I am an IT security expert and co-founder of Lutra Security GmbH. My motivation is to make risks understandable and to contribute sustainably to a safer internet.
Besides that, I am an active open source contributor. The modern digital world as we know it would not be exist without open source software. Not only is much of the end-user software I use open source, but the key technologies of the Internet and most IoT devices and smartphones are based on open source software. That this is possible is not a given, and that’s why I believe we should all give something back from time to time, whether it’s a bug report, a bug fix, or a new application.
Read moreJan Wildeboer’s thread on setting up a cooperative CA inspired me to finally write down (and then forget about them again for over a week) my thoughts on a related topic: Email encryption.
With PGP and S/MIME, we already have two mature solutions for sending encrypted emails that have been around for decades. And while there are a few issues here and there, we can essentially consider the problem solved. If it wasn’t for the UX…
Read moreWith the rise of LLMs and their need for vast amounts of training data, there is also a need for a way to indicate whether data may be used to train such models. This article proposes two ways for websites to opt-out from being crawled for training purposes.
This is done while being fully aware of the limitations of relying on the developers of AI models to respect this convention. Server-side blocks could archive this goal more effectively, but they also rely on the convention of bots identifying themselves by a user-agent, and it is increasingly difficult to maintain a comprehensive list of user-agents used to crawl training data. Establishing a voluntary self-commitment can at least provide a convenient way of dealing with good-faith actors, while at the same time providing a way of identifying bad-faith actors.
Read more