blue News — 19/02/2026

The Swiss eID audit highlights a trade‑off: release on schedule with fewer security features, or delay to strengthen protection. Christopher Allen, from his work on the TLS protocol, offers three lessons for eID: bugs expected to be fixed in 3–5 years can take 20; the mindset for designing a 20‑year architecture differs from the startup mindset of building a 2‑year product; and once shipped, “good enough” often becomes permanent.

Financial Times — 18/02/2026

This case is striking in that, while we usually focus on the risks of data theft and profiling from Big Tech, the core threat here is addiction and its devastating long-term impact on the mental health of young people, such as depression, anxiety and body dysmorphia. Internal documents prove that Meta was aware of the harm. Guardrails exist, and countries such as China enforce them; yet Zuckerberg overruled 18 experts. The only logical explanation beyond the rhetoric of 'free expression' is the desire to expand the captive audience and prioritize profit over children's well-being. Just as we had the tobacco industry in the 1980s, now it's big tech's turn.

Schneier on Security — 16/02/2026

Since ChatGPT crashed onto the scene in late 2022, attacks involving LLMs have kept pace with the breakneck speed at which they are being integrated into every aspect of our digital lives. This paper is the first that I'm aware of that takes a step back and not only catalogues the attacks by type, but also creates a taxonomy to guide security research into this new world of attacks on and by LLMs. Definitely a must-read for anyone working in security!

ETHZ — 16/02/2026

Eine Studie über Open-Source Passwort-Managern, die die Passwörter in der Cloud speichern. Da die Programme öffentlich einsehbar sind, hat ein Student von der ETHZ nach Schwachstellen gesucht, und einige gefunden. Alle Fehler waren nur durch einen bösartigen Betreiber ausnutzbar, hatten aber zur Folge, dass Passwörter veränderbar oder sogar einsehbar waren. Die drei Passwort-Manager haben die 90 Tage 'responsible disclosure' genutzt, um die Schwachstellen zu beheben.

The Guardian — 06/02/2026

Let us celebrate a milestone in digital safety. The European Commission has found TikTok in breach of the EU Digital Services Act for its algorithms designed to hook users. This follows another recent win, with Australia’s social media ban on minors under the age of 16. While the wheels of governance move achingly slow in comparison to the pace of technological change, and we can expect strong pushback from the company, we can at least take comfort in the knowledge that research, dialogue, awareness-raising and advocacy do move the needle.