Mattis van 't Schip

PhD Candidate @ Radboud University (iHub): Legal Cybersecurity & Privacy Obligations for the Internet of Things

#CyberResilienceAct #NIS2Directive #GDPR

See website (below) for cv & publications.

Mattis van 't Schip boosted:
2025-06-27

Wat een verhaal dit in @volkskrant 'Nederland, het is hier in de VS erger dan jullie denken, ga ons alsjeblieft niet slaapwandelend achterna' volkskrant.nl/columns-opinie/n

Mattis van 't Schip boosted:
2025-06-27

ENISA published guidance on the #NIS2 implementing act for the digital sector. They cover how to apply the NIS2 requirements when it comes to #FOSS, including clarifying that in most cases upstream open source maintainers should not be considered a ‘direct supplier’. There are 37 occurrences of #opensource in the text. Some quotes to follow enisa.europa.eu/publications/n

Mattis van 't Schip boosted:
NGI Zero open source fundingNGIZero@mastodon.xyz
2025-06-23

Are you a Free Software developer trying to access hardware or software features under Article 6 of the Digital Markets Act #DMA ? @fsfe would like to hear from you. Share your experience about how gatekeepers are handling your interoperability request with the Free Software Foundation Europe.

The FSFE’s Interoperability Survey aims to collect structured feedback from #FOSS developers about their experience requesting interoperability

Read more & link to the survey: fsfe.org/activities/deviceneut

Mattis van 't Schipmattis@eupolicy.social
2025-06-12

The public consultation for the new EU surveillance law is going exactly as expected: people are NOT having it. This proposal is part of the ProtectEU agenda, which you know, also brings us Chat Control reincarnated.

4300+ comments and counting. None of them supportive, it seems.

"Impact assessment on retention of data by service providers for criminal proceedings"

ec.europa.eu/info/law/better-r

Mattis van 't Schip boosted:
Eugen RochkoGargron
2025-06-11

Apparently, if you have facebook or Instagram installed on your phone, was able to track your browsing habits and link them to your real identity even if you never logged in on the web, used incognito mode or a VPN. I hope Meta gets hit with every fine in the book.

zeropartydata.es/p/localhost-t

Mattis van 't Schip boosted:
2025-06-04

YES

Stop trying to fix the user. It’s not the user’s fault if they click on a link and it infects their system. It’s not their fault if they plug in a strange USB drive or ignore a warning message that they can’t understand. It’s not even their fault if they get fooled by a look-alike bank website and lose their money. The problem is that we’ve designed these systems to be so insecure that regular, nontechnical people can’t use them with confidence. We’re using security awareness campaigns to cover up bad system design. Or, as security researcher Angela Sasse first said in 1999: “Users are not the enemy.”

schneier.com/blog/archives/202

Mattis van 't Schip boosted:
Joost Schellevisschellevis
2025-06-03

Het sneuvelt wellicht een beetje onder op deze nieuwsdag, maar dit blijft bizar: Facebook en Instagram openden op Android een lokale webserver om je surfgedrag zo nog beter in de kaart te kunnen brengen. De Facebook tracking pixel communiceerde daarmee 🤯 ook vanuit incognito mode nos.nl/artikel/2569805-onderzo

Mattis van 't Schip boosted:
2025-06-03

Great research started by Güneş Acar in our research group: Meta abused a loophole in Android to surreptitiously track users, violating Google's terms of service. See news article in Dutch nos.nl/artikel/2569805-onderzo or English arstechnica.com/security/2025/, or all the technical details in localmess.github.io/

diagram showing secret data flows of identifying information
Mattis van 't Schip boosted:
Jordan Maris 🇪🇺 🇺🇦 #NAFOjmaris@eupolicy.social
2025-06-03

An extremely welcome initiative from the 🇪🇺 #eu:

🔋Phone Batteries must retain 80% capacity after 800 cycles.

📱Phone makers must provide 5 years of updates,

🪛 are banned from discriminating against repair shops,

🔧 and must provide parts for 7 years after EOL

#EUpol #sustainability #tech #smartphones #CircularEconomy

androidpolice.com/eu-new-rules

Mattis van 't Schip boosted:
2025-06-01

No, Your Honor, all of the torrented Blu-ray rips on my Plex server were being used to train AI.

Mattis van 't Schip boosted:
2025-05-31

“The EU age verification app will launch in July. [..] The app will allow users to verify their age without giving personal information to platforms, and was briefly mentioned on Tuesday when the EU Commission announced its probe into major porn sites.” theverge.com/news/676929/the-e

Mattis van 't Schip boosted:
2025-05-31

Now at #tdose in Katoen kamer, a workshop by Michael August Bournique
on The Cyber Resilience Act for Open Source Projects.
@AugustB
#CRA

Michael August Bournique presenting a slide titled the cyber resilience act.
Mattis van 't Schipmattis@eupolicy.social
2025-05-31

If you are in/around Edinburgh: I am presenting my PhD project at a RAD Lab Talk at the University of Edinburgh on 11 June! Should be applicable for all those working with/interested in IoT devices, law & technology, cybersecurity, etc. etc.

Title: Supply Chain Cybersecurity and the Law — Tackling the Modern Trojan Horse

for more info, see: blogs.ed.ac.uk/radlab/2025/05/
please let me know if you are interested in joining us!

Mattis van 't Schipmattis@eupolicy.social
2025-05-31

@HcInfosec Hopefully, some of the legal requirements that I identify in the paper will help make this is a reality!

Mattis van 't Schip boosted:
Mattis van 't Schipmattis@eupolicy.social
2025-05-31

🥳 New publication! What should a consumer of an Internet of Things device do when its manufacturer disappears?

Remember when VanMoof went bankrupt and consumers lost access to the function for unlocking their bike? Worryingly, current EU legislation does not offer any help in these situations. However, this gave me the opportunity to be creative and look at wonderful options such as interoperability and open-source software! Fun!

The paper is available open access here: sciencedirect.com/science/arti

Mattis van 't Schipmattis@eupolicy.social
2025-05-30

🥳 New publication! What should a consumer of an Internet of Things device do when its manufacturer disappears?

Remember when VanMoof went bankrupt and consumers lost access to the function for unlocking their bike? Worryingly, current EU legislation does not offer any help in these situations. However, this gave me the opportunity to be creative and look at wonderful options such as interoperability and open-source software! Fun!

The paper is available open access here: sciencedirect.com/science/arti

Mattis van 't Schip boosted:
2025-05-27

On May 27th at 18h CEST, I’ll participate on a (streamed) panel on the #CyberResilienceAct for maintainers of Free and Open Source Software, with @ag_dubs, @bagder and moderators @tobie and @senficon.
Info at maintainermonth.github.com/sch

Mattis van 't Schipmattis@eupolicy.social
2025-05-26

Incredible. The UK Legal Aid Agency suffers a cyberattack which led to a data breach of a highly sensitive nature: "This data may have included contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments."

Ah, at least they'll take action, right?

Nope, just ask people to be more vigilant and change their passwords. Cheers guys!

gov.uk/government/news/legal-a

Mattis van 't Schip boosted:
2025-05-25

New paper, open access:

‘The EU Digital Services Act: what does it mean for online advertising and adtech?’

By Pieter Wolters and me.

We explore the question: what does the Digital Services Act (DSA) mean for online advertising?

For us, the most surprising finding is the following. We conclude that some types of ad tech companies, such as ad networks, should be considered platforms.

doi.org/10.1093/ijlit/eaaf004

#eu #law #dsa #gdpr #eprivacy #advertising #adtech #tech #platform #cookie

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst