IEEE Milestone Award Ceremony

Laurie-Anne is Chief Information Security Officer for a university hospital in Brussels. She focuses on Governance, Risk and Compliance topics and in an expert in compliance implementation with European regulations such as NIS2, DORA or the GDPR. She previously was a consultant within EY where she led the privacy practice for Belgium (non-banking sector), ISO/DPO at Isabel a Belgian FinTech, and Senior Privacy Manager at Sony Electronics; in these positions she helped companies implementing the requirements of GDPR: from identification of personal data to design of documentation and handling of data subjects’ requests. She also has a strong background in information security and is certified CISSP, FIP, CIPP/E, CIPM, CDPSE and DPO under the CNIL referential.

With the rise of data protection regulations like GDPR a greater emphasis is placed on privacy, encryption has become a primary tool in safeguarding personal data, in addition to company data. However, organizations also require the ability to inspect encrypted data to detect and mitigate security threats. This talk will explore the inherent tension between the use of strong encryption to protect data and the need for security teams to access encrypted data for threat detection and response. It will also explore techniques such as data anonymization and privacy-preserving analytics, which allow security teams to monitor systems without violating user privacy, as well as governance practices that ensure compliance with privacy laws while enabling robust threat detection capabilities.

Gunes Acar is an Assistant Professor in the Digital Security group at Radboud University. His research focuses on uncovering privacy and security risks across the web, mobile, and IoT ecosystems, with a particular focus on unconventional tracking methods. He also studies deceptive and manipulative (dark) design patterns, and anonymous communication networks.

Acar's findings have influenced web standards, strengthened privacy tools, and prompted fixes in major browsers, websites, and smart devices. His work has been recognized with awards such as the CNIL-Inria Privacy Protection Award and has been featured in leading outlets including The New York Times, BBC, Le Monde, and Der Spiegel.

Before joining Radboud, Acar held research positions at Princeton University and KU Leuven, where he also completed his PhD. In addition to his academic work, he contributes to open-source projects and regularly engages with data protection authorities worldwide. Further details on his research and contributions can be found at gunesacar.net.

The talk will describe how a little-known communication channel between web pages and mobile apps has been quietly exploited to track Android users on a massive scale. Our investigation uncovered a previously unknown tracking technique that made it possible for Meta (Facebook) and Yandex to bypass standard privacy protections and monitor users’ web activity, even in private browsing mode. We will explain how the "Local Mess" tracking method works, why it went undetected for so long, and how our team from three European research institutions (Radboud University, KU Leuven, and IMDEA Networks) uncovered it. The talk will also highlight what makes this method uniquely invasive and discuss its broader implications for digital privacy and security. Finally, we will outline how our findings led to concrete changes by major browser vendors, and offer recommendations for researchers, mobile platforms, regulators, and website owners to help prevent similar abuses going forward. More information and materials related to this research are publicly available at https://localmess.github.io.