At the CPFP conference last week I learned that the European Commission wants to impose interoperability requirements on Android, to allow third party AI services the same unrestricted access to an Android smartphone as Google’s own Gemini AI agent has. This is a bad idea.

Age assurance (reliably estimating or securely verifying someones age) has become an important – and controversial – topic recently. With rising concerns over the safety and well being of children online, it has been advocated as a possible tool to restrict access to certain content for minors. The underlying argument being that we also more or less successfully limit children’s access to certain content (porn, violence) and products (alcohol, cigarettes) in the physical world. Yet online age assurance raises thorny questions. And privacy is not one of them, really.

Bij een op de drie deurcamera’s die de openbare weg filmen en zijn aangemeld bij een speciaal politieregister staan de beelden langer opgeslagen dan “strikt noodzakelijk”. Maar er is meer aan de hand.

The Privacy Enhancing Technologies Symposium is considering an update to its policy regarding the use of (generative) AI. I have some problems with it.

When you encrypt your data on your hard drive or in the cloud, the only way to access it is with the decryption key. Typically the decryption key is safely stored on your device, and made available when you unlock your device, or log in. But what if you can no longer do that? Where do you safely store a backup of this key (sometimes called a recovery key) in case something goes wrong?