Invited talks

Keynotes

Interviews by the media

Impact on society

After being awarded a Personal Research grant ANR JCJC, in 2018 I have started the ANR PrivaWEB project by establishing a multidisciplinary team of computer scientists and legal scholars to study privacy and legal compliance of Web applications with the EU Data Protection law. This new team was an excellent strategy to tackle complex issues of compliance from legal and technical perspectives.

First collaboration with the legal scholar

Our collaboration with the legal scholar Cristiana Santos helped the team to better understand the EU Data Protection law and jointly investigate how law should apply to new tracking technology and user consent. We have published the first joint article in a journal in Law and Technology, at TechReg in 2020. Impact of this work is manyfold:

Academic tool used to file 3 complaints to the French Data Protection Authority (CNIL)

In 2019, with we designed a compliance testing tool "Cookie Glasses" for consent banners and identified numerous violations, published in a top computer security conference, IEEE Security & Privacy 2020. This research has led to one of the first cases where a tool from academia has been used by an NGO (non-governmental organisation):

Collaboration with the design scholar and its immediate impact on policy makers

In early 2020, we have established a new collaboration with researcher in design Colin M. Gray - this has led to a remarkably new and influential paper on dark patterns and legal requirements of cookie banners, published in 2021. This work has been cited in the following reports by regulators:

Legal roles and responsibilities and the decision of Belgian Data Protection Authority

Our multidisciplinary team analyzed the practices of the consent banner providers, investigating legal roles and responsibilities of each actor. Thanks to the arguments in our APF 2021 paper, these companies have been then reclassified as "data controllers", rather than mere processors. This work had an immediate practical importance:

Contributions to the EDPB and EU Data Protection Authorities

We have contributed to several public consultations of the EU Data Protection Authorities:

Popularisation of scientific knowledge

Software

ERNIE extension to visualise cookie syncing

The Ernie extension is released as part of the WPES'21 paper In-Depth Technical and Legal Analysis of Tracking on Health Related Websites with ERNIE Extension. This extension is able to recognize complex tracking techniques and categorize HTTP requests into one of six tracking categories.

A more thorough explanation of the functionality, and the up to date source code of the extension can be found on: https://github.com/vwesselkamp/ernie-extension, last updated in 2021.

Cookie Glasses

Cookie Glasses is a browser extension that shows what information the web browser stores when consent is registered by cookie banners of IAB Europe's Transparency & Consent Framework. This extension has been used in our IEEE S&P'20 study on cookie banners.

More information is available here: https://github.com/Perdu/Cookie-Glasses, last updated in 2020.

Browser Extensions and Login-Leak experiment

In the experiment, we collect user's browser fingerprint, together with the browser extensions installed and a list of websites she has logged in. We show how unique are Web users based on their extensions and Web logins.

Experimental website is available at https://extensions.inrialpes.fr/, last updates in 2019.

Control What You Include

This tool allows Web developers to gain control over the third party content they include. Our solution is based on the automatic rewriting of the web application so that the third party requests are redirected to a trusted third party server that automatically eliminates third-party tracking cookies and other Web tracking technologies.

More detailed description is available here, last updates in 2018.

WebStats

WebStats collects, on a monthly basis, a number of JavaScript and security statistics about top 10 000 webpages: the usage of popular JavaScript libraries; the usage of different language constructs in these libraries; use of Content Security Policies and secure cookies, etc. The WebStats website can be used by programmers, researchers in programming and researchers in privacy.

The website is available at http://webstats.inria.fr/, last updates in 2018.