politicians, policy makers and technologists. This is why it was such a pleasure to be a participant in the Cyber Security Summit (CSS) in 2018 held in Tallinn, Estonia - organized by Munich Security Conference (and then followed by attendance of Read More
One of the most discussed and often introduced as controversial additions of the General Data Protection Regulations are the high fines. Maximum fines of €10.000.000 (or 2% annual worldwide turnover) or €20.000.000 (or 4%) are definitely significant. They could cripple an entire company. But can or Read More
Will soon all websites greet users with interrupting and blocking pop-ups requiring to read a consent form and click “I agree” - prior to allowing the actual using of a website? Will we all be expected click in tons? Let’s look at the worst scenario, and how we may Read More
We live in interesting times. Cybersecurity is finally being treated very seriously, both on the technology and policy level - including international relations, the so called “cyber” diplomacy. I come from a technical and research background, having also experience in standards and regulations. In particular, I am fascinated with the Read More
My work touches multiple dimensions: research, technology, standards and technology policy. One of the aspects of my security and privacy research involvement are the study of sensors privacy - and especially sensors exposed to websites via web browsers. The practical outcome of this work are privacy analyses of Web APIs. Read More
I’m tracking all the things related to ePrivacy Regulation and also take an active part in the related work for a while now. What is ePrivacy? In a nutshell, ePrivacy is a regulation aiming to further protect privacy in electronic communication. Think of it as a specialized GDPR. Indeed, Read More
Many countries currently discuss cybersecurity on multiple levels. France is not an exception. The new REVUE STRATÉGIQUE DE CYBERDÉFENSE (Strategic Review of Cyberdefence) is a complex, coherent and strategic document listing the many actions that France has already taken, as well as those ahead. I will not analyze this document Read More
Currently, it is the key question of cybersecurity and privacy strategic policy. The European Union is going through an overhaul of its privacy and cybersecurity regulatory frameworks. New regulations appear with remarkable frequency. Let’s mention merely the three: NIS Directive (“common level of network and information security“), General Data Read More
Websites, mobile apps, IoT devices, smartphones and just about any other products, systems or processes will, in a majority of cases, might soon need to redesign and re-engineer how user consent is being processed. Why? Because of the European General Data Protection Regulation. The GDPR makes consent a bit closer Read More
By now everyone should be familiar with the phenomenon of massive data breaches. It’s no longer news when you can read about private data leaks and breaches in daily press on a regular basis. It’s a trend that one must accept. It just happens. But I find it Read More
Data Protection Impact Assessment (DPIA) is a useful tool that can help organizations to understand the risks related to processed data. DPIA helps to find the right balance and proportions, identify risks, assess the necessity and proportionality and generally help with risk management. Due to the European General Data Protection Read More
Simple payment standard will be the new cool thing web browsers can do. This happens thanks to W3C Payment Request API. Early on it has been even featured in the New York Times and rightly so, as it has a big potential. Why? Introduction Chances are that the days of Read More
Users of public transportation are mainly interested in one thing: getting to the right place conveniently and fast. So do I. Public transportation systems around the world struggle with maintaining their systems as efficient as possible. Transports for London (TfL) is perhaps in the avant-garde here. They are on the Read More
Websites routinely include third-party hosted resources - images, scripts, stylesheets and so on. It's now a standard practice. One thing to keep in mind is that if your website includes a JavaScript script from another site (example.org): <script src=“https://example.org/CoolLib.js"> Read More