Share this page!

Lukasz Olejnik Profile picture
Twitter logo
Sep 21 3 tweets 3 min read
Users of glassess beware! You may be leaking secret data during Zoom/Skype/etc videoconferences. Screen reflected in glasses, then visible during a videoconferencing. School-grade physics/optics sufficient to understand the exploit equations. arxiv.org/pdf/2205.03971… ImageImageImageImage
Solution/mitigation? Use a lamp. Or face bluring “reduce reflections’ light SNR, e.g., by placing a lamp facing their face whose light increase the noise portion”. Seriously this isn’t funny: if information may be leaking due to the use technology, it makes sense to do SOMETHING ImageImageImageImage
This may or may not sound hilarious/funny, but laughing aside, it is imaginable that data may eventually leak in this way (and a #GDPR data breach notice would have to be issued!). It reminds me of attacks using light sensors to steal user’s data. blog.lukaszolejnik.com/stealing-sensi…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Lukasz Olejnik

Lukasz Olejnik Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @lukOlejnik

Lukasz Olejnik Profile picture
Dec 22, 2021
For example, entirely hypothetically, Russia could stage a false-flag cyber operation "as Ukraine". On itself. An operation that would evidently cross the war threshold, which is very simple to do with cyber. Then "legally" respond.
It may then be evidently and completely "legal" to self-defend, including by sending a tank division for an invasion, possibly with airborne support, why not.
It should also then be "understandable" to many Western States, because they already said that a significant cyberattack may necessitate a classical military-kinetic response. Russia could even argue that they are simply doing what the West has previously devised...
Read 4 tweets
Lukasz Olejnik Profile picture
Oct 11, 2021
Our latest paper on technology standardisation is out in @PolicyR! Thanks @teirdes for the fabulous co-op. Some people doubt that values-inspired technology design is possible. We show that not only it is possible, but values already influence technology. policyreview.info/pdf/policyrevi… ImageImageImageImage
"Values" not only guide the building of technologies in aspects such as privacy or cybersecurity, accessibility, freedom of expression, or censorship. There are past examples of political-technology clashes/interventions, too. On-demand decryption or OS changes are examples. ImageImage
"Human, moral, and European values are clearly linked to technology ... We stress that the presence of politics in the technology sphere is already a reality.". True story! With examples from the U.S. and France. Image
Read 8 tweets
Lukasz Olejnik Profile picture
Sep 10, 2021
It turns out that wireless charging leaks private data. It leaks information about websites visited by the user. " allows accurate website fingerprinting on a charging smartphone". Information leaked depends on the battery level. Cool work! #GDPR #ePrivacy arxiv.org/pdf/2105.12266… ImageImageImageImage
"Below approximately 80% state of charge, both wired and wireless charging side-channels observed in this experiment do not leak information. ... consistently classify traces with a battery state 90%". Privacy-preserving advice: have less than 80% battery charge? :-) ImageImage
This research work reminds my our privacy study of privacy leakage via web browser battery information API. #GDPR #ePrivacy blog.lukaszolejnik.com/battery-status… theguardian.com/technology/201… :-)
Read 5 tweets
Lukasz Olejnik Profile picture
Mar 7, 2021
Google doubling-down on their new (hopefully, claimed) privacy-improved proposals for ads systems, Turtledove. What is it? This thing lets to choose the ad to display on the user's device - with no data supposed to leave the user's browser. So no tracking?groups.google.com/a/chromium.org…
The testing environment ('Fledge') have a bit relaxed privacy properties. So let's hope the final solution is more tight with respect to privacy protection. It'q quite a complex proposal. github.com/WICG/turtledov… chromestatus.com/feature/573358…
Solution apparently based (at least it seems so) and builds on the 10+ years of academic privacy research in privacy-preseving ads systems. Initially neglected, today it is fascinating to imagine this niche field suddenly emerge to be multi-billion one. blog.lukaszolejnik.com/are-we-reachin…
Read 4 tweets
Lukasz Olejnik Profile picture
Nov 14, 2020
Ticketmaster fined £1.25million for security compromise (they were hacked by Magecart group, their website code was altered to steal data during payments), #GDPR breach. ~9.4m customers affected. Payment data stolen, too. ico.org.uk/media/action-w…
Third-party (chatbot provider) was breached. This spilled to Ticketmaster. Had this functionality not included on the payment site, this breach would not happen (this way, at least). Fun fact: ICO decided to enforce PCI-DSS requirements. #GDPR #ePrivacy
Ticketmaster says they were unable to use the standard subresource integrity (blog.lukaszolejnik.com/making-third-p…) to protect their site because the software changed too often (but they did not know how often). "ICO views this measure as an appropriate measure to implement" #GDPR
Read 4 tweets
Lukasz Olejnik Profile picture
Oct 15, 2019
The Netherlands government published its position on rules applying to security in cyberspace (cyberattacks/cyberwarfare. My short take (the dokument is v. good) government.nl/binaries/gover…
Sovereignty as a matter of rule applies to cyberspace. But it's extent is not clear. Some investigations may (or may not) be breaching sovereignty of other countries.
Apparently links 'election interference on soc media' with 'intervention'. Is a bunch of trolls an intervention into country affairs? No because it does not effect in behavior change in 'targeted state' (who?)? But you can imagine a State leader issuing threats on social media?
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

Email the whole thread instead of just a link!

Separate emails with commas

:(