Your most intimate photos, intellectual property, and sensitive communications are at risk, laid bare in transit by a silent attacker. As you hit send on that email, you trust that your username and password are keeping the contents safe from prying eyes. However, an endemic vulnerability is stripping away that veil of privacy—one email provider…
Last Friday, I published an exposé on the privacy failings of airline websites, using Emirates as a case study. On Monday, The Register reported on my findings, and managed to get a response from Emirates. As the researcher who uncovered these issues, I feel compelled to address Emirates‘ vague and factually flawed statement. Let‘s break…
As a software developer, my phone and laptop are the tools of my trade. They contain sensitive data, proprietary code, and access to critical infrastructure. So when I was recently detained at the border and forced to unlock my phone, I felt not only violated but fearful for my company‘s security. It was a wake-up…
As a full-stack developer in today‘s privacy-focused world, it‘s more critical than ever to understand the implications of the European Union‘s General Data Protection Regulation (GDPR) on your web application logging practices. GDPR, which came into force in May 2018, has reshaped the way organizations collect, process, and store personal data of EU individuals. Non-compliance…
In an era where digital communication is ubiquitous and data breaches are all too common, protecting sensitive information and maintaining privacy in online conversations has become a top priority for individuals and organizations alike. While popular messaging apps like WhatsApp, Facebook Messenger, and iMessage claim to offer encryption, their closed-source nature makes it difficult to…
As a full-stack developer who has worked on numerous privacy-focused projects, I know firsthand the challenges of protecting user data in today‘s digital landscape. From data breaches and identity theft to invasive ad tracking and government surveillance, the threats to our online privacy are countless and constantly evolving. Consider these alarming statistics: According to the…
As a full-stack developer with extensive experience in web security and data privacy, I was disturbed but not entirely surprised by the rampant issues I found in my 2018 investigation into Emirates.com and their careless exposure of sensitive customer data. From leaking passport numbers to dozens of unnecessary third-party trackers to storing critical info unencrypted,…
The General Data Protection Regulation (GDPR) has revolutionized the way personal data is handled in the digital realm. As a full-stack developer, understanding the key concepts and terminology of this landmark European Union law is crucial for building compliant and trustworthy systems. In this comprehensive guide, we‘ll decode the jargon and explore the technical implications…
In today‘s hyperconnected digital world, we share vast amounts of personal information through online messaging apps owned by big tech companies with abysmal track records on privacy. While most popular messaging apps like WhatsApp, iMessage and Signal now implement "end-to-end encryption" (E2EE) that is promoted as protecting your private messages from prying eyes, a closer…
In the digital age, our lives are increasingly lived online. We work, learn, shop, bank, and socialize on the internet, leaving a vast trail of personal data in our wake. According to a report by cybersecurity company Surfshark, the average US internet user has their personal information spread across over 350 databases owned by data…