Tokenless

Threat modeling

Designing safe digital systems for the humanitarian sector

Designing safe digital systems for the humanitarian sector

Carmela Troncoso from EPFL discusses her collaboration with the International Committee of the Red Cross (ICRC) to digitalize humanitarian aid distribution. She advocates for a paradigm shift from data minimization to "purpose limitation," designing systems that are structurally incapable of being misused, even if the data is accessed. The talk details a practical, low-cost, and connectivity-resilient system built on this principle, using smart cards and cryptographic techniques to protect vulnerable aid recipients while meeting the operational needs of the ICRC.

A Framework for Abusability Analysis: The Case of Passkeys in Interpersonal Threat Models

A Framework for Abusability Analysis: The Case of Passkeys in Interpersonal Threat Models

This talk introduces an "abusability analysis framework" to evaluate technologies like passkeys under interpersonal threat models, such as intimate partner violence. An analysis of 19 services revealed critical implementation flaws, including irrevocable cloned passkeys and the failure of password resets to secure accounts, which can create persistent backdoors for abusers.