Artur Janc

@arturjanc

Making the web platform more secure and private, and managing part of 's Information Security Engineering team in my spare time.

Joined February 2012

Tweets

You blocked @arturjanc

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @arturjanc

  1. Pinned Tweet
    Jan 22

    Earlier today we published the details of a set of vulnerabilities in Safari's Intelligent Tracking Prevention privacy mechanism: . They are... interesting. [1/9]

    Show this thread
    Undo
  2. Retweeted
    Jan 31

    S2 Systems joined Cloudflare: Cloudflare is now hiring web browser experts! If you are an engineer in Seattle, and want to get your hands dirty with Chromium, WebAssembly, Typescript, Docker and Terraform - consider applying!

    Undo
  3. Retweeted
    Jan 30

    Our team at is hiring engineers and researchers in PL, compilers, systems etc. Come work with us on challenging problems and help shape the next generation of AI infrastructure!

    Undo
  4. Retweeted

    2019 has been a record-breaking year on lots of fronts - thanks to you all! Keep up your awesome discoveries.

    Undo
  5. Retweeted
    Jan 30

    What a year! 2019 was the year of my growth and success. 2121 of you clicked the follow button on my avatar🤪unbelievable. No words can describe the feeling of becoming an inspiration to you guys! As for a small update, In march I'm joining infosec😁

    Show this thread
    Undo
  6. Retweeted
    Jan 29

    Read about all the great things the Security team has been up to recently!

    Undo
  7. Retweeted

    Improving privacy too fast could break the web by scaring advertisers away, Chrome leader says. But Mozilla's disagrees. A discussion from privacy & security conference.

    Undo
  8. Retweeted
    Jan 29

    We’ve published an explainer about an idea to harden SMS-delivered one-time passwords by allowing senders to associate the codes with a website. We’ve been talking about the idea with some folks at Google, and would like more feedback.

    Undo
  9. Retweeted
    Jan 28

    Into TLS? Like helping teams and individuals reach their goals? Come manage Apple’s Secure Transports Team:

    Undo
  10. Retweeted
    Jan 29
    Replying to

    We recently deployed Strict, nonce based CSP to Cloudflare dash as well :) We use an intermediary like Cloudflare Workers to do the job. But it changes the threat model a little bit. Since it’s react based, we are not worried about reflected html based injections.

    Undo
  11. Retweeted
    Jan 28

    Chrome privacy sandbox highlights: 1. Remove tracking surfaces - make it harder to track 2. Audit and attestation - can't entirely rely on tech measures 3. Privacy preserving APIs - meet use cases devs need 4. Anti-abuse - still need to catch things that fall through

    Show this thread
    Undo
  12. Retweeted

    Strict, nonce-based CSP now deployed on a good portion of . Yay!

    Undo
  13. Retweeted
    Jan 27

    SameSite=Lax cookie issues imminent for AMP-enabled websites since the AMP cache loads under a faux first party:

    Show this thread
    Undo
  14. Retweeted

    .: Can y'all compare and contrast the different approaches to browser privacy? : You're asking us to rank our neighbor's children! 😂

    Undo
  15. Retweeted

    We don't want to throw out what makes the web so great: - Open Standards - No Single Entity Control (low barrier to entry to do something on the web) - Ephemerality (users can seamlessly migrate between sites)

    Show this thread
    Undo
  16. Retweeted
    Jan 27

    Δ My new team at just managed to convince me that my opinion of CSP has been overly pessimistic & in spite of it's warts, they are real world cases where the mitigation it provided was worth the pain of deployment.

    Undo
  17. Jan 25

    From a defender's point of view this looks much less optimistic. There's still a large number of patterns that developers frequently get wrong (including "easy" things like XSS prevention), and new patterns (SWs, JWT|localStorage) create new bug classes. You can still have fun!

    Show this thread
    Undo
  18. Jan 25

    As much as I'd like to retire, I'd guess that once the dust settles a large number of the applications worth attacking will set `SameSite=none`, so don't write off CSRF / XS-Leaks just yet :)

    Show this thread
    Undo
  19. Retweeted
    Jan 24

    From June 8th to September 4th, I'll be a Security Engineer intern at Google Zurich🇨🇭🥳

    Undo
  20. Retweeted
    Jan 24

    Our research on Safari's Intelligent Tracking Prevention (ITP) is now available on cc

    Undo
  21. Retweeted
    Jan 23

    Fascinating paper detailing various attack vectors introduced by Safari’s Intelligent Tracking Prevention by , , , and . Definitely worth a read.

    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·