Oct 01, 2025

Encrypted Access Logging for Online Accounts: Device Attributions without Device Tracking

Client-Side Encrypted Access Logging (CSAL) is a proposed protocol that uses OS-level cryptography and FIDO2-style attestations to create trustworthy, privacy-preserving account activity logs, resolving the tension between preventing user tracking and accurately detecting account compromise.

Sep 24, 2025

A Framework for Abusability Analysis: The Case of Passkeys in Interpersonal Threat Models

This talk introduces an "abusability analysis framework" to evaluate technologies like passkeys under interpersonal threat models, such as intimate partner violence. An analysis of 19 services revealed critical implementation flaws, including irrevocable cloned passkeys and the failure of password resets to secure accounts, which can create persistent backdoors for abusers.