Image licensed by Adobe Stock

Main published contributions.

As we are approaching the upcoming holiday season and the end of 2022, we thought we would gather in this post a selection of our published contributions to this “digital notebook” (NicFab Notes).

So, we have grouped our articles by subject areas deemed of greatest interest and specifically:

• Instant Messaging
• The fediverse
• Our “Privacy Community” in the fediverse
• Main tools.
• The Web3

Hoping that this contribution will be of interest, we wish you good reading and

Image by pch.vector on Freepik

Instant Messaging

Image created by Rochak Shukla

We have published several contributions on this topic, and we list the titles of the articles below. Our contributions always contain a reference to data protection and privacy.

Communication via instant messaging apps has now become standard, and in this contribution, we emphasize security and privacy by proposing some solutions that- in our opinion, are the most secure ones.

• What solutions to communicate securely while respecting privacy?

Many people need to become more familiar with the more technical aspects. Still, several instant messaging apps, even well-known ones, are based on the XMPP protocol, and this contribution describes it. Many apps that rely on the XMPP protocol are worth considering.*

• XMPP: the secure communication protocol that respects privacy

A solution built on the XMPP protocol is Snikket, which we describe in this article. We were so convinced by the resource that we decided to install it on our servers even though it is still being implemented and developed.

• To be «IM apps addicted» or not to be, that is the question. Choose to be free: Snikket, the system messaging based on XMPP protocol.

Whatsapp - unfortunately, it has become one of the most widely used instant messaging apps. In this contribution, we explain the reasons for our “no” votes. In part, these are technical reasons - for which we refer to this contribution (in English) “Here are 5 Reasons to Stop Using WhatsApp” - while there are other reasons of a legal-legal nature also related to compliance with data protection regulations (GDPR). Since the publication of this contribution, there have been other events related to Whatsapp, of which we report the most significant ones: a) Binding decision 1/2021 on the dispute arisen on the draft decision of the Irish Supervisory Authority regarding WhatsApp Ireland under Article 65(1)(a) GDPR - Adopted on 28 July 2021; b) EDPB adopts Art. 65 dispute resolution binding decisions regarding Facebook, Instagram and WhatsApp; c) The General Court dismisses as inadmissible the action brought by WhatsApp against a decision of the European Data Protection Board. The validity of the EDPB’s decision may, however, be challenged before the national court, which is able to make a request to the Court of Justice for a preliminary ruling. We do not comment on the latest news, leaving all comments to the reader.

• Persisting with Whatsapp use: how to persevere unknowingly. The whys of our «No»

Among the instant messaging apps, Matrix deserves a prominent place, also because to call this solution an IM app is reductive. Matrix is an open protocol by which it was developed a federated and secure communication system. We believed in the project so much that we decided to install Matrix and create a public instance.

• Matrix: the protocol for secure communication that respects privacy

Session is an app that impressed us because of the technology used, since it is blockchain-based, and thus for being particularly secure and respectful of user privacy.

• Session: a blockchain-based messaging app that protects user privacy

Of the messaging apps we consider safe, easy for users to use, and privacy-friendly, DeltaChat deserves to be mentioned. We have devoted an article to that app in which we describe it, also providing our relative considerations regarding security and privacy.

• DeltaChat: app to communicate securely simply with your email that respects your privacy

The fediverse

The term “fediverse” derives from the union of the words “federation” and “universe.”. It is the set of federated software resources of which each is identified as an instance. The fediverse is a federated computer network between servers and software applications that allows users to exchange information using the same or similar protocols. Although the fediverse has existed for years, the phenomenon has exploded recently, especially since Elon Musk’s interventions regarding Twitter.

Most recently, in conjunction with the news spread across the network regarding Twitter and Musk, there has been an increase in user registrations on the various instances of Mastodon.

With this contribution, we have provided minimal information on the fediverse, mainly by highlighting the main systems classified as belonging to this phenomenon.

• The «fediverse»: here is the federated universe in the Internet network.

We have brought back to our digital notebook a contribution previously published in July 2022 on other platforms, with which we explain in ten points what the fediverse is, why it differs from the metaverse, and what advantages-especially for privacy, are derived from it.

• The Fediverse: what is it and how does it work?

The interest shown on the Internet in the fediverse prompted us to arrange a chat with Punit Bhatia, manager and editor of Fit4Privacy.

• The «fediverse»: a conversation with Punit Bhatia.

Mastodon is the best-known resource in the fediverse. With that contribution, we explained how it works; our public instance is reserved for those in the SEE.

• The «fediverse». Mastodon: open-source social network

Our “Privacy Community” in the fediverse.

Image licensed by Adobe Stock

With the post entitled “Our Lemmy Community in the «fediverse»: Privacy Community,” we described our resource.

The “Privacy Community” in the fediverse contains news collected from the Internet concerning data protection, privacy, and cybersecurity.

We report below only the last five published posts:

Main tools

In this section, we wanted to propose two resources that we think are very interesting, namely Mermaid and RegEx.

We describe each of these resources in specific contributions.

Image by rawpixel.com on Freepik

On several occasions, we have pointed out what the potential of Markdown is, so much so that we have devoted an ad hoc page to it. Mermaid is a powerful tool for making diagrams and charts using Markdown markup.

• Mermaid: a powerful tool for making diagrams and graphs with Markdown

We wanted to reserve an ad hoc contribution to the “Regular Expressions” (RegEx) topic since they are well known in the IT context but probably less known if they were also applied in the legal field. RegEx would simplify many tasks for jurists with a significant reduction in the margin of error if RegEx were applied.

• RegEx: a well known, powerful tool in computer science and also valid in the legal field

Many people own email accounts, but not everyone knows of certain international standards that establish rules of conduct. Moreover, those standards ensure that the email service is interoperable and thus usable by anyone anywhere on the globe. In this contribution - reserved for electronic mail we provide some useful suggestions.

• Small tips for the proper use of the e-mail

The Web3

We conclude our selection of contributions with an article on Web3, which, about a year ago, was considered one of the challenges to be addressed. Many people believe Web3 is synonymous with decentralization as opposed to Web2, characterized by centralization. This classification of Web3 is reductive because several characteristics concur in defining it, among which we mention ubiquity in addition to decentralization. Therefore, Web3 encompasses technologies, solutions, and approaches that are innovative and different from those we are used to witnessing and using. Web3 is the natural evolution of Web2 that we are currently familiar with.

Image licensed by Adobe Stock

With this contribution, we have highlighted some technological solutions already used and usable for users, IPFS, and so-called DApps. More specifically, some features of Web3 allowed us to boldly express the idea that - in personal data protection and privacy - the conditions for data transfer, especially EU-US, may come to an end. The topic is the subject of our in-depth studies, and we will return to it with specific contributions.

• Web3 is a reality and not the future: some privacy aspects

Concluding remarks and privacy: some topics to follow up and deepen.

This brief review of our contributions is intended to highlight the issues of most significant interest that have been discussed during the year.

Many issues should be followed carefully and explored in depth, but we point out only a few.

In general, for providers, one aspect that emerges - in our opinion - crucial is the trust (trust) of users. The success of apps or services, very often, also depends, on the one hand, on how much the user trusts those who developed them and, on the other hand, on the duration of the level of user protection that induces users to feel protected so as not to suffer “violations.”

Trust is an essential aspect of the company/developer => user relationship, and several elements contribute to consolidating it. Any incident that may constitute a disadvantage, even a minor one, may cause the user to consider their level of trust for the company/developers/app/product/service reduced or zeroed out. One of the winning elements for trust is the transparency of companies/developers that users highly value.

One aspect of transparency that helps raise the level of user trust is the choice of open source solutions by companies/developers. Open source allows users to know the source code of the app or service and be able to evaluate them. However, it is well-known that most users need to possess computer skills to make technical evaluations of an algorithm’s processes. In the latter case, transparency generally makes users’ trust in the company/developers prevail.

Other aspects contributing to users’ trust in companies/developers are personal data protection and privacy. Users very much appreciate knowing how their personal data are processed and for what purposes, in compliance with current regulations.

However, sometimes, paradoxically, it may happen that-despite incidents of lack of transparency and violations, even egregious ones-the, the user prefers to continue using apps or services of the company/developers.

Data protection and privacy constitute fundamental rights in Europe. The GDPR is now familiar to everyone because it regulates, at the European level, the protection of individuals with regard to the processing of personal data. Personal data protection and privacy do not, however, constitute only abstract principles and precepts contained in the rules. Indeed, those rules must be translated into practice so that the concrete applicability of the regulations having them is possible. Therefore, a correct assessment in terms of personal data protection and privacy is only possible if one is familiar with the technical and/or technological aspects, that is, if one is aware of how - concretely - specific processes are realized or acted upon on the technological level.
An example is the principle “Data protection by design and protection by default” expressed in Article 25 of the GDPR. It is only possible to assess compliance with this principle if one can evaluate - in concrete terms - the execution of algorithmic processes or the operation of technological solutions. Without it, no assessment will be possible. The multidisciplinary approach is crucial when one needs both technical and legal expertise.

From our point of view, DAPPREMO, the relational data protection and privacy model, is structured precisely to have a comprehensive approach that allows one to be able to consider every element belonging to the reality that is to be evaluated.

The correct approach to data protection and privacy involves a cautious assessment of technological evolution and, thus, the adoption of a current and not instead outdated method.

On Web3, we have made an initial contribution, but it is clear that the topic is broad and needs to be explored further.

From the outset, it is essential to highlight the relationship between Web3 technologies and personal data protection/privacy. Undoubtedly, some elements of Web3, described in the article mentioned above, lead to the conclusion that personal data can no longer be traced back to the data subject because of their non-identifiability. This conclusion implies the non-applicability of the GDPR, obviously also concerning EU-US data transfer, which is currently one of the most relevant aspects.

Web3 is undoubtedly still a challenge, especially with regard to the protection of personal data.

Another challenge is what is identified (for reasons we will clarify below) as Artificial Intelligence (AI), particularly in light of the “Proposal for a Regulation of the European Parliament and of the Council laying down harmonized rules on artificial intelligence (Artificial Intelligence Act) and amending certain legislative acts of the union.”

The initial version of the proposal mentioned above was amended in a recent version with changes made by the Council of Europe last December 6. Following these amendments, the “trilogue” will be initiated pending the adoption of the EU Parliament’s position.

That being the case, the latest text of the proposed regulation on AI with the changes made by the Council of Europe seems interesting to us as we will clarify below. Beyond the changes made to date, what is most relevant is the new wording of Article 3. In fact, in the original version of that article, the definition of “artificial intelligence system” was provided as software. However, the new wording of Article 3 removes the reference to software, defining the “artificial intelligence system” as a system designed to operate with elements of autonomy, using “machine learning and/or logic- and knowledge-based approaches.” Moreover, the Council emphasized this in the press release mentioned above.

This new definition of an artificial intelligence system aligns with our position already expressed in previous contributions. We stated how incongruent and reductive it is to qualify such systems as mere “software.” Indeed, the new definitional formulation is more fitting in terms of technological and legal resources.

We will not dwell on the data protection and privacy aspects because they are easily guessed and on which, in any case, we reserve the right to publish a subsequent contribution.

It is worth mentioning that the European Commission on 5/12/2022 sent a standardization request to the European Committee for Standardization (CEN) and the European Committee for Electrotechnical Standardization (CENELEC) in support of safe and reliable artificial intelligence. This request follows an earlier one dated 20/5/2022 as revealed on the CENELEC website.

As anticipated above, AI is considered a challenge by many, as it certainly is if it were possible to fully identify the technical and legal nature and thus be able to adequately and correctly qualify artificial intelligence. Awaiting the European framework on AI, currently, the best doctrine (among many, Russel and Norvig) has identified different aspects of artificial intelligence, declaring the impossibility of defining except by using this expression to identify a phenomenon. Indeed, correctly the proposed regulation on AI does not define AI but the artificial intelligence system. Therefore, it is fairer to emphasize not so much the topic of artificial intelligence that excites the most but other equally important aspects. By now, there is a custom to consider AI as a genus to include all phenomena related to the most advanced algorithmic solutions.

We believe that emphasis should be placed on “phenomena” such as Machine Learning and Deep Learning, so much so that the Council mentions them directly in the new definition of an artificial intelligence system. Indeed, Machine Learning (considered a subset of AI) and Deep Learning (considered part of ML) can implement artificial intelligence systems; this is also the trend in science and technology.

The challenge, therefore, should be identified with solutions arising from the use of Machine Learning and Deep Learning, assessing their compliance with current data protection and privacy regulations. That, from our perspective, is the fairer approach.

To conclude on AI, we want to mention the new AI resource from OpenAI called “ChatGPT”, which is available for free to get feedback from users. It is a machine learning-based solution trained to answer users’ questions with natural language. We tried to propose two questions to ChatGPT, namely:

1. Explain privacy
2. What will be the future of privacy?

We report ChatGPT’s answers to our two questions:

1. Privacy is the state of being free from unwanted or undue intrusion or disturbance. In the context of personal information, individuals have control over who can access and use their personal information. That can include their name, address, phone number, medical information, and other sensitive data. Privacy is important because it allows individuals to maintain control over their personal lives and keep their information safe from others who may wish to use it without their permission.
2. It is difficult to predict the future of privacy with certainty, as it will depend on various factors. However, it is likely that privacy will continue to be an important issue and that individuals and organizations will need to take steps to protect personal information. With the increasing amount of personal information being shared online, there will likely be a continued focus on developing new technologies and policies to protect privacy. That could include stronger encryption, better data security practices, and more robust privacy laws.

The future we do not know, but we can certainly guess where we are going and in what direction.

Follow us on Mastodon

Stay tuned!