Five years of the Right to Be Forgotten

The “Right to be Forgotten” is a privacy ruling that enables Europeans to delist certain URLs appearing in search results related to their name. In order to illuminate the effect this ruling has on information access, we conducted a retrospective measurement study of 3.2 million URLs that were requested for delisting from Google Search over five years. Our analysis reveals the countries and anonymized parties generating the largest volume of…

December 13, 2019

Protecting accounts from credential stuffing with password breach alerting

August 18, 2019

Protecting accounts from credential stuffing attacks remains burdensome due to an asymmetry of knowledge: attackers have wide-scale access to billions of stolen usernames and passwords, while users and identity providers remain in the dark as to which accounts require remediation. In this paper, we propose a privacy-preserving protocol whereby a client can query a centralized breach repository to determine whether a specific username and password combination is publicly exposed, but…


Deconstructing the Phishing Campaigns that Target Gmail Users

August 7, 2019

With over 1.4 billion active users and million of companies entrusting it to handle their email, Gmail has a unique vantage point on how phishing groups operate. In this talk we look into Gmail telemetry to illuminate the differences between phishing groups in terms of tactics and targets. Then, leveraging insights from the cognitive and neuro-science fields on user’s susceptibility and decision-making, we discuss why different types of users fall…


Understanding the online safety and privacy challenges faced by South Asian women

June 7, 2019

For South Asian women, a major hurdle to their meaningful participation online is their ability to ensure their safety. This post illustrates this challenge by recounting the safety and privacy challenges faced by women across India, Pakistan, and Bangladesh, who talked to us about their online experiences. Overall, we find that women in the region face unique risks due to the influence of patriarchal norms and because fewer women are…


Cutting Edge TensorFlow – Keras Tuner: hypertuning for humans

May 9, 2019

Keras Tuner is a hypertuning framework made for humans. It aims at making the life of AI practitioners, hypertuner algorithm creators and model designers as simple as possible by providing them with a clean and easy to use API for hypertuning. Keras Tuner makes moving from a base model to a hypertuned one quick and easy by only requiring you to change a few lines of code. Source:


Account security – a divided user perception

February 18, 2019

This post considers the perception clash that exists between what users perceive to be their most valuable accounts (email and social networks) and those they think they should protect the most (online banking). This perception disconnect is potentially harmful, as it may lead users to invest their limited willingness to secure accounts into the wrong type of accounts. Long term, this disconnect may also hinder the progression of standardized two-factor…


Rethinking the detection of child sexual abuse imagery on the internet

January 29, 2019

A critical part of child sexual abuse criminal world is the creation and distribution of child sexual abuse imagery (CSAI) on the Internet. To combat this crime efficiently and illuminate current defense short-coming, it is vital to understand how CSAI content is disseminated on the Internet. Despite the importance of the topic very little work was done on the subject so far. To fill this gap and provide a comprehensive…


Moving to

January 12, 2019

After more then 10 years on this amazing platform I decided to move forward to a professional blogging platform. I’ve reached hundred of  thousands of awesome professionals getting thousands of readers per day. I need a more sophisticated platform able to manage contents and graphically flexible enough to allow my new contents on cybersecurity. I’ve set up a simple client meta-redirect-field so that your browser would automatically redirect to my new…


How to data breaches happen

January 7, 2019

Data breaches happen. Today, as never before, data plays a fundamental role in our real life. Everybody is both:  data producer and data consumer. We are data producer by simply moving from one building to another one, having a smartphone in our pocket or surfing the web or just by tapping on smartphone applications. We are data consumer when we buy things on Amazon or when we read information on social…


The bleak picture of two-factor authentication adoption in the wild

December 21, 2018

This post looks at two-factor authentication adoption in the wild, highlights the disparity of support between the various categories of websites, and illuminates how fragmented the two factor ecosystem is in terms of standard adoption. Performing a longitudinal analysis highlights that the adoption rate of 2FA (two-factor authentication) has been mostly stagnant over the last five years, despite the ever increasing number of accounts hijacked due to the reuse of…