konrad kollnig
@FascinatingTech
Followers
1,386
Following
472
Media
59
Statuses
724
prof @maaslawtech / computer scientist + mathematician + ethical hacker / associate @ODIHQ / @UniofOxford PhD / tries to make tech less awful
Joined October 2019
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
اليوم الوطني
• 1305738 Tweets
Lebanon
• 764852 Tweets
EP3 U STEAL MY HEART
• 390024 Tweets
REBECCA ICONIC GIRL PFW25
• 258598 Tweets
ايران
• 192626 Tweets
Lebanese
• 177925 Tweets
Córdoba
• 163783 Tweets
#MülakatPuanlarındaAdaletYok
• 110479 Tweets
Rodri
• 107869 Tweets
Zelensky
• 105732 Tweets
Líbano
• 99245 Tweets
Grabois
• 77260 Tweets
Kellyrae
• 39448 Tweets
#الاهلي_الجندل
• 23677 Tweets
Nadu
• 21582 Tweets
State of Play
• 20057 Tweets
Thalia
• 19504 Tweets
Lorenzo
• 15411 Tweets
Dolph
• 14933 Tweets
Sooj
• 14069 Tweets
علي الاهلي
• 13973 Tweets
Ciro
• 13305 Tweets
Los Piojos
• 12777 Tweets
كاس الملك
• 11252 Tweets
Pinned Tweet
Feel humbled to have received very generous funding for my research. If you're looking for a
#PhD
position and have technical expertise, please reach out! We'll have an exciting team in Maastricht that seeks to design the future of artificial intelligence/machine learning.
#AI
Last month, Konrad Kollnig was granted an AiNed Fellowship for his research project RegTech4AI, merging law and tech to navigate and contribute to the global challenge of regulating AI technologies. Read more about RegTech4AI:
1
3
8
10
8
62
Munich State Court finds use of Google Fonts in violation of GDPR and grants compensation of 100€.
Legitimate interest didn't apply. The website operator could have integrated the fonts directly into their website, thereby avoiding sending IP addresses to Google.
#Boom
#Rechtsprechung
#Schadensersatz
LG München I Endurt. v. 20.1.2022 – 3 O 17493/20, GRUR-RS 2022, 612 spricht einen immateriellen SE iHv 100 € zu, weil die dynamische IP-Adresse an
#Google
(konkret: Google Fonts) in die USA übertragen wurde!
€
20
74
178
25
318
680
PhD thesis submitted – now off to the next adventure as an Assistant Professor at
@MaastrichtU
in their Law and Tech Lab
@maaslawtech
!
26
4
207
"Privacy. That's iPhone." – but is it? About 2 years into
@Apple
's big push for
#privacy
, the company still provides very limited
#evidence
.. I've published a few paper on this, but they quickly get outdated. That's why now I'm developing
#TrackerControl
for
#iOS
... 1/3
8
60
178
🚨One of my fav papers got accepted
@googlechrome
is the most used browser and gateway to the web—but how does it make money? Is it neutral? Studying 100s of technical+legal docs, we argue that Google uses it systematically to reinforce its market
#power
.
6
42
159
Have now passed my PhD defense ('DPhil viva' in Oxford lingo), thereby sadly bringing this journey this to an end.. Thanks
@ivanflechais
@mikarv
for their thorough feedback (and
@SandraWachter5
in earlier exams), and
@Nigel_Shadbolt
for his fantastic supervision. Auf Wiedersehen!
26
6
145
🚨 New pre-print – dark times for privacy. Not only announced Google yesterday to continue allowing cross-site cookies in Chrome. We find that Android's central privacy options are ineffective and arguably misleading for consumers.
For more than 10 years, Google has allowed
5
55
132
Apple shook up stock markets with its privacy changes under iOS 14, but have these changes actually improved user privacy meaningfully?
This is what we investigated in a new
@FAccTConference
paper.
@anastasia_shuba
@RDBinns
@emax
@Nigel_Shadbolt
2
41
112
It's known that
@Apple
goes to much length to control their devices. Hence, there didn't used to exist ANY tool for researchers to automatically interact with iOS apps. This is, however, important for privacy research. Have built something now.. Enjoy the slightly nerdy set-up :)
8
15
108
@OxfordHCC
There are ways to configure the custom embedding of fonts such that they don't delay the first paint of the website (up to 3 seconds in Chrome and Firefox).
More here:
5
4
69
Research on app privacy at scale relies on granting apps automatically all permissions to observe their data flows.
For Android, that's easy -- for iOS, no known method has thus far existed.
On my blog, I've now developed exactly such a method for iOS..
4
14
61
Feeling proud that my PhD thesis, combining technical and legal methods, won the renowned
@coe
Data Protection Award. Most of this work was a team effort, together w/
@Nigel_Shadbolt
@RDBinns
@emax
@anastasia_shuba
...
Details:
#StefanoRodot
à
8
3
60
It's been 4 years since the introduction of the
#GDPR
. The guidance by the
@ICOnews
for app developers is still not updated. Massive violations of GDPR continue, as studied in our work at
@OxfordHCC
.. Does anyone know good GDPR guidance for app developers who are no lawyers? 1/2
9
12
58
🚨 PhD is nearly done and now looking for a follow-up
#job
. I need a team that looks for
#impact
, truly works across
#disciplines
, and
#inspires
each other.
My interests are tech law, privacy in apps, maths and ML, digital platforms and political science, and macroeconomics.
5
18
54
Google Fonts is a great service, but the integration of the fonts into your own website is super easy.
We've done this on our
@OxfordHCC
website.
3
5
51
My app
#privacy
library now handles all top 20 third-party SDKs (according to
@ExodusPrivacy
), reduces data collection within them, and automatically sets up a consent flow.
It also implements a consent flow for the
#Android
Advertising ID, if wished for.
Still working on UI.
2
10
48
🇨🇳 New paper published. We looked at
#China
's 2021 privacy law—the
#PIPL
—and how it affected
#privacy
and
#competition
in
#iOS
apps. We find a sudden increase in consent banners + a more competitive digital landscape compared to EU/US + much more. Link:
0
13
48
3 years of CS PhD vs 1 year at law faculty. Which stack belongs to which? Are they turning me into a lawyer?!
@maaslawtech
@lawinmaastricht
1
3
45
Guess who won the Student Paper Award, analysing (the widespread absence of) consent to user tracking in mobile apps? 🤩
Join FPF for the 12th Annual Privacy Papers for Policymakers Award virtual event on February 10. The winning authors will join FPF staff to present their work at an event with policymakers from around the world, academics, & industry privacy professionals.
0
17
42
5
3
45
New article ➡️ We looked at sharing of GP health data in the UK, from both a legal (GDPR) and ethical (nudge ethics) perspective.
[New paper] Towards responsible, lawful and ethical data processing: patient data in the UK, By Tess Johnson, Konrad Kollnig, & Pierre Dewitte
#dataprotection
#privacy
0
11
26
3
12
41
Finally, our 3-year
@CompSciOxford
effort found a home at
@FAccTConference
.
In this paper, we introduce+study a "right to repair for apps" and develop a prototype:
#GreaseDroid
. This promises browser
#extensions
for apps, and rich follow-up research 1/
2
11
37
@FAccTConference
@anastasia_shuba
@RDBinns
@emax
@Nigel_Shadbolt
We find evidence that Apple, itself, engages in tracking activities in forms that other companies would not be able to. For example, Apple regularly collects the UDID, which other developers have not had access to since 2013. This allows Apple to track device sales accurately.
1
5
38
Since there doesn't exist a lot of material for
#GDPR
#compliance
for
#app
#developers
, I've created a new project to help.
So far, my code can be used to check if you implement consent to Google Firebase Analytics correctly -- the most common library.
2
9
37
🚨 Tech/Law Nerds Sought
Maastricht University is currently investing a lot in law/tech and is hiring new PhD students and assistant professor in the area. Application deadline is July 2. Feel free to reach out if you know someone who might be interested!
1
9
37
@OxfordHCC
This embedding might increase, however, loading times (because fonts cannot be retrieved from the cross-site browser cache).
Better not use custom fonts if you're highly concerned about rendering speed.
5
0
37
@FAccTConference
@anastasia_shuba
@RDBinns
@emax
@Nigel_Shadbolt
Overall, we conclude that Apple's changes have traded more privacy for more concentration of data collection with fewer tech companies. This underlines that privacy and competition problems can be highly intertwined in digital markets and need holistic study.
1
6
35
In my work with
@CompSciOxford
and
@ODIHQ
, I've been working a lot on
#PETS
and
#GDPR
. This highlighted the risk of facilitating non-compliant data practices, esp. by big tech, and the need for protections. I will discuss some of this work at a conference by
@oblivious_AI
soon.
1
5
32
Was extraordinary to be back to my other home in California to present our paper on
#privacy
in 🇨🇳 Chinese
#apps
, and exchange with so many great individuals. We even won their Best Paper Award. Looking forward to working more in the space of international data regulation!
0
1
31
La première présentation de mon travail en français !
@LINCnil
@CNIL
Un grand plaisir. Merci
@libidosciendi
@vtoubiana
!
5
1
32
This tool aims to make it possible for ANYONE to use the privacy analysis tools () from my PhD research. No coding skills are necessary.
You can find a working DEMO (not accepting new apps for analysis atm) at 2/3
2
12
31
new trackercontrol version with improved support for Android 14 :)
1
6
28
lost my best friend last week. a shame that mental health is still such a taboo, and that treatment is too limited. yet it, too, reminds me that all that matters is love and the human connection; everything else in life is a mere footnote.
E St Nation is mourning the loss of one of our Scottish brothers.
Will raise a glass tonight, rest easy Connor 🎸🎷
BRUCE SPRINGSTEEN - I'll See You In My Dreams - Dublin - RDS Arena 2023-... via
@YouTube
10
14
119
2
0
26
I've applied to become an affiliate marketer of
@Apple
. These marketers get almost direct access to App Store data – something that Apple doesn't usually provide to academic researchers.. Instead, third-parties provide this service for a few 10,000s (!!) of dollars.. 1/2
2
1
25
@FAccTConference
@anastasia_shuba
@RDBinns
@emax
@Nigel_Shadbolt
We also present evidence that cohort tracking + fingerprinting is still possible, and used to practice mitigate the impacts of Apple's changes. This means that more tracking is taking place through trackers' server-side code, which is nearly impossible for researchers to study.
1
1
23
@lilianedwards
@peterkwells
It strikes me how the design of the internet, being based on IP addresses, comes with surveillance technology baked in. 🤯 Widely underestimated threat.
5
1
23
Many wish for a simple tool to determine what data apps share. Unfortunately, there currently exists no simple tool for latest Android versions.
I have a clear idea of how to build this tool but lack time for coding. Anyone with ideas for how to make such coding happen? 1/3
4
5
19
Welcome to all the new students to one of the most international law faculties in Europe!
@lawinmaastricht
#newacademicyear
0
0
19
@lilianedwards
@peterkwells
Not sure how well the ruling generalises. In this specific case, however, the more privacy-preserving method comes with almost no drawbacks and takes 1 minute to implement in code. A cautionary tale for developers of IT.
2
1
19
The corresponding code is available at 3/3
0
4
18
Great to see some action against the vast levels of non-compliance in mobile apps. (And was fun to advise noyb on how to do the data analysis.)
📝 Have you ever wondered how mobile apps are handling your personal data?
Fnac, MyFitnessPal and SeLoger illegally share it with third parties immediatly after opening.
To stop this practice, we filed three complaints against the companies in France.
2
40
87
1
1
18
Have passed my French B2 test, after studying the language inconsistently for 8 years now. :)
3
0
18
Am joining the
#UCU
strikes today since my effective pay as a teaching assistant is below the minimum wage. This is just not tenable.
0
0
18
had such a great time visiting the picnic day at UC Davis. A whole uni on fire 🔥
1
0
16
I've been reading and re-reading the various versions of the AI Act quite a few times. I still wonder: did we really have to spell out on 140+ pages that AI engineers should do no harm and be responsible?
2
2
17
New feature for TrackerControl: install notifications that tell you whether you're on the safe side (in terms of app
#tracking
).
The notification also reminds users to allow certain trackers in case of problems during app use.
1
0
15
weird moving to NL, originally from DE. it's been 4 months and i read the newspaper without problem. meanwhile, i've been learning FR for 7 years, and it's still a big struggle. love languages..
1
0
16
Even though I defended my PhD in app privacy on Tuesday, I still think that 2FA is essentially a crime against humanity. It's the wrong solution to the wrong problem. Replacing multi-use passwords is the way to go..
3
0
13
The outcomes from computer science can have an enormous impact on our day-to-day lives, both positive and negative. As a result, there are plenty of calls that argue for more ethics education to fix our problems. I think this misses the root problem. 🧵 1/
2
1
14
Have fixed problems with the analysis. It's online again!
"Privacy. That's iPhone." – but is it? About 2 years into
@Apple
's big push for
#privacy
, the company still provides very limited
#evidence
.. I've published a few paper on this, but they quickly get outdated. That's why now I'm developing
#TrackerControl
for
#iOS
... 1/3
8
60
178
0
1
13
My first law journal paper is online. In it, my colleague Lu Zhang from CUPL and I analysed kids' data protection under the PIPL (i.e. China's
#GDPR
version). 🇨🇳 As we find, it's rather complicated and lacks in enforcement..
0
1
12
inspired by
@PET_Symposium
, i'm now trying to become a somewhat serious privacy researcher.. switched away from safari, set up proton mail, installed mullvad, and ordered a new (albeit pre-owned) phone that is compatible with graphene OS. let the fun begin!
2
0
12
What a ridiculous debate. Italy, Spain, France, ... Why not first talk about and tame real-time bidding, hiring algos or privacy in social media?
Spain's data protection agency has asked the European Union's privacy watchdog to evaluate privacy concerns surrounding OpenAI's ChatGPT
1
10
19
3
0
12
Was a lot of fun speaking at the
@CNIL
about some of our research at
@OxfordHCC
. Thanks for kindly hosting us!
@imt_bs
Welcome to the next panel : "Smartphones et applications" with:
👉
@AlvaroFeal
@IMDEA_Networks
, Spain
👉Konrad Kollnig
@FascinatingTech
(
@UniofOxford
, United Kingdom) et
@PiDewitte
(
@CiTiP_KULeuven
, Belgium)
👉
@Naif5Mehanna
@Inria_Lille
University of Lille
2
3
7
0
1
12
It's been wonderful to meet the amazing
@anastasia_shuba
finally in person in LA.
What started as an email exchange about data and methods from her previous papers turned into super fruitful collaboration.
We've got lots more to come!
After 2+ years of remote collaboration and 2 published papers, I finally got to meet the amazing
@FascinatingTech
in-person! Looking forward to continuing our exploration of privacy practices in the mobile ecosystem 👊
0
0
16
0
0
12
was fun to write a summary of our short GenAI
@icmlconf
workshop article that explored platform power and antitrust in generative AI for
@mtlaiethics
0
1
11
@FinancialTimes
As ever, all my tools are open-source and on GitHub. Contributions welcome! 11/
1
3
11
I've always thought the hysteria was exaggerated. There are real threats to our democracies but people aren't stupid and just fall for social media algorithms and misinformation. There's so much more to it.
New in
@Nature
: Misunderstanding the harms of online misinfo
Debunks unsupported claims about social media exposure/effects and shows low exposure concentrated in motivated fringe. We recommend holding platforms accountable for exposure in high-risk tails
35
209
560
0
1
11
Have you ever wondered how to use your
#technical
#skills
for
#social
#impact
? Then, you might be interested in our new opening for a PhD position on Machine Learning, Data Science and Algorithmic Accountability
@maaslawtech
. Please
#share
!
More details:
0
11
11
An immense step to bring personalised advertising in compliance with the GDPR.
Who'd have thought that the
@IABEurope
didn't even conduct a Data Protection Impact Assessment for its "consent" framework TCF that annoys individuals across the web?
A win indeed, and a milestone in the fight against online behavioural advertising. We'll now be busy analysing the 127-page-long decision. Special thanks
@ICCLtweet
's
@johnnyryan
, the main driving force behind this initiative, and to the wonderful team
@timelex_lawfirm
.
2
7
34
1
0
10
Extremely important work to unpack data rights + "privacy-preserving" technologies. Privacy (which is different to confidentiality), as discussed in ample literature, is highly individual, and can, as such, never be protected through tech alone – however sophisticated.
New 📄: “Denied by Design? Data Access Rights in Encrypted Infrastructures”. Tension: Platforms are using more edge/privacy-enhancing tech to learn about the world, keeping data on user's devices — yet also hiding that data from those same users. 🧵
3
63
190
0
7
11
well deserved. one of the most committed and humble academics that i've had the honour to meet. am beyond excited to see what's next to come.
Many congratulations to Carissa Véliz for earning the prestigious Leverhulme Major Research Fellowship! This three-year fellowship will support Carissa in advancing her research on
#aiethics
and undertaking the writing of a new book. Much-deserved and well-earned!👏
13
29
302
0
1
11
Highly recommend this paper, which tells you everything you need to know about tracking on web / mobile / IoT.
The paper both serves as a useful introduction to the topic of tracking and also as a helpful reference regarding the relevant literature and concepts.
New preprint up: "Tracking on the Web, Mobile and the Internet-of-Things"
I reviewed two decades of research about user tracking on web / apps / 'smart' things. I've tried to condense over 300 papers and make it an accessible primer to the field.
5
81
189
0
0
11
@mikarv
@OpenAI
@DeviantArt
Wondered about that, too. Hope the original creators will get compensated?
2
0
10
@AnupamChander
What about Congress getting its act together and actually giving non-US nationals sufficient protections and/or enacting a privacy law?
0
0
10
@FAccTConference
@anastasia_shuba
@RDBinns
@emax
@Nigel_Shadbolt
Tracking users is now harder for apps because they cannot access the Identifier for Advertisers (IDFA) anymore. This is positive for user privacy.
1
0
10
Some data practices are simply not allowed, weren't even before the GDPR, and cannot be made compliant, no matter how hard one tries.
Our prototype is freely available at GitHub. 3/3
1
0
10
Back in 2020, I started a little website on helping
#app
#developers
comply with basic
#GDPR
rules.
Am thinking to work on this again because there still is so little guidance on how to do the basic things as an app developer.. Four year into the GDPR..
0
1
10
ATT-ish opt-in has actually been a required since 2009 (and probably longer) in the EU/UK, but AdTech companies like Google and Facebook never properly implemented it. Completely out-of-touch discussion, given the long-standing legal requirements in the EU/UK. This should stop.
1) I'm still surprised by the lack of public discourse around the impacts of
@apple
's iOS 14 changes - all in the name of privacy - that are leading to massive adverse effects to SMBs and innovative companies everywhere. They might bear as much blame for a recession as inflation.
314
333
3K
0
4
10
One of the most welcoming and diverse colleges of Oxford. A true delight to have been part of this community.
⏱️Only a few days left until
#oxfordopendays
, and we can't wait to welcome you to Hertford 🦌❤️
We're perfectly located at the heart of Oxford, so pop in to meet our friendly students and tutors, peek inside the bridge, and join us for (free) lunch!
👉
0
3
4
0
1
9
A tool like this would be super important for NGOs, journalists, and researchers.
At a high level, the tool needs to 1) implement a TLS stack for network analysis (like PCAPdroid), and 2) disable network security in apps (like apk-mitm). I'd like to combine existing tools.. 2/3
1
1
8
We're online again (this time really).. :)
"Privacy. That's iPhone." – but is it? About 2 years into
@Apple
's big push for
#privacy
, the company still provides very limited
#evidence
.. I've published a few paper on this, but they quickly get outdated. That's why now I'm developing
#TrackerControl
for
#iOS
... 1/3
8
60
178
0
1
9
@lsaiz
Not sure. The EU DSA sees platforms as essentially public, even if they require registration at no cost.
0
1
8
Yesss.. Just bloody study what you're deeply interested in and care about. There's always gonna be something new to discover, instead of getting lost in studying all the old books on the shelf and pointing out the "flaws" of others.
God, I am sick and tired of the ‘research gap’ narrative. Can we stop teaching students this nonsense?
67
652
6K
0
2
9
Today, we're launching our blog on
#AI
#regulation
, with contributions from across a range of disciplines.
If you're interesting in the topic, have a peek at
Today marks the launch of . It is with great excitement that we begin this interdisciplinary exploration on the future of AI regulation. The roots of the project lie somewhere between London, Oxford and Venice.
1
13
35
1
2
9
ChatGPT 4o seems to be the best thing for language learning that's happened in a long time. Now, finally, you can just converse with the AI about any topic anytime in various languages. Fascinating.
0
1
9
Was an immense pleasure to help
@ODIHQ
put together this report. Our report tries to give practical guidance and dispel some myths around PETs, which promise to solve many privacy and compliance questions around data. But do they really?
Privacy enhancing technologies (PETs) can facilitate the sharing of sensitive
#data
while protecting individuals’ autonomy and
#privacy
.
Our research report, supported by
@rockefellerfdn
, explores federated learning:
#DPW2023
Key takeaways below👇(1/8)
1
11
25
0
1
9
@FAccTConference
@anastasia_shuba
@RDBinns
@emax
@Nigel_Shadbolt
Note that this is still a pre-print, and there might be minor changes of the paper until publication.
We analysed two versions of 1,759 iOS apps from the UK App Store: one version from before iOS 14 and one that has been updated to comply with the new rules.
2
1
9
got awoken by police this morning. i first thought i messed something up badly about the paperwork moving to a new country. yet, it turned out they were looking for someone else.. :)
2
0
9
On Monday,
@Google
officially became a
#monopoly
in the US, in the biggest antitrust ruling in decades. Most past scrutiny of Google focused on its dominance in online search and ads.
@googlechrome
is often overlooked, despite being key to Google's monopoly, as we argue.
In new research,
@Shaoor_Munir
,
@FascinatingTech
,
@anastasia_shuba
and
@zubair_shafiq
explore how Google uses its web browser, Chrome, to maintain its dominance in other online markets, particularly advertising and search.
0
3
13
0
5
9
This has been an inspiring inquiry together with
@risj_oxford
's alumnus
@FantaAlexx
of
@netzpolitik
, analysing some left-over data from my PhD research that I didn't have the capacity to turn into its own paper.
Apple forces developers give clear privacy information to app users. But according to new research, four out of five tested apps that claim to not collect data from users actually do. Stunning research by
@FascinatingTech
:
2
59
107
1
4
8
.
@GooglePlay
recently launched its "Data Safety" section. As part of this, developers are asked to declare what data they share with third parties. However, Google foresees A LOT of exemptions. This makes the new section somewhat misleading. 1/2
1
0
9
Am in Paris ahead
#CPDP
from tomorrow and keen for some live music. Any recommendations for some good venues (e.g. jazz bars)?
5
0
9
Been a lot of fun discussing some of our latest research with Kohei!
Tune in! "Privacy Talk" with
#privacy
research and transparency interview! 29th guest is
@FascinatingTech
, PhD student at University Oxford :) Let's join together!
@GilbertHill
@LourdesTurrecha
@Fahad_Diwan
@SpirosMargaris
@PrivateNLP
@KavyaPearlman
4
9
23
1
1
8
We reviewed the 18 most commonly used consent tools for mobile, and found that most of them rely on
@IABEurope
's flawed and non-compliant TCF.
Rather than the GDPR being "hard", we need stronger enforcement, better technical guidance and a more honest narrative. 2/3
1
0
7
in an interesting turn of events, the
#AIAct
was finalised the same day that my grant proposal on the topic got rejected. one year of intense work. awaiting the exact feedback but most likely i'll be told, once again, that it lacks scientific relevance. why would CS need law?
3
0
8
iPhones and iPads are great. Yet, they are *intentionally* designed to keep us hooked.
@Apple
even removed a wealth of screentime apps when it rolled out its own, less effective app. User autnomy is just not in the business interest..
0
3
7
We discussed this approach already 2 years ago. Maybe, indeed, Apple can't act on this. The further centralisation of the iOS ecosystem with Apple could be concerning, but there also is a genuine need to find solutions for privacy in the IP protocol.
Apple's war on device fingerprinting has been pursued through piecemeal restrictions, such as the privacy features it introduced at last year's WWDC. The mobile advertising ecosystem has retreated to near-exclusive use of the IP address for fingerprinting, which is pervasive.
8
12
60
0
1
8
We continue to grow fast.. Make sure to apply if you're interested in a
#PhD
that using ML for genuine real-world impact. We have a track-record of publishing in the top ML conferences, and so working with us promises a good career beyond the PhD.
💪 We have a
#PhDposition
on
#NLProc
in
#legaltech
. Proven experience in ML/
#NLProc
is required. You will be working with computer scientists and lawyers on interesting projects!
📅 Apply by March 21st 👇
>>>
1
9
8
0
3
7