Blog
Notes on development, security and privacy
Concrete notes on how we build solid, secure software. No fluff.
Privacy and security by design, in practice: the choices (and the trade-offs) behind a real website
The principles of privacy and security by design only become useful once they turn into code. Here is how each one was applied, choice by choice, in a real website, trade-offs and legal grounds included: minimal data, cookieless analytics, a nonce-based CSP with an alarm, logs without personal data, defence at the edge.
Privacy by design: what it is and how to apply it
Privacy by design is not a document to attach to a project: it is the way software is built from the very first line. What GDPR Article 25 actually requires, and how it turns into concrete technical choices.
A website with no cookie banner: it can be done, and it is better
The cookie banner has become a reflex, but it is almost always the symptom of technical choices, not a legal obligation. Here is how to build a site that does not need one, and why that is an advantage.