About me

Konstantin Weddige

I am an IT security expert and co-founder of Lutra Security GmbH. My motivation is to make risks understandable and to contribute sustainably to a safer internet.

Besides that, I am an active open source contributor. The modern digital world as we know it would not be exist without open source software. Not only is much of the end-user software I use open source, but the key technologies of the Internet and most IoT devices and smartphones are based on open source software. That this is possible is not a given, and that’s why I believe we should all give something back from time to time, whether it’s a bug report, a bug fix, or a new application.

Extension of the Robots Exclusion Protocol (AI Training)

With the rise of LLMs and their need for vast amounts of training data, there is also a need for a way to indicate whether data may be used to train such models. This article proposes two ways for websites to opt-out from being crawled for training purposes.

This is done while being fully aware of the limitations of relying on the developers of AI models to respect this convention. Server-side blocks could archive this goal more effectively, but they also rely on the convention of bots identifying themselves by a user-agent, and it is increasingly difficult to maintain a comprehensive list of user-agents used to crawl training data. Establishing a voluntary self-commitment can at least provide a convenient way of dealing with good-faith actors, while at the same time providing a way of identifying bad-faith actors.

Salamander/MIME – Lutra Security

If you remember kobold letters, you already know not to blindly trust emails. But it’s not just HTML emails that can be deceiving. In this article, we’ll take a look at S/MIME and how we can use the concept of invisible salamanders to craft messages that tell each recipient a different story. Let’s talk about Salamander/MIME.