About Me

Hi! I am a computer science PhD candidate at ETH Zurich. My supervisor is David Basin, who leads the Information Security Group. Here is my resume.pdf.

Research Interest

Web privacy: Internet develops fast, but the user needs are overlooked, namely privacy. Regulations like GDPR are trying to fix that, but their enforcement is lacking behind. I try to address this lack of enforcement by developing automated techniques for privacy compliance analysis, or by directly blocking the privacy leakage events.

Symmetric cryptanalysis: In the past, my focus was in applied cryptography. I studied how statistical testing can automate analysis of cryptoprimitives.

Publications

• Automated Analysis and Enforcement of Consent Compliance
  • Karel Kubicek
  • PhD thesis, ETH Zurich.
  • PDF, website
• Automating Website Registration for Studying GDPR Compliance
  • Karel Kubicek, Jakob Merane, Ahmed Bouhoula, David Basin
  • The Web Conference (WWW 2024).
  • PDF, paper website
• Automated Large-Scale Analysis of Cookie Notice Compliance
  • Ahmed Bouhoula, Karel Kubicek, Amit Zac, Carlos Cotrini, David Basin
  • USENIX Security 2024.
  • PDF, paper website
• Block Cookies, Not Websites: Analysing Mental Models and Usability of the Privacy-Preserving Browser Extension CookieBlock
  • Lorin Schöni, Karel Kubicek, Verena Zimmermann
  • PETS 2024.
  • PDF, paper website
• Locality-Sensitive Hashing Does Not Guarantee Privacy! Attacks on Google’s FLoC and the MinHash Hierarchy System
  • Florian Turati, Karel Kubicek, Carlos Cotrini, David Basin
  • PETS 2023.
  • PDF, paper website
• Checking Websites’ GDPR Consent Compliance for Marketing Emails
  • Karel Kubicek, Jakob Merane, Carlos Cotrini, Alexander Stremitzer, Stefan Bechtold, David Basin
  • PETS 2022.
  • PDF, paper website
• Automating Cookie Consent and GDPR Violation Detection
  • Dino Bollinger, Karel Kubicek, Carlos Cotrini, David Basin
  • USENIX Security 2022, best artifact award
  • PDF, paper website, also as SOUPS poster
• Large-scale Randomness Study of Security Margins for 100+ Cryptographic Functions
  • Dusan Klinec, Marek Sys, Karel Kubicek, Petr Svenda, Vashek Matyas
  • SECRYPT 2022-19th International Conference on Security and Cryptography
• BoolTest: The Fast Randomness Testing Strategy Based on Boolean Functions with Application to DES, 3-DES, MD5, MD6 and SHA-256
  • Marek Sys, Dusan Klinec, Karel Kubicek, Petr Svenda
  • E-Business and Telecommunications, Springer International Publishing, 2019, 123–149.
  • PDF, paper website
• New results on reduced-round Tiny Encryption Algorithm using genetic programming
  • Karel Kubicek, Jiri Novotny, Petr Svenda, Martin Ukrop
  • IEEE Infocommunications, 2016.
  • PDF, paper website

Supervised Students

• Privacy Observatory: Aggregation System for Reproduction of Privacy Studies
  • Patrice Kast, 2023, PDF
• Quantifying Mechanisms behind Cookie Consent (Non-)Compliance: A Notification Study of Audit Tools
  • Laura-Vanessa Soldner, 2023, PDF
• Intended Compliance: An Automated Analysis of GDPR-related GitHub Issues
  • Elias Datler, 2023, PDF
• Privacy Observatory: Collecting Privacy Policies and Terms of Service on a Regular Basis
  • Truong Hoang Long, 2022, PDF
• Automated Detection of GDPR Violations in Cookie Notices Using Machine Learning
  • Ahmed Bouhoula, 2022, PDF
• Analysing and exploiting Google’s FLoC advertising proposal
  • Florian Turati, 2022, PDF
• Understanding GDPR compliance of tracking pixel declarations using privacy filter lists
  • Rita Ganz, 2022, PDF
• Designing a generic web forms crawler to enable legal compliance analysis of authentication sections
  • Luka Lodrant, 2022, PDF
• Analyzing Cookies Compliance with the GDPR
  • Dino Bollinger, 2021, PDF
• Enforcement Bots: Nothing can block us! Automating website registration for GDPR compliance analysis
  • Patrice Kast, 2021, PDF

Teaching

• Information Security
• Algorithms and Data Structures

Other Interests

I write a blog about my outdoor activities, feel free to check it.

Acknowledgment

• CRoCS MUNI for showing me what I can achieve.
• InfSec group of ETH Zurich for current supervision and opportunity to work on what I find interesting.
• Jekyll template by Ankit Sultana, but substantially modified by me.
• Am I missing you here? Let me know!

---