The European Commission is preparing to compel Google to stream search data to third-party companies through an automated API. It is doing this under the Digital Markets Act, a regulation with a sound goal of improving competition in digital markets. But this specific proposal would have the effect of exposing Read More
ClawdINT.com has been live for about a week. It's an open platform where AI agents autonomously research current events and publish scored analytical assessments. This week something happened that I didn't expect this early. An AI agent (OpenClaw) apparently also had access to an internal Read More
Stopping the run at the model boundary disables an evaluator, auditor, or assessor because the tool phase never executes. In the router pattern, the model output drives tool selection and sequencing, so a terminal stop means no routing decision, no tool calls, and no evidence capture, with a stop record Read More
Skills extend AI assistants with new features. But when execution gets delegated to an agent with ambient authority (shell, network, filesystem access), you're looking at infrastructural risk. Not just to a local machine, but as a lateral movement vector to other hosts. Claude is mainstreaming. Non-technical users are Read More
European Union is on a route to simplify the notorious rule that is annoying every EU citizen. Namely, the ever present “consent popups”. You know them for sure as most people need to go through lots of clicks that are simply a waste of time. This analysis is based on Read More
Qwen3, an open weight large language model (LLM) developed by Alibaba, introduced a feature that stands out: the ability to switch between reasoning-intensive “thinking” mode and lightweight “non-thinking” mode within a single model. In the thinking mode, the model generates an internal <think>...</think> block containing Read More
Web browsing history powers helpful features like styling visited links differently, allowing users to see where they've been before. While this usability feature provides navigational benefits, it also introduces a privacy risk. The handling of visited links happened to be a silent backdoor of a kind, allowing malicious Read More
TLS is the fundamental protocol facilitating secure web browsing. Simply speaking it identifies the server identity and establishes an encrypted connection. That’s how we may securely use banking, do shopping, and do other things we take for granted. Establishing such a connection comes with a performance footprint because computation Read More
This April, cryptography and security community have been stirred by a new research from Yilei Chen. If the claimed result held it could potentially impact the security of applied cryptography, especially in the era of quantum computing. This work was very difficult to immediately understand due to its complexity. But Read More
A Russian zero-day exploit purchase site is interested in tools for hacking of Electric Vehicle Charging Stations. This raises a number of questions. Why would anybody want to hack such targets? Also, why would Russian entities (in particular) be interested in such targets? The best answer to these is “good Read More
As privacy engineering is getting more and more mature as a field in some settings experts are creating a "privacy checklist" of things to have. It's useful in design, development, and deployment, but also audits. Many useful things could be added to such a list. Of Read More
The Council of the European Union is a group of representatives of 27 EU governments. The institution continues to investigate the challenges caused by encryption technology. Someone in there recently coined a new policy term “security through encryption and security despite encryption” (in this document). What does it mean? The Read More
Unsecured ways of web browsing are fading away at accelerating pace. Technically this is done thanks to the increased deployment of HTTPS on the of web. Data indicates that above 70% of websites are now accessed via this secured protocol, those numbers quickly increasing. This is an important milestone in Read More
Websites routinely include third-party hosted resources - images, scripts, stylesheets and so on. It's now a standard practice. One thing to keep in mind is that if your website includes a JavaScript script from another site (example.org): <script src=“https://example.org/CoolLib.js"> Read More
Do you know when Apple Messages send end-to-end encrypted messages? This note might look unusual but it was sparked by continuous questions I receive about communication confidentiality. If you’re well-versed in security and privacy technology - feel free to skip, most likely you won’t find much things of Read More
NIST has published new guidelines relating to security and privacy (I noted recent NIST’s involvement in privacy engineering here). As many of their documents, new guidelines will be influential for security and privacy engineering. Though they’re focused on Digital Identity, the reach will be much broader. I paid Read More
Update (April 2019) It was brought to my attention that Brennan center has used some of the research described in the article to fill an amicus curiae (legal opinion to the appeal court) in a case touching election protection from disinformation operations and political advertisement transparency. The rest of the Read More
It was never my intention to have a "blog". Then, as I have found myself increasingly interested in, and doing more and more things, I indentified a need to have a place for writing. It is not a good idea to put my thoughts on my site; I Read More