The Background Sync API (alternatively, periodic) enables web apps to defer tasks until the user has a stable connection. It may be useful for apps processing data offline. It introduces curious capabilities in web platforms, so it's important to understand the security and privacy footprint. Here I explore those risks…
Read more
The big day arrived. The UK Competition and Markets Authority (CMA) finally agreed for Google to phase out third-party cookies. That's terrific because it improves user welfare. Furthermore, no grace period was requested. Google could do it even today. The catch? Only on iOS, Apple's operating system.
How come that…
Read more
The Digital Markets Act is one of the least understood EU technology laws, yet it has tangible impacts—both positive and negative—on the technology landscape. We’ll use the opportunity to study an interesting and real-world case. It concerns the practice of Chrome preloading its web browser extension so…
Read more
I track the Privacy Sandbox migration process since it's day 1 announcement. Having written some notes about architectural aspects, initial assessments, including identification of data leaks,
When analysing the proposals and imagining the future system, I realised that there's a need to somehow guide the future maintanance or development. So…
Read more
As privacy engineering is getting more and more mature as a field in some settings experts are creating a "privacy checklist" of things to have. It's useful in design, development, and deployment, but also audits. Many useful things could be added to such a list.
Of particular recent relevance is…
Read more