PRIVACY Logs
Opt-in requires the user to actively agree before data processing begins. Opt-out assumes consent unless the user objects. Only opt-in is legally valid in the EU.
The EU Court of Justice (EuGH) ruled in the Planet49 case (October 1, 2019) that the only valid form of consent for p...
Q What are the three classic IT security goals (CIA triad)?
The CIA triad consists of Confidentiality (information stays secret), Integrity (information stays correct and unaltered), and Availability (information and systems remain accessible when needed).
* The CIA triad of information security. — Michel Bakni, CC BY-SA 4.0, via Wikimed...
Q How do the six data protection and security goals apply practically to a data backup scenario?
Each of the six goals (confidentiality, integrity, availability, transparency, unlinkability, intervenability) translates into specific backup measures — showing how abstract principles become concrete technical requirements.
Applying all six goals to data backups:
Goal
Backup...
Q What is the difference between "action-oriented jihadists" and "skilled significance seekers" in ter...
"Skilled significance seekers" use social media at a rate of 95%, compared to only 30% for "action-oriented jihadists" — the more operationally focused someone is, the less they post online.
* The most operationally dangerous actors post the least — the SOCMINT detection paradox...
Q What are some go-to resources and communities for learning OSINT/SOCMINT techniques?
A small set of well-known practitioners and projects publish the field's working knowledge — Bellingcat, OSINTCurious, Week in OSINT, and IntelTechniques among them.
Because tools and platforms change constantly, staying current means following the people who track those changes....
Q How does mobile app tracking fundamentally differ from web tracking?
Apps bypass the browser entirely — they have direct, privileged access to hardware sensors, OS APIs, and persistent storage, enabling far more comprehensive data collection than web tracking.
Why apps are more invasive:
No HTTP-based tracking — apps use proprietary communication...
Q What makes regulatory compliance especially hard for unstructured data?
Detection difficulty, sheer scale and volume, translating policy into technical controls, and the need for continuous adaptation.
Challenge
Why it's hard
Detection difficulty
Automated systems struggle to reliably find all PII in free-form text, media, and complex formats....
Q What's the difference between rule-based and model-based guardrails?
Rule-based guardrails use deterministic patterns (regex, entity lists, similarity thresholds); model-based guardrails use AI classifiers or an LLM-as-judge to evaluate content.
Rule-based
Model-based
Pattern matching — regex for URLs, credit cards, SSNs (e.g. Microsoft Pre...
Q How did Alan Westin define privacy, and what are the three dimensions of privacy?
Privacy is the claim of individuals, groups, and institutions to determine for themselves when, how, and to what extent information about them is communicated to others.
* Westin's three dimensions of privacy: personal, territorial, informational. *
This landmark definition come...
Q What counts as "data processing" (Datenbearbeitung) under Swiss data protection law?
Any handling of personal data whatsoever, regardless of the means or methods used.
The legal definition is deliberately broad. Data processing includes any operation involving personal data. The five main categories are:
Operation
German term
What it covers
Collecting
Besc...