About Me

I am a computer science postdoc at INRIA Sophia Antipolis hosted by Nataliia Bielova and the PRIVATICS team, funded by SNSF Postdoc.Mobility grant Nr. P500PT_225449. I got my PhD from ETH Zurich, advised by David Basin (CS) and Stefan Bechtold (law). Here is my (academic) resume.pdf.

Research

My research focuses at web privacy using the framework of (mostly) EU privacy regulations (GDPR, ePrivacy Directive). My works typically use machine learning to protect users, measure the widespread of privacy issues, attacking novel privacy schemes, and evaluating user perception of privacy tools.

• User protection: Our browser extension CookieBlock automatically classifies and removes advertising and tracking cookies. It also awarded Distinguished Artifact Award as USENIX Security and 1st place in CSAW’22 Europe Applied Research Competition.
• Measurements and enforcement: I coauthored multiple works analyzing consent compliance using ML and NLP focused on cookies notices and marketing emails. These works are extended to multiple legal journal publications and we collaborate with data protection authorities to deploy them for automated privacy compliance enforcement.
• Others: I also collaborated on discovering vulnerabilities in novel privacy technologies, evaluating usability of privacy enhancing browser extensions, and developing scraping methods for legal scholars. Prior my PhD, I published studies of statistical testing application in symmetric cryptoprimitives analysis.

Publications

• Automated Analysis and Enforcement of Consent Compliance
  • Karel Kubicek
  • PhD thesis, ETH Zurich.
  • PDF, website
• Automating Website Registration for Studying GDPR Compliance
  • Karel Kubicek, Jakob Merane, Ahmed Bouhoula, David Basin
  • The Web Conference (WWW 2024).
  • PDF, paper website
• Automated Large-Scale Analysis of Cookie Notice Compliance
  • Ahmed Bouhoula, Karel Kubicek, Amit Zac, Carlos Cotrini, David Basin
  • USENIX Security 2024.
  • PDF, paper website
• Block Cookies, Not Websites: Analysing Mental Models and Usability of the Privacy-Preserving Browser Extension CookieBlock
  • Lorin Schöni, Karel Kubicek, Verena Zimmermann
  • PETS 2024.
  • PDF, paper website
• Locality-Sensitive Hashing Does Not Guarantee Privacy! Attacks on Google’s FLoC and the MinHash Hierarchy System
  • Florian Turati, Karel Kubicek, Carlos Cotrini, David Basin
  • PETS 2023.
  • PDF, paper website
• Checking Websites’ GDPR Consent Compliance for Marketing Emails
  • Karel Kubicek, Jakob Merane, Carlos Cotrini, Alexander Stremitzer, Stefan Bechtold, David Basin
  • PETS 2022.
  • PDF, paper website
• Automating Cookie Consent and GDPR Violation Detection
  • Dino Bollinger, Karel Kubicek, Carlos Cotrini, David Basin
  • USENIX Security 2022, best artifact award
  • PDF, paper website, also as SOUPS poster
• Large-scale Randomness Study of Security Margins for 100+ Cryptographic Functions
  • Dusan Klinec, Marek Sys, Karel Kubicek, Petr Svenda, Vashek Matyas
  • SECRYPT 2022-19th International Conference on Security and Cryptography
• BoolTest: The Fast Randomness Testing Strategy Based on Boolean Functions with Application to DES, 3-DES, MD5, MD6 and SHA-256
  • Marek Sys, Dusan Klinec, Karel Kubicek, Petr Svenda
  • E-Business and Telecommunications, Springer International Publishing, 2019, 123–149.
  • PDF, paper website
• New results on reduced-round Tiny Encryption Algorithm using genetic programming
  • Karel Kubicek, Jiri Novotny, Petr Svenda, Martin Ukrop
  • IEEE Infocommunications, 2016.
  • PDF, paper website

Supervised Students

• Generalizing Browser Extension CookieAudit for Auditing Consent Popups’ GDPR Compliance
  • Szymon Nastaly, 2024, PDF
• Privacy Observatory: Aggregation System for Reproduction of Privacy Studies
  • Patrice Kast, 2023, PDF
    • Follow up semester thesis by Elisa Baux, 2024, PDF
• Quantifying Mechanisms behind Cookie Consent (Non-)Compliance: A Notification Study of Audit Tools
  • Laura-Vanessa Soldner, 2023, PDF
• Intended Compliance: An Automated Analysis of GDPR-related GitHub Issues
  • Elias Datler, 2023, PDF
• Privacy Observatory: Collecting Privacy Policies and Terms of Service on a Regular Basis
  • Truong Hoang Long, 2022, PDF
• Automated Detection of GDPR Violations in Cookie Notices Using Machine Learning
  • Ahmed Bouhoula, 2022, PDF
• Analysing and exploiting Google’s FLoC advertising proposal
  • Florian Turati, 2022, PDF
• Understanding GDPR compliance of tracking pixel declarations using privacy filter lists
  • Rita Ganz, 2022, PDF
• Designing a generic web forms crawler to enable legal compliance analysis of authentication sections
  • Luka Lodrant, 2022, PDF
• Analyzing Cookies Compliance with the GDPR
  • Dino Bollinger, 2021, PDF
• Enforcement Bots: Nothing can block us! Automating website registration for GDPR compliance analysis
  • Patrice Kast, 2021, PDF

Teaching

• I am open to give invited lectures on various topics, for instance: web tracking, privacy regulations (for a CS audience), or ML and NLP (for a non-CS audience).
• Information Security
• Algorithms and Data Structures
• Automata Theory

Service

• Reviewer:
  • IEEE Transactions on Privacy 2024 (journal)
  • ACM CCS 2019 (review assigned by my colleague)
• Local responsibilities
  • Academic Staff Organisation (VMI) at ETH Zurich: treasurer, event organizer (retreats, career panels, social events), member of two hiring committees and helper to department evaluation team
  • STEM Engagement Coordinator at Masaryk University: Organizing informatics seminar, competitions, and puzzle hunts for both secondary-school and university students

Other Interests

I write a blog about my outdoor activities, feel free to check it.

Acknowledgment

• SNSF for financing my postdoc at INRIA.
• InfSec group of ETH Zurich for opportunity to work on what I find interesting and grow.
• CRoCS MUNI for showing me the world of opportunities.
• Jekyll template by Ankit Sultana.
• Am I missing you here? Let me know!

---