Unsecured ways of web browsing are fading away at accelerating pace. Technically this is done thanks to the increased deployment of HTTPS on the of web. Data indicates that above 70% of websites are now accessed via this secured protocol, those numbers quickly increasing. This is an important milestone in…
Read more
Websites routinely include third-party hosted resources - images, scripts, stylesheets and so on. It's now a standard practice. One thing to keep in mind is that if your website includes a JavaScript script from another site (example.org):
technically speaking you’re relying on the security level of the script provider’s server example.org. In case example.org would start serving malicious content, your site including this content might …
Read more
Do you know when Apple Messages send end-to-end encrypted messages?
This note might look unusual but it was sparked by continuous questions I receive about communication confidentiality. If you’re well-versed in security and privacy technology - feel free to skip, most likely you won’t find much things of…
Read more
NIST has published new guidelines relating to security and privacy (I noted recent NIST’s involvement in privacy engineering here). As many of their documents, new guidelines will be influential for security and privacy engineering. Though they’re focused on Digital Identity, the reach will be much broader.
I paid…
Read more
Update (April 2019)
It was brought to my attention that Brennan center has used some of the research described in the article to fill an amicus curiae (legal opinion to the appeal court) in a case touching election protection from disinformation operations and political advertisement transparency.
The rest of the…
Read more