SecAppDev 2026 - Privacy

XS-Leaks bypass the same-origin policy to infer sensitive user data via browser side-channels. Learn how these invisible attacks work, what browser vendors are doing, and the simple steps you can take to secure your applications.

Key takeaway: XS-Leaks bypass SOP through side channels and native browser features; learn how SameSite and Fetch Metadata help defend your apps.

This talk traces crypto wars from limits on research and key escrow to Apple vs. FBI. It covers debates on scanning communications and EU plans for access to encrypted data, ending with privacy risks of the EU Digital Identity Wallet.

Key takeaway: Crypto wars show ongoing tension between privacy & surveillance, with growing risks to online privacy

In this session, you'll dive into how this creates interesting vectors for privacy attacks on AI/ML systems. You'll also be introduced to what types of interventions might work to address such issues.

Key takeaway: Information exfiltration due to memorization is an interesting attack vector for today's AI/deep learning models.

Cybersecurity shapes society. This talk shows how ethical frameworks can guide security analysis and design. It covers harms to privacy and property, transparency and disclosure, and AI impacts, all based on real-world cases.

Key takeaway: An increasingly digital society implies that software developers are facing more ethical issues; this requires critical reflection.