Archives for category: Science

The Internet Privacy Engineering Network (IPEN/EDPS), the University of Leuven (KU Leuven), and the Future of Privacy Forum (FPF) will host a transatlantic workshop dedicated to Privacy Engineering Research and the GDPR on Friday, 10 November, 2017 at the University of Leuven in Belgium. In preparation they asked a few people for a shortlist of the most pressing issues to be discussed at the workshop. I started thinking, came up with a short list, which then grew longer as I started explaining what I meant. I’m sharing the result in the hope to receive feedback and to sharpen my thinking.

Read the rest of this entry »

This week we run the Interdisciplinary Summerschool on Privacy in Berg en Dal, the Netherlands. Here is a summary of the talks of Thursday June 22.
Read the rest of this entry »

This week we run the Interdisciplinary Summerschool on Privacy in Berg en Dal, the Netherlands. Here is a summary of the talks of Tuesday June 20.

Read the rest of this entry »

This week we run the Interdisciplinary Summerschool on Privacy in Berg en Dal, the Netherlands. Here is a summary of the talks of Monday June 19.

Read the rest of this entry »

A few days ago I talked about how to fix TLS by ditching certificates and using public keys sent by the websites themselves to authenticate them. That proposal attracted quite some criticism. I realised I didn’t explain the idea very well. So here is an update, to address the comments and to explain the idea better and more precise. Read the original post for some more context and background.

Read the rest of this entry »

TLS secures the connection between your browser and the websites you visit (and a lot of other Internet connections that do not involve either a browser or a web server). TLS should provide confidentiality (so nobody can steal your passwords or see which webpages you are visiting), integrity (so nobody can modify the transactions you send to your bank) and authenticity. When properly used, TLS provides the first two guarantees, but it is increasingly becoming apparent that it fails to provide the latter: authenticity. The use of certificates (and the poor understanding of what authenticity on the web really means) is to blame.

(Note: I wrote an update to clarify and improve the idea, based on comments I received.)

Read the rest of this entry »

Privacy policies are hard to read. They are very long, and written in ‘legalese’ that very few people understand. As a result, people don’t read them. To allow people to nevertheless learn how websites, apps or services treat their personal data, the use of privacy icons have been proposed. These icons should, when properly designed and used, summarise the privacy policy and convey its essential privacy characteristics. In this blog post I will discuss and analyse the main proposals, and suggest some steps forward.

Read the rest of this entry »