Recently I wrote about the new IAB (ad industry) initiative meaning to fight fraud in programmatic advertising. You can find my previous post here. As the ads.txt standard shows which Ads Exchanges are brokering ads space (somewhat related with exchange of user data), I explored the options of using Read More
When governments acknowledged that computer hacking is increasingly made by criminals, hacking techniques employed by criminals were simply banned. This has solved the problem; since then we‘re not hearing of any data theft, fraud and so on. Right. In the European Union, General Data Protection Regulation will enter into Read More
Web privacy and transparency engineering can work both for businesses and users. Sometimes technologies can effectively open the opportunities for enhancing transparency even without a clear intention of doing so. In this post, I’m analyzing the extension to OpenRTB (Real-Time Bidding specification) which is meant to decrease the rate Read More
Do you know when Apple Messages send end-to-end encrypted messages? This note might look unusual but it was sparked by continuous questions I receive about communication confidentiality. If you’re well-versed in security and privacy technology - feel free to skip, most likely you won’t find much things of Read More
The “technology” in “technology policy” should have a real meaning - there are signs it’s actually happening. With the growing involvement and engagement of people versed in technology, good concepts are reaching decision-makers. In this short note I highlight the 3 interesting items currently on plate in Europe. They Read More
NIST has published new guidelines relating to security and privacy (I noted recent NIST’s involvement in privacy engineering here). As many of their documents, new guidelines will be influential for security and privacy engineering. Though they’re focused on Digital Identity, the reach will be much broader. I paid Read More
The work on ePrivacy continues and enters a hot period. I’m interested in it from the very beginning, I’m also actively involved in these works, also as a stakeholder. The draft proposal with amendments is now public. Being involved in those works, I’m impressed how good suggestions Read More
I am participating in the works on the ePrivacy Regulation. Last week I have attended ePrivacy Roundtables, organised at the European Parliament. That was an interesting opportunity to exchange opinions, present and exchange views. There were four Roundtables on the following topics: Cookies, Article 8, Consent, Privacy by Design and Read More
Data Protection Authorities of a number of European countries (notably, France, Spain, Belgium, Netherlands) has announced a formal action in the Facebook case. The announcement and summaries are available here. To tackle this particular issue DPAs formed a devoted Contact Group allowing a coordinated analysis. Pretty unprecedented move. Few years Read More
In this post we describe and demonstrate a neat trick to exfiltrate sensitive information from your browser using a surprising tool: your smartphone or laptop’s ambient light sensor. In short: 1. We provide background about the light sensor API and current discussions to expose it more broadly to websites. Read More
When is Privacy Impact Assessment (PIA) or Data Protection Impact Assessment (DPIA) necessary and mandatory according to the General Data Protection Regulation (GDPR)? So far there has been a lot of ambiguity surrounding the issue. I previously wrote about the DPIA guidelines (and its challenges) suggested by the Privacy Commission Read More
ePrivacy is one of the most crucial European privacy and data protection regulations. I already wrote about ePrivacy, analysing its leaked and the later official draft versions. The ePrivacy regulation is important because it touches a number of influential aspects such as: electronic communication, web technologies, and web browsers. To Read More
Designing standards with privacy in mind should be a standard in itself. Historically this was not always the case and the idea of designing systems with privacy is relatively new - it dates from the beginning of this decade. One of the milestones is accepting this view on the IETF Read More
The General Data Protection Regulation is a strong privacy and data protection framework. One of the most important and large changes are the concepts of consent. GDPR increases the bar for consent management. I would not say that GDPR puts the consent requirements “high”, but the requirements are certainly higher Read More
This very short note doesn’t mean to be technical. European Parliament will soon start the work on the ePrivacy regulation, one of the most important privacy and data protection regulatory frameworks in Europe. In short, ePrivacy concerns the matters of security and privacy of communication and data exchange, as Read More
One of the most important cultural change companies and organisations are beginning to face is the need of systematic inclusion of privacy and data protection in technical and organisational frameworks. A crucial aspect of these changes is the need of conducting Privacy Impact Assessments (PIA) and Data Protection Impact Assessments Read More
European Commission has revealed their proposal for updating of ePrivacy directive. I have previously analysed a version of ePrivacy document leaked in December. The new regulation still provides strong guarantees of integrity and confidentiality of communication (concerning also Instant messengers such as Facebook Messenger, WhatsApp, Google Hangout, etc.). That’s Read More
Understanding and perceiving privacy as a technological and strategic aspect is becoming a standard practice. The recently published NIST Internal Report “An Introduction to Privacy Engineering and Risk Management” is an interesting attempt to systematize the understanding of privacy engineering. Privacy in this view forms an important technical and strategic Read More
The new Russian Information Security Doctrine (Doktrina informatsionnoy bezopasnosti Rossiyskoy Federatsii) might appear to be a rather general document. Upon first sight, it seems that it doesn’t contain much interesting information. This view is misguided - it’s worth to look at the text of the doctrine in order Read More
Only a few days ago a major corporation has admitted to two massive breaches in a row: first in 2013, then second in 2014; both finally detected in 2016. The consequences were substantial: over a billion accounts breached. Company share prices did not respond significantly. However, the most interesting thing Read More
We've received an interesting opportunity to study further transitions of the privacy and data protection landscape in Europe. Just in time for the Holiday Season, a drafted proposal of European Parliament (and Council) concerning the respect for private life and personal data in electronic communications and repealing of Read More
I'm interested in battery status security/privacy potential for a while now. I have previously written about it here and recently my research led to web browser vendors removing battery readout functionality, citing privacy issues (Firefox, WebKit; Chrome has not decided yet). I'm also very happy Read More
On both sides of Atlantic the debate around strong cryptography frequently resurfaces. Proponents of weakening cryptography or introduction of backdoors (or "golden keys") cite national security. Technologists and activists oppose such proposals, citing freedoms and cybersecurity. Regulating cryptography is of course a bad idea. It's true Read More
It's 2016 and we are experiencing something unprecedented in the history of the Web. Apparently, Web browsers (Firefox, Safari?) are removing parts of their functionality citing privacy concerns. This is a fascinating development. Introduction I am analysing security and privacy of modern Web for more than 8 years Read More
Web Bluetooth - a web API under development, and will be one of the core components of Web of Things, the application layer of Internet of Things. It will enable sensors, beacons and user devices to communicate with each other. But at first: it will enable a web browser to Read More