Feel humbled to have received very generous funding for my research. If you're looking for a
#PhD
position and have technical expertise, please reach out! We'll have an exciting team in Maastricht that seeks to design the future of artificial intelligence/machine learning.
#AI
Last month, Konrad Kollnig was granted an AiNed Fellowship for his research project RegTech4AI, merging law and tech to navigate and contribute to the global challenge of regulating AI technologies. Read more about RegTech4AI:
Munich State Court finds use of Google Fonts in violation of GDPR and grants compensation of 100€.
Legitimate interest didn't apply. The website operator could have integrated the fonts directly into their website, thereby avoiding sending IP addresses to Google.
#Boom
#Rechtsprechung
#Schadensersatz
LG München I Endurt. v. 20.1.2022 – 3 O 17493/20, GRUR-RS 2022, 612 spricht einen immateriellen SE iHv 100 € zu, weil die dynamische IP-Adresse an
#Google
(konkret: Google Fonts) in die USA übertragen wurde!
€
"Privacy. That's iPhone." – but is it? About 2 years into
@Apple
's big push for
#privacy
, the company still provides very limited
#evidence
.. I've published a few paper on this, but they quickly get outdated. That's why now I'm developing
#TrackerControl
for
#iOS
... 1/3
🚨One of my fav papers got accepted
@googlechrome
is the most used browser and gateway to the web—but how does it make money? Is it neutral? Studying 100s of technical+legal docs, we argue that Google uses it systematically to reinforce its market
#power
.
Have now passed my PhD defense ('DPhil viva' in Oxford lingo), thereby sadly bringing this journey this to an end.. Thanks
@ivanflechais
@mikarv
for their thorough feedback (and
@SandraWachter5
in earlier exams), and
@Nigel_Shadbolt
for his fantastic supervision. Auf Wiedersehen!
🚨 New pre-print – dark times for privacy. Not only announced Google yesterday to continue allowing cross-site cookies in Chrome. We find that Android's central privacy options are ineffective and arguably misleading for consumers.
For more than 10 years, Google has allowed
🚨New paper! Most
#privacy
research studies Europe / US... Yet, recently,
#China
🇨🇳introduced first privacy law in 2021, the
#PIPL
, affecting more than 1.4bn people. With what effect? And what can US/Europe learn from it? A thread🧵.. 1/
#ConPro23
It's known that
@Apple
goes to much length to control their devices. Hence, there didn't used to exist ANY tool for researchers to automatically interact with iOS apps. This is, however, important for privacy research. Have built something now.. Enjoy the slightly nerdy set-up :)
🚨 New paper. We detail how design decisions by
@Apple
/
@Google
in iOS / Android have negative effects for
#app
#privacy
, including research into privacy. With the new EU Digital Service Act, the companies may need to address this, as we discuss.
#DSA
@OxfordHCC
There are ways to configure the custom embedding of fonts such that they don't delay the first paint of the website (up to 3 seconds in Chrome and Firefox).
More here:
Research on app privacy at scale relies on granting apps automatically all permissions to observe their data flows.
For Android, that's easy -- for iOS, no known method has thus far existed.
On my blog, I've now developed exactly such a method for iOS..
It's been 4 years since the introduction of the
#GDPR
. The guidance by the
@ICOnews
for app developers is still not updated. Massive violations of GDPR continue, as studied in our work at
@OxfordHCC
.. Does anyone know good GDPR guidance for app developers who are no lawyers? 1/2
🚨 PhD is nearly done and now looking for a follow-up
#job
. I need a team that looks for
#impact
, truly works across
#disciplines
, and
#inspires
each other.
My interests are tech law, privacy in apps, maths and ML, digital platforms and political science, and macroeconomics.
My app
#privacy
library now handles all top 20 third-party SDKs (according to
@ExodusPrivacy
), reduces data collection within them, and automatically sets up a consent flow.
It also implements a consent flow for the
#Android
Advertising ID, if wished for.
Still working on UI.
🇨🇳 New paper published. We looked at
#China
's 2021 privacy law—the
#PIPL
—and how it affected
#privacy
and
#competition
in
#iOS
apps. We find a sudden increase in consent banners + a more competitive digital landscape compared to EU/US + much more. Link:
Join FPF for the 12th Annual Privacy Papers for Policymakers Award virtual event on February 10. The winning authors will join FPF staff to present their work at an event with policymakers from around the world, academics, & industry privacy professionals.
🚨 Job alert: Please share, reach out or apply!
For the first time, I'm looking for motivated PhD students, to work with us in the Law&Tech Lab in Maastricht. If you know anyone who's interested in some of our research in
#Law
x
#AI
. Link:
[New paper] Towards responsible, lawful and ethical data processing: patient data in the UK, By Tess Johnson, Konrad Kollnig, & Pierre Dewitte
#dataprotection
#privacy
Finally, our 3-year
@CompSciOxford
effort found a home at
@FAccTConference
.
In this paper, we introduce+study a "right to repair for apps" and develop a prototype:
#GreaseDroid
. This promises browser
#extensions
for apps, and rich follow-up research 1/
@FAccTConference
@anastasia_shuba
@RDBinns
@emax
@Nigel_Shadbolt
We find evidence that Apple, itself, engages in tracking activities in forms that other companies would not be able to. For example, Apple regularly collects the UDID, which other developers have not had access to since 2013. This allows Apple to track device sales accurately.
Since there doesn't exist a lot of material for
#GDPR
#compliance
for
#app
#developers
, I've created a new project to help.
So far, my code can be used to check if you implement consent to Google Firebase Analytics correctly -- the most common library.
🚨 Tech/Law Nerds Sought
Maastricht University is currently investing a lot in law/tech and is hiring new PhD students and assistant professor in the area. Application deadline is July 2. Feel free to reach out if you know someone who might be interested!
@OxfordHCC
This embedding might increase, however, loading times (because fonts cannot be retrieved from the cross-site browser cache).
Better not use custom fonts if you're highly concerned about rendering speed.
Compliance with
#GDPR
can be hard, but does it have to be?
This is what my friend
@PiDewitte
and I discuss in the context of
#apps
and
#consent
in
@PolicyR
.
Our
#opinion
is motivated by my auto-app-consent prototype that I developed over the summer. 1/3
My
@acm_chi
paper didn’t make it but am humbled to have won the
@UN
#Privacy
Competition with my team, ahead of 195 other teams. Was fun to learn about differential privacy, synthetic data and secure enclaves in practice—something that we also increasingly explore at the
@ODIHQ
@FAccTConference
@anastasia_shuba
@RDBinns
@emax
@Nigel_Shadbolt
Overall, we conclude that Apple's changes have traded more privacy for more concentration of data collection with fewer tech companies. This underlines that privacy and competition problems can be highly intertwined in digital markets and need holistic study.
In my work with
@CompSciOxford
and
@ODIHQ
, I've been working a lot on
#PETS
and
#GDPR
. This highlighted the risk of facilitating non-compliant data practices, esp. by big tech, and the need for protections. I will discuss some of this work at a conference by
@oblivious_AI
soon.
Was extraordinary to be back to my other home in California to present our paper on
#privacy
in 🇨🇳 Chinese
#apps
, and exchange with so many great individuals. We even won their Best Paper Award. Looking forward to working more in the space of international data regulation!
🚨New paper! Most
#privacy
research studies Europe / US... Yet, recently,
#China
🇨🇳introduced first privacy law in 2021, the
#PIPL
, affecting more than 1.4bn people. With what effect? And what can US/Europe learn from it? A thread🧵.. 1/
#ConPro23
This tool aims to make it possible for ANYONE to use the privacy analysis tools () from my PhD research. No coding skills are necessary.
You can find a working DEMO (not accepting new apps for analysis atm) at 2/3
lost my best friend last week. a shame that mental health is still such a taboo, and that treatment is too limited. yet it, too, reminds me that all that matters is love and the human connection; everything else in life is a mere footnote.
E St Nation is mourning the loss of one of our Scottish brothers.
Will raise a glass tonight, rest easy Connor 🎸🎷
BRUCE SPRINGSTEEN - I'll See You In My Dreams - Dublin - RDS Arena 2023-... via
@YouTube
A recent preprint claimed that the
#GDPR
heavily reduced the number of available apps and of newly emerging apps.
@RDBinns
and me find that other factors may better explain these changes in the Play Store aside from the GDPR... 1/8
I've applied to become an affiliate marketer of
@Apple
. These marketers get almost direct access to App Store data – something that Apple doesn't usually provide to academic researchers.. Instead, third-parties provide this service for a few 10,000s (!!) of dollars.. 1/2
@FAccTConference
@anastasia_shuba
@RDBinns
@emax
@Nigel_Shadbolt
We also present evidence that cohort tracking + fingerprinting is still possible, and used to practice mitigate the impacts of Apple's changes. This means that more tracking is taking place through trackers' server-side code, which is nearly impossible for researchers to study.
@lilianedwards
@peterkwells
It strikes me how the design of the internet, being based on IP addresses, comes with surveillance technology baked in. 🤯 Widely underestimated threat.
Many wish for a simple tool to determine what data apps share. Unfortunately, there currently exists no simple tool for latest Android versions.
I have a clear idea of how to build this tool but lack time for coding. Anyone with ideas for how to make such coding happen? 1/3
@lilianedwards
@peterkwells
Not sure how well the ruling generalises. In this specific case, however, the more privacy-preserving method comes with almost no drawbacks and takes 1 minute to implement in code. A cautionary tale for developers of IT.
📝 Have you ever wondered how mobile apps are handling your personal data?
Fnac, MyFitnessPal and SeLoger illegally share it with third parties immediatly after opening.
To stop this practice, we filed three complaints against the companies in France.
I've been reading and re-reading the various versions of the AI Act quite a few times. I still wonder: did we really have to spell out on 140+ pages that AI engineers should do no harm and be responsible?
New feature for TrackerControl: install notifications that tell you whether you're on the safe side (in terms of app
#tracking
).
The notification also reminds users to allow certain trackers in case of problems during app use.
weird moving to NL, originally from DE. it's been 4 months and i read the newspaper without problem. meanwhile, i've been learning FR for 7 years, and it's still a big struggle. love languages..
➡️ My first pre-print on SSRN—since this one is more policy/law focused. It details how
@Google
+
@Apple
use LOTS of techniques to make app research more difficult. The EU's
#DSA
might prohibit this because it poses risks to fundamental rights like
#privacy
Even though I defended my PhD in app privacy on Tuesday, I still think that 2FA is essentially a crime against humanity. It's the wrong solution to the wrong problem. Replacing multi-use passwords is the way to go..
The outcomes from computer science can have an enormous impact on our day-to-day lives, both positive and negative. As a result, there are plenty of calls that argue for more ethics education to fix our problems. I think this misses the root problem. 🧵 1/
"Privacy. That's iPhone." – but is it? About 2 years into
@Apple
's big push for
#privacy
, the company still provides very limited
#evidence
.. I've published a few paper on this, but they quickly get outdated. That's why now I'm developing
#TrackerControl
for
#iOS
... 1/3
My first law journal paper is online. In it, my colleague Lu Zhang from CUPL and I analysed kids' data protection under the PIPL (i.e. China's
#GDPR
version). 🇨🇳 As we find, it's rather complicated and lacks in enforcement..
inspired by
@PET_Symposium
, i'm now trying to become a somewhat serious privacy researcher.. switched away from safari, set up proton mail, installed mullvad, and ordered a new (albeit pre-owned) phone that is compatible with graphene OS. let the fun begin!
It's been wonderful to meet the amazing
@anastasia_shuba
finally in person in LA.
What started as an email exchange about data and methods from her previous papers turned into super fruitful collaboration.
We've got lots more to come!
After 2+ years of remote collaboration and 2 published papers, I finally got to meet the amazing
@FascinatingTech
in-person! Looking forward to continuing our exploration of privacy practices in the mobile ecosystem 👊
I've always thought the hysteria was exaggerated. There are real threats to our democracies but people aren't stupid and just fall for social media algorithms and misinformation. There's so much more to it.
New in
@Nature
: Misunderstanding the harms of online misinfo
Debunks unsupported claims about social media exposure/effects and shows low exposure concentrated in motivated fringe. We recommend holding platforms accountable for exposure in high-risk tails
Have you ever wondered how to use your
#technical
#skills
for
#social
#impact
? Then, you might be interested in our new opening for a PhD position on Machine Learning, Data Science and Algorithmic Accountability
@maaslawtech
. Please
#share
!
More details:
An immense step to bring personalised advertising in compliance with the GDPR.
Who'd have thought that the
@IABEurope
didn't even conduct a Data Protection Impact Assessment for its "consent" framework TCF that annoys individuals across the web?
A win indeed, and a milestone in the fight against online behavioural advertising. We'll now be busy analysing the 127-page-long decision. Special thanks
@ICCLtweet
's
@johnnyryan
, the main driving force behind this initiative, and to the wonderful team
@timelex_lawfirm
.
Extremely important work to unpack data rights + "privacy-preserving" technologies. Privacy (which is different to confidentiality), as discussed in ample literature, is highly individual, and can, as such, never be protected through tech alone – however sophisticated.
New 📄: “Denied by Design? Data Access Rights in Encrypted Infrastructures”. Tension: Platforms are using more edge/privacy-enhancing tech to learn about the world, keeping data on user's devices — yet also hiding that data from those same users. 🧵
Many congratulations to Carissa Véliz for earning the prestigious Leverhulme Major Research Fellowship! This three-year fellowship will support Carissa in advancing her research on
#aiethics
and undertaking the writing of a new book. Much-deserved and well-earned!👏
Highly recommend this paper, which tells you everything you need to know about tracking on web / mobile / IoT.
The paper both serves as a useful introduction to the topic of tracking and also as a helpful reference regarding the relevant literature and concepts.
New preprint up: "Tracking on the Web, Mobile and the Internet-of-Things"
I reviewed two decades of research about user tracking on web / apps / 'smart' things. I've tried to condense over 300 papers and make it an accessible primer to the field.
Some data practices are simply not allowed, weren't even before the GDPR, and cannot be made compliant, no matter how hard one tries.
Our prototype is freely available at GitHub. 3/3
Back in 2020, I started a little website on helping
#app
#developers
comply with basic
#GDPR
rules.
Am thinking to work on this again because there still is so little guidance on how to do the basic things as an app developer.. Four year into the GDPR..
ATT-ish opt-in has actually been a required since 2009 (and probably longer) in the EU/UK, but AdTech companies like Google and Facebook never properly implemented it. Completely out-of-touch discussion, given the long-standing legal requirements in the EU/UK. This should stop.
1) I'm still surprised by the lack of public discourse around the impacts of
@apple
's iOS 14 changes - all in the name of privacy - that are leading to massive adverse effects to SMBs and innovative companies everywhere. They might bear as much blame for a recession as inflation.
⏱️Only a few days left until
#oxfordopendays
, and we can't wait to welcome you to Hertford 🦌❤️
We're perfectly located at the heart of Oxford, so pop in to meet our friendly students and tutors, peek inside the bridge, and join us for (free) lunch!
👉
A tool like this would be super important for NGOs, journalists, and researchers.
At a high level, the tool needs to 1) implement a TLS stack for network analysis (like PCAPdroid), and 2) disable network security in apps (like apk-mitm). I'd like to combine existing tools.. 2/3
"Privacy. That's iPhone." – but is it? About 2 years into
@Apple
's big push for
#privacy
, the company still provides very limited
#evidence
.. I've published a few paper on this, but they quickly get outdated. That's why now I'm developing
#TrackerControl
for
#iOS
... 1/3
Yesss.. Just bloody study what you're deeply interested in and care about. There's always gonna be something new to discover, instead of getting lost in studying all the old books on the shelf and pointing out the "flaws" of others.
Today, we're launching our blog on
#AI
#regulation
, with contributions from across a range of disciplines.
If you're interesting in the topic, have a peek at
Today marks the launch of . It is with great excitement that we begin this interdisciplinary exploration on the future of AI regulation. The roots of the project lie somewhere between London, Oxford and Venice.
ChatGPT 4o seems to be the best thing for language learning that's happened in a long time. Now, finally, you can just converse with the AI about any topic anytime in various languages. Fascinating.
Was an immense pleasure to help
@ODIHQ
put together this report. Our report tries to give practical guidance and dispel some myths around PETs, which promise to solve many privacy and compliance questions around data. But do they really?
Privacy enhancing technologies (PETs) can facilitate the sharing of sensitive
#data
while protecting individuals’ autonomy and
#privacy
.
Our research report, supported by
@rockefellerfdn
, explores federated learning:
#DPW2023
Key takeaways below👇(1/8)
@FAccTConference
@anastasia_shuba
@RDBinns
@emax
@Nigel_Shadbolt
Note that this is still a pre-print, and there might be minor changes of the paper until publication.
We analysed two versions of 1,759 iOS apps from the UK App Store: one version from before iOS 14 and one that has been updated to comply with the new rules.
got awoken by police this morning. i first thought i messed something up badly about the paperwork moving to a new country. yet, it turned out they were looking for someone else.. :)
On Monday,
@Google
officially became a
#monopoly
in the US, in the biggest antitrust ruling in decades. Most past scrutiny of Google focused on its dominance in online search and ads.
@googlechrome
is often overlooked, despite being key to Google's monopoly, as we argue.
This has been an inspiring inquiry together with
@risj_oxford
's alumnus
@FantaAlexx
of
@netzpolitik
, analysing some left-over data from my PhD research that I didn't have the capacity to turn into its own paper.
Apple forces developers give clear privacy information to app users. But according to new research, four out of five tested apps that claim to not collect data from users actually do. Stunning research by
@FascinatingTech
:
.
@GooglePlay
recently launched its "Data Safety" section. As part of this, developers are asked to declare what data they share with third parties. However, Google foresees A LOT of exemptions. This makes the new section somewhat misleading. 1/2
We reviewed the 18 most commonly used consent tools for mobile, and found that most of them rely on
@IABEurope
's flawed and non-compliant TCF.
Rather than the GDPR being "hard", we need stronger enforcement, better technical guidance and a more honest narrative. 2/3
It's a fascinating lesson in HCI and usability that
#ChatGPT
is mostly
#GPT3
(which didn't attract similar levels of concern and excitement), except that it now comes with a somewhat nicer user interface.
in an interesting turn of events, the
#AIAct
was finalised the same day that my grant proposal on the topic got rejected. one year of intense work. awaiting the exact feedback but most likely i'll be told, once again, that it lacks scientific relevance. why would CS need law?
iPhones and iPads are great. Yet, they are *intentionally* designed to keep us hooked.
@Apple
even removed a wealth of screentime apps when it rolled out its own, less effective app. User autnomy is just not in the business interest..
We discussed this approach already 2 years ago. Maybe, indeed, Apple can't act on this. The further centralisation of the iOS ecosystem with Apple could be concerning, but there also is a genuine need to find solutions for privacy in the IP protocol.
Apple's war on device fingerprinting has been pursued through piecemeal restrictions, such as the privacy features it introduced at last year's WWDC. The mobile advertising ecosystem has retreated to near-exclusive use of the IP address for fingerprinting, which is pervasive.
We continue to grow fast.. Make sure to apply if you're interested in a
#PhD
that using ML for genuine real-world impact. We have a track-record of publishing in the top ML conferences, and so working with us promises a good career beyond the PhD.
💪 We have a
#PhDposition
on
#NLProc
in
#legaltech
. Proven experience in ML/
#NLProc
is required. You will be working with computer scientists and lawyers on interesting projects!
📅 Apply by March 21st 👇
>>>