At Ghostery, we did a joint study with Verified Data: Do websites stop tracking if you reject consent?

We chose pharma websites as an example. All US sites and almost all European sites still sent tracking requests to third parties.

We assume it is often unintentional (e.g. misconfigurations). But when we disclosed our findings, none of the websites reacted.

Blog: https://www.ghostery.com/blog/ghostery-verified-data-consent-study

Study: https://verified-data.com/insights/pharmacy-consent-study/

The approach is described in the PDF: https://verified-data.com/whitepapers/Pharmacy-Consent-Study-Report.pdf

#privacy #ghostery #verifieddata #gdpr

Positive Entwicklungen beim Thema Digitale Souvernität in Deutschland:

* Bayern setzt jetzt (für mich positiv überraschend) auf Open Source anstatt Microsoft: https://www.heise.de/news/Bayrisches-Digitalministerium-will-Arbeitsplaetze-ohne-Microsoft-11308878.html
* Kürzlich fiel auch beim Verfassungschutz die Entscheidung zugunsten von ChapsVision (Frankreich) anstatt Palantir: https://www.tagesschau.de/investigativ/ndr-wdr/verfassungsschutz-palantir-100.html

Aber dass Bayern scheinbar nun den Weg von Schleswig-Holstein und (jetzt auch wieder!) München folgt, ist für mich ein gutes Signal und eine richtige Entscheidung. (Zu München: https://www.heise.de/news/Muenchens-IT-Wende-Open-Source-ist-fuer-die-neue-Koalition-der-Normalfall-11292444.html)

Mein Eindruck ist, dass das ganze Thema auf verschiedenen Ebenen (Bund und Länder, aber auch in einigen anderen EU Ländern) inzwischen doch an Fahrt gewonnen hat. Außerdem entstehen Projekte, wie die Kooperation mit Kanada im KI Bereich.

Auch die Impulse, die Karsten Wildberger setzt, sehe ich als Hoffnungsschimmer. Aber ich stimme ihm auch zu, dass das Thema sehr groß ist und man realistische Erfahrungen über die Zeitpläne haben sollte. Es wird nicht über Nacht gehen, komplett von Microsoft und Co wegzukommen und in manchen Teilen wird es vielleicht auch gar nicht komplett gehen. Aber ich nehme es als Fortschritt wahr, dass mehr und mehr staatlichen Instanzen nicht mehr den Fehler machen, jetzt noch unnötig zusätzliche neue Abhängigkeiten aufzubauen. Auch die Entscheidung Open Source bei Ausschreibungen zu bevorzugen, ist sinnvoll.

#opensource

Insights into how maintainers of popular libraries are being targeted:
https://socket.dev/blog/attackers-hunting-high-impact-nodejs-maintainers

#security

Mistral released new models:
https://mistral.ai/news/mistral-small-4

Small evolved into a 119B MoE model with 6B active parameters. (Small 3 used to be a dense 24 GB model instead.)

Another new model is Leanstral, which serves as a proof assistant:
https://mistral.ai/news/leanstral

---

I have been switching from Devstral Small 2 to Qwen Coder Next; but since Mistral Small 4 can be seen as a successor to Devstral Small, will be interesting to compare.

A setup that I have been using recently is to have Mistral Vibe running in a Docker container without network, mounting only a writable copy of the current working directory. 127.0.0.1:8080 is exposed, so it can still connect to a local API (llama.cpp in my case).

Since this setup reduces the blast radius, I can allow Vibe to use tools without confirmation.

Not sure if it is useful for someone else - it is tailored to my own use case and will likely not work outside of Linux - but I put the code here:

https://codeberg.org/philipp-classen/vibe-in-docker

#mistral

Nice, in-depth article on anonymous-credentials and its challenges:

https://blog.cryptographyengineering.com/2026/03/02/anonymous-credentials-an-illustrated-primer/

Anonymous credentials and the related term zero-knowledge proof are core building blocks for privacy-preserving online age verification.

As I understand, the age verification Australia currently requires to upload a legal document (e.g. a driver's license or government ID), or requires proof by doing a "video self". Both techniques would not be privacy-preserving, because in both cases you are sharing personal information with a company (e.g. Meta).

Cryptography like anonymous credentials solves that problem. At least in theory. You can prove your age, and the other side does not learn anything else about you. Still, to roll it out in real-world scenarios there are many challenges (e.g. dealing with attacks like credential theft).

Side-note: the EU proposal is also built on the same type of cryptography: https://ageverification.dev/av-doc-technical-specification/docs/architecture-and-technical-specifications/

#crypto #AnonymousCredentials #ageverification

Data sovereignty and the ability to exercise rules for the big online platforms are important for many reasons:
* Large social media platforms allow countries like Russia to spread disinformation to destabilize Western democracies and raise concerns about mental health issues.
* Data privacy challenges arise when sensitive data is shared with US or Chinese companies.
* Much critical IT infrastructure depends on US companies. (As shown by Microsoft blocking the email of the International Court of Justice, this is no longer a theoretical concern.)
* Same with financial services - booking a hotel in Europe without using US financial providers? Currently not possible. (I have only seen credit card or PayPal so far.)

Legislation like the DSA was an important step in 2022; but in the last year it feels like the will to move to alternatives like European providers or Open Source solutions increased in the society. That is promising, though there is a long way to go.

But not surprisingly, it is getting more confrontational now. I hope that ongoing pressure like that will not be successful:

https://www.reuters.com/sustainability/boards-policy-regulation/us-orders-diplomats-fight-data-sovereignty-initiatives-2026-02-25/

Good overview of the large language models published since 2017:
https://llm-timeline.com/

#llm #ai

Mistral released new coding models:

* Devstral 2 (123 B)
* Devstral Small 2 (24 B)

https://mistral.ai/news/devstral-2-vibe-cli

Plus, Mistral Vibe CLI, a CLI based coding agent:
https://github.com/mistralai/mistral-vibe

I didn't even have a chance yet to try out Mistral 3 Large. According to their benchmark, Devstral 2 is competing with the best open weight models (DeepSeek V3.2). Not quite at the level of the best closed-sources ones, but more cost-efficient:

> Devstral 2 is currently offered free via our API. After the free period, the API pricing will be $0.40/$2.00 per million tokens (input/output) for Devstral 2 and $0.10/$0.30 for Devstral Small 2.

Devstral Small 2 can be run locally on a 24 GB GPU.

#mistral #ai #devstral