Share this page!

Lukasz Olejnik Profile picture
Twitter logo
7 Mar, 4 tweets, 3 min read
Google doubling-down on their new (hopefully, claimed) privacy-improved proposals for ads systems, Turtledove. What is it? This thing lets to choose the ad to display on the user's device - with no data supposed to leave the user's browser. So no tracking?groups.google.com/a/chromium.org…
The testing environment ('Fledge') have a bit relaxed privacy properties. So let's hope the final solution is more tight with respect to privacy protection. It'q quite a complex proposal. github.com/WICG/turtledov… chromestatus.com/feature/573358…
Solution apparently based (at least it seems so) and builds on the 10+ years of academic privacy research in privacy-preseving ads systems. Initially neglected, today it is fascinating to imagine this niche field suddenly emerge to be multi-billion one. blog.lukaszolejnik.com/are-we-reachin…
How did we got here?
Web platform is now the place for exciting privacy competition blog.lukaszolejnik.com/on-proposals-a…
And more and more companies are investing in privacy of ads blog.lukaszolejnik.com/web-advertisin…
Are you concerned with this evolution? Looking for a lantern? me@lukaszolejnik.com

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Lukasz Olejnik

Lukasz Olejnik Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @lukOlejnik

Lukasz Olejnik Profile picture
14 Nov 20
Ticketmaster fined £1.25million for security compromise (they were hacked by Magecart group, their website code was altered to steal data during payments), #GDPR breach. ~9.4m customers affected. Payment data stolen, too. ico.org.uk/media/action-w…
Third-party (chatbot provider) was breached. This spilled to Ticketmaster. Had this functionality not included on the payment site, this breach would not happen (this way, at least). Fun fact: ICO decided to enforce PCI-DSS requirements. #GDPR #ePrivacy
Ticketmaster says they were unable to use the standard subresource integrity (blog.lukaszolejnik.com/making-third-p…) to protect their site because the software changed too often (but they did not know how often). "ICO views this measure as an appropriate measure to implement" #GDPR
Read 4 tweets
Lukasz Olejnik Profile picture
15 Oct 19
The Netherlands government published its position on rules applying to security in cyberspace (cyberattacks/cyberwarfare. My short take (the dokument is v. good) government.nl/binaries/gover…
Sovereignty as a matter of rule applies to cyberspace. But it's extent is not clear. Some investigations may (or may not) be breaching sovereignty of other countries.
Apparently links 'election interference on soc media' with 'intervention'. Is a bunch of trolls an intervention into country affairs? No because it does not effect in behavior change in 'targeted state' (who?)? But you can imagine a State leader issuing threats on social media?
Read 6 tweets
Lukasz Olejnik Profile picture
29 May 19
International Committee of the Red Cross releases report on the human cost of cyber operations. What rules exist? Need to expand? I'm proud being part of this (co-author). Threat with analysis. #CyberICRC blogs.icrc.org/law-and-policy…
My analysis of @ICRC report selection. Cyberoperations. What impacts on exploit cost? Why supply chain attacks are a risk? Targeting health care (lethal cyberattacks; can you even detect?), ICS. Armed conflict context. How to move forward? #CyberICRC blog.lukaszolejnik.com/icrc-report-on…
The full report is here. My analysis follows. Report speaks on cyber operations & armed conflict context, where many peacetime assumptions may differ. Supply chain attacks are a risk. Exploit price is driven by specific demand. #CyberICRC icrc.org/en/download/fi…
Read 15 tweets
Lukasz Olejnik Profile picture
26 Mar 19
First #GDPR fine by Polish DPA. 6M records in database. Scrapped from public sources. Not informed data subjects about their rights. 229k EUR fine. Breach of Article 14. Impressive: no particular explanation provided.
English press release related to the first PL #GDPR fine. 6M user data scraped from public registers. Not informed data subjects about their rights. €220k fine. No tech component; purely lawful case. uodo.gov.pl/en/553/1009
Full justification of the #GDPR enforcement here. 220k fine is only one thing. Company has been ordered to inform all the 6M data subjects. Costs might exceed the fine. Full GDPR in action here. uodo.gov.pl/decyzje/ZSPR.4… (via G/translate)
Read 5 tweets
Lukasz Olejnik Profile picture
28 Nov 18
Massive ad fraud botnet taken down. Pretended to be human traffic, exploited Real-Time Bidding vulnerabilities. I researched this in 2013, interesting how long it take to be operationalized. services.google.com/fh/files/blogs…
The scale of the operation is huge. Over 3 Billion bid request fraud, over 1 million of compromised machines. Border Gateway Protocol hijacking was even used. The biggest and most sophisticated operation like that ever.
What fascinates me is that the attackers used some of the techniques I tested and described here: lukaszolejnik.com/rtbdesc (some details omitted). I also played with the bot detection evasion ;)
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @lukOlejnik has new unrolls!

Check out other threads from @lukOlejnik!

Read all threads by @lukOlejnik