Interests & Skills

Programming

Python, JavaScript, TypeScript, Node.js, C#, SQL, Applied AI (LLMs, Agentic Systems, Prompt Engineering), LangGraph, Chainlit, MCP, ASP.NET MVC, ASP.NET Web API, Flask, RESTful APIs, React Native, Entity Framework, PL/SQL, AWS Services, Azure Services, Docker, Kubernetes, CI/CD Pipelines, DevOps, ML (TensorFlow, PyTorch, Scikit-learn)

Interests

Web Privacy, Online Tracking, Web measurement, Browser fingerprinting

Professional Experience

Founder & Principal Consultant

CODEVIA • Belgium • 2024 - Present
  • Privacy Engineering: Led by a Ph.D., helping companies integrate privacy into every layer of their systems
  • GDPR Compliance & DSR Automation: Implemented comprehensive privacy frameworks and automated data subject request processing
  • Data Analytics & Engineering: Built robust data pipelines and scalable warehouses (Snowflake, Redshift) with actionable BI dashboards
  • Software Engineering & Cloud Architecture: Delivered end-to-end solutions for enterprises using modern tech stack and cloud-native approaches
  • Served clients ranging from startups to global enterprises with academic rigor and real-world expertise
Privacy Engineering GDPR Compliance Data Analytics Cloud Architecture Python TypeScript AWS Kubernetes

Freelance Software Engineer & Technical Consultant

ENGIE • Brussels, Belgium • Dec 2024 - Present
  • Designed and implemented production-grade software and Applied AI solutions in Python and C# .NET, with a focus on performance, robustness, and scalability.
  • Built LLM-powered assistant capabilities and integrated enterprise tools/data sources to improve operational efficiency and decision support.
  • Deployed and maintained services in Kubernetes-based environments using DevOps practices for reliable, repeatable delivery.
  • Collaborated with functional analysts and end-users to translate business needs into user stories, technical designs, and implementation plans.
  • Improved real-time processing and platform reliability for business-critical trading workflows.
Python Applied AI LLMs LangGraph C# .NET Kubernetes Azure DevOps

Senior Software Engineer

Here Technologies • Brussels, Belgium • Jul 2024 - Dec 2024
  • Automated Privacy Management: Developed RESTful APIs to streamline privacy compliance, enhancing efficiency for privacy specialists and product teams
  • Privacy by Design: Integrated privacy principles into the product development lifecycle, automating compliance tasks and aligning with Product Trust initiatives
Python TypeScript JavaScript Flask AWS RESTful APIs MySQL Docker CI/CD

PhD Student Researcher

Google LLC • Zurich, Switzerland • Jan 2023 - May 2023
  • Privacy Budget Project: Contributed to Google's Privacy Budget initiative
  • Investigated use cases of browser fingerprinting, focusing on legitimate uses such as fraud prevention
  • Trained a machine learning model to identify login and signup pages, enabling analysis of browser fingerprinting attempts on authentication pages
  • Developed a browser add-on with embedded ML model for identifying authentication pages
  • Published academic article included in The Web Conference 2024 (WWW'24) proceedings
TypeScript Python Go JavaScript TensorFlow Data Privacy Machine Learning

PhD Researcher

KU Leuven (COSIC) • Leuven, Belgium • Apr 2020 - June 2024
  • Research Focus: Investigating web privacy and browser fingerprinting techniques
  • Conducted comprehensive measurement studies analyzing privacy implications of browser features
  • Developed automated web crawling infrastructure for large-scale analysis (100K+ websites)
  • Collaborated with industry partners including Google on privacy-preserving technologies
  • Publications: Published multiple peer-reviewed papers in top-tier security conferences (USENIX Security, WWW)
  • Awarded prestigious CNIL-Inria Privacy Protection Award (2023) for groundbreaking research
  • Presented research findings at international conferences and industry events
  • Mentored junior researchers and contributed to open-source privacy tools
Academic Research Web Privacy Browser Fingerprinting Python JavaScript Data Analysis Machine Learning Web Crawling Statistical Analysis

Application Development Engineer

Roketsan Missiles Inc. • Ankara, Turkey • Apr 2017 - Apr 2020
  • Developed web applications using ASP.NET MVC with agile methodologies
  • Created mobile applications using React Native
  • Designed and deployed Web APIs on Microsoft Azure
  • Enhanced existing projects with new features and issue resolutions
ASP.NET MVC Entity Framework Python Oracle Database C# React Native Azure ASP.NET Web API

Software Engineer

ONUR YÜKSEK TEKNOLOJİ A.S. • Ankara, Turkey • Jan 2016 - Apr 2017
  • Worked as a front-end developer on a Voice Communication System project using JavaScript
  • Developed a desktop application using JavaFX as a full-stack engineer
JavaScript JavaFX MySQL Git Jira

Software Engineer

ICTERRA A.S. • Ankara, Turkey • Feb 2015 - Jan 2016
  • Developed a full-stack internal ERP project using Java and AngularJS
Java Spring AngularJS MySQL Play Framework

Awards


Leaky Forms: A Study of Email and Password Exfiltration Before Form Submission (USENIX Security'22)
2022 CNIL-Inria Award for Privacy Protection

Projects

.js-id-include


Browsers including Chrome recently reduced the user-agent string to make it less identifying. Simultaneously, Chrome introduced several highly identifying (or high-entropy) the user-agent client hints (UA-CH) to allow access to browser properties that are redacted from the user-agent string. In this empirical study, we attempt to characterize the effects of these major changes through a large-scale web measurement on the top 100K websites. Using an instrumented crawler, we quantify access to high-entropy browser features through UA-CH HTTP headers and the JavaScript API (mainly the navigator.userAgentData.getHighEntropyValues method). With this study we measure access delegation to third parties and investigate whether the new client hints are already used by tracking, advertising and browser fingerprinting scripts.
Website Code


Email addresses—or identifiers derived from them—are known to be used by data brokers and advertisers for cross-site, cross-platform, and persistent identification of potentially unsuspecting individuals. In order to find out whether access to online forms is misused by online trackers, we present a measurement of email and password collection that occur before form submission on the top 100K websites.
Website Code
We developed LeakInspector to help publishers and end-users to audit third parties that harvest personal information from online forms without their knowledge or consent as a coutermeasure to avoid the leakage of personal information.
Code

Publications

2024 45th IEEE Symposium on Security and Privacy
2022 31th USENIX Security Symposium
Improved differential attacks on Rectangle
Differential Attacks on Lightweight Block Ciphers PRESENT, PRIDE and RECTANGLE Revisited

Press

WIRED

Thousands of Popular Websites See What You Type—Before You Hit Submit
May, 11

NOS.NL

Adverteerders kijken mee als je online je e-mailadres invult
May, 11

FORTUNE

Meta, TikTok and thousands of major websites are found swiping data you enter on forms—even if you don’t hit submit
May, 12

LE MONDE

Thousands of websites save form data, even before the "submit" button has been used
May, 12

BUSINESS INSIDER

Píxeles espía y formularios que saben lo que escribes aunque no lo envíes: las tecnológicas sofistican sus formas de rastrearte en la red
May, 13

ZEIT

Ich sehe was, was du eintippst
May, 22

NYTIMES

Other privacy news we’re watching
June, 6

Contact

  • Email:

    asumansenol@gmail.com