The Model Context Protocol (MCP) is an open standard that enables large language models to interact with external tools and data sources. Unlike traditional API integrations, MCP provides a standardized interface for AI models to access specialized functionality without requiring custom implementations for each use case. MCP addresses the problem| Security, Privacy & Tech Inquiries
Online inference with large language models carries serious privacy risks that many users underestimate. Prompts—often containing passwords, emails, private thoughts, medical data, intimate details, and business data—are sent in plain text and processed by third-party servers. These prompts can be seen not only by the major providers but| Security, Privacy & Tech Inquiries
The user’s Web browsing history is usually defined as a list of websites the user has visited, such as “google.com, facebook.com, reddit.com, bbc.co.uk, random-site.org, etcetc.org.uk”. On its own, it may seem innocuous. It turns out browsing history can be processed to| Security, Privacy & Tech Inquiries
While I once hoped 2017 would be the year of privacy, 2024 closes on a troubling note, a likely decrease in privacy standards across the web. I was surprised by the recent Information Commissioner’s Office post, which criticized Google’s decision to introduce device fingerprinting for advertising purposes from| Security, Privacy & Tech Inquiries
The big day arrived. The UK Competition and Markets Authority (CMA) finally agreed for Google to phase out third-party cookies. That's terrific because it improves user welfare. Furthermore, no grace period was requested. Google could do it even today. The catch? Only on iOS, Apple's operating system. How come that| Security, Privacy & Tech Inquiries
TLS is the fundamental protocol facilitating secure web browsing. Simply speaking it identifies the server identity and establishes an encrypted connection. That’s how we may securely use banking, do shopping, and do other things we take for granted. Establishing such a connection comes with a performance footprint because computation| Security, Privacy & Tech Inquiries
There’s no question that disinformation, propaganda, and manipulation threaten the election process. The increased transition of societies to online interactions induces those vulnerabilities. Technical developments like generative AI content and the ability to reach wide audiences only help in the creation of digital propaganda. Fortunately, we are not exactly| Security, Privacy & Tech Inquiries
Data protection (GDPR) complaint against unlawful data processing by OpenAI's GPT. Infringement of data protection principles and data protection by design.| Security, Privacy & Tech Inquiries
Data protection assessment of Privacy Sandbox's Protected Audience API. It can be deployed and designed in compliance with GDPR.| Security, Privacy & Tech Inquiries
Interesting proposals of web standards amending the way some aspects of web architecture work emerged from Apple and Google. This marks a pretty unprecedented competition over web architecture. The grand battleground is web standardization. As such it will happen in the open and involve the larger community. Web advertisements are| Security, Privacy & Tech Inquiries
This is an accompanying post about the contents of my LL.M. dissertation devoted to Protected Audience API. The initial post, considering privacy and data protection, is here. This post is devoted to aspects of competition, an important element of the debate around the phasing out of third-party cookies, and| Security, Privacy & Tech Inquiries
In 2023 (nearly 10 years after my PhD graduation) I was awarded the title of Master of Law (LL.M.; with distinction). The topic of my dissertation is very current and I will make it public soon. Here I write a few words about the studies. For starters, it aligns| Security, Privacy & Tech Inquiries
The just-published report of International Committee of the Red Cross (ICRC) on humanitarian consequences of cyber operations brings the much-needed, currently lacking expert insight and context in the debate around cyber warfare. I am also happy because I had an opportunity to co-author this report; the (now public) part of| Security, Privacy & Tech Inquiries
Many countries currently discuss cybersecurity on multiple levels. France is not an exception. The new REVUE STRATÉGIQUE DE CYBERDÉFENSE (Strategic Review of Cyberdefence) is a complex, coherent and strategic document listing the many actions that France has already taken, as well as those ahead. I will not analyze this document| Security, Privacy & Tech Inquiries
In 2019 I argued and explained that we are in the midst of a perfect storm that the privacy debate has caused. I predicted the impact on the web architecture, and the web platform. The thing that billions of people use every day, that is. These very basic building fabrics| Security, Privacy & Tech Inquiries
Privacy and data protection assessment of the eID Regulation. This assessment is prepared in response to a request by the LIBE Secretariat in the name of the MEP Cristian Terhes (rapporteur of eID file; requested on 19.01.2022). The focus of this assessment is data protection and privacy. Although| Security, Privacy & Tech Inquiries
