02/2019 – Two Factor Authentication

Again and again, millions of users are affected by security vulnerabilities. Two factor authentication can help to reduce the occurrence of identity theft, phishing attacks or other online scams. Because even if the password was cracked, hackers can be locked out and sensitive data is protected.

The proof of identity of the user is determined by a combination of two independent components, which must be used correctly. The three most common factors are usually specified as something that you know (Pin code) you have (bank card, physical key) and that you are (fingerprint, human voice). The combination does not necessarily have to consist of factors of different categories, but these must never be stored in the same place. Most often, one of the features is a physical token, while the other one is such as a security code, for example the combination bank card - PIN.

On secure computers it can be set to be asked for the code only the first time, for example at home on your PC or laptop. For sensitive accounts we recommend at least to establish the two factor authentication and thus to increase the protection of your data significantly.

01/2019 – Static vs. dynamic website - which one is the right for your company?

Static or dynamic website? That's the basic question your company has to face when creating the own website. However, there is no general answer for better use, both solutions have their advantages and disadvantages, the input has to be weighed up from project to project.

On static websites, a HTML document is technically presented on the web server, which is written and designed like a kind of prospect.


  • No special technical requirements,
  • requires no database connections,
  • low and fast creation effort,
  • cost-saving creation,
  • low running costs,
  • low memory capacity.


  • Usually, content can only be changed with the appropriate knowledge or software and requires a lot of time,
  • the larger the pages, the more confusing the source code.

Target group: If you only plan a small website that has to be updated irregularly, a static website is sufficient – for example a simple web business card with address and opening hours.

Dynamic websites communicate with the server and are actively generated at the moment of their request.


  • Flexibility: Content can easily be expanded online without special knowledge and software,
  • Individuality: Content and design can be changed independently,
  • Multi-user operation: Multiple users are responsible for different parts of the website,
  • easy design of multilingual websites,
  • current content will be found by search engines.


  • Higher overhead, because servers and possibly database required,
  • higher startup costs,
  • higher running costs,
  • larger storage space requirement.

Target group: Who plans a larger webiste, which should be maintained continuously with current content, such as search queries, ordering systems or form.

We would be happy to help you personally to find the ideal solution for your company.

10/2018 – Informational self-determination – the concept of decentralisation as an alternative to powerful data gathering companies

Maintaining a complex social network if hardly no one uses it and recently revealed a tremendous security breach? For the technology giant Google this is no longer up for discussion. In ten months, in August next year, the plug will be pulled. Googles in-house social network is going to be shut down. Google+ users will still be able to download their stored data and transfer them to other platforms.

But what are the alternatives? A switch to Facebook or other data gathering companies, platforms that earn money with our data and – using the example of Facebook – cannot even guarantee safekeeping for it? The question should rather be if we would like to leave our data to private companies. Anyone who refuses to do so, anyone who would like to regain control and responsibility over their own data and counteract a cultural constriction, currently has only one concrete option: open-source based networks. The data can be stored at home on your own computer or at a trusted provider. The advantages are obvious: Control of a video, for example, is completely retained – it can be removed at any time. And anyone who wants can even control who is allowed to see it. This of course applies to all types of data – texts, information and photos.

We present you two alternatives that set an uncommercial concept against the authoritarian-organized social networks.

Since 2010 diaspora* has offered its users the option to set up local servers anywhere in the world or to join existing servers. Decentralization is the keyword here – however it is still possible to connect seamlessly with the global community. In addition, the network offers its users the freedom to modify the source code and thus the possibilities of use and to adapt it to their own use. Just like the profile itself. Creativity can be given free rein, the real identity does not have to be used. The data are also not used to make money by evaluating interaction and advertising based on it, only for the possibility of global networking and user interaction. The user can specifically allow who can see posts and who cannot. As a result of individual privacy control, it is up to the user how private or public his profile may be. Even if your own contacts are not yet represented on diaspora*, your own account can be linked to other social networks and an extensive network can take place. More information about diaspora* is available at

Mastodon is also an open source network that exists since 2016. As with diaspora*, there is no central server here, but a multitude of private ones, which are merged into a large network. Similar to Twitter, there is a limit of 500 characters for texts. Again, the user comes to the fore, there is no collection of data, no commercial use. A little insight and further information can be found at

Curious? There are currently 23 projects at, including diaspora* and mastodon, which are based on decentralized open-source software. Nodes connect these individual projects, allowing them to communicate with each other. Anyone who wants to reinvent and shape their right to informal self-determination has to be right here.

09/2018 – Nextcloud: Control is the key to security


08/2018 – GDPR for Consumers: Power to the People

The GDPR can mean a lot of work for companies which have not yet dealt with the topic of data protection and might therefore be perceived as disadvantageous. However, this should not be the case because those working with personal data have a certain responsibility to protect them. Therefore, we advise website operators to be as economical as possible in collecting, storing and processing such data. Please see in this regard also the summary of key points for handling personal data (07/2018).

For consumers, the standardisation of European data protection directives is in any case a great benefit and success. One thing is of particular importance to this end: Customers must be informed in more detail how their personal data are used and they have the right to object to this use at any time. To provide a precise idea about which rights consumers will exactly have in the future and how they can benefit from the GDPR, the following summary provides an overview of the most important innovations and what they mean for you.

Scope: The GDPR applies to all EU citizens whose rights it strengthens. Companies are from now on obliged to provide information about which personal data they collect, process and store for what purposes and how long. This also applies to any company which is not based in the EU as soon as they direct offers to European consumers. Thus, it applies to major US companies such as Google, Facebook and Co. as well.

Privacy by default: Essentially, only those personal data should be collected and processed which are absolutely necessary! This means also that companies are required to take care of data protection-friendly default settings. For example, when placing an order via a web shop, the name and delivery address are indispensable. The phone number is for instance not necessary to process the order and should therefore not be mandatory. In addition, companies may of course offer their customers to subscribe to their newsletter by activating a corresponding op-in box. This box should, however, not be pre-activated. Also regarding apps, for example, the microphone or access to photos etc. may not be enabled automatically.

Duty of information/plaintext: Since the GDPR came into force, companies have to inform their customers in detail about the purpose, the processing and the duration of storage of their personal data. However, this must be easily understandable for anyone and limited to the necessary minimum. A clearly formulated privacy policy should be available directly on the homepage of each website. If any data is passed on to third parties, the consumer must be informed about who will get access to his/her personal data. In addition, he/she must explicitly agree to this data transfer. Should there be any incident regarding a customer’s personal data, companies are obliged to inform him/her about this without delay.

Answer/information obligation: Companies have to inform consumers on request about their rights. In addition, they must provide any information about what data they have currently stored, for which purpose, for how long, as well as if and to whom they will be given. Such requests must be processed free of charge within four weeks.

Data Degradation & Right to Forget: Consumers have the right to request the immediate and complete deletion of stored personal data at any time. This right excludes for instance billing information which must be stored under German law for 10 years. Likewise, companies are obliged to destroy personal data immediately after the expiry of such deadlines or if the purpose of the storage has ceased to exist.

Data Copy & Data Portability: Companies must provide their customers on request with an electronic copy of their personal data, for instance as PDF. Moreover, they should for example in the event of terminating a contract provide the consumer with his/her data in a common electronic format in order to facilitate his/her migration to another provider.

Supervisory authorities: Customers have principally the right to address the responsible supervisory authority for any data protection concerns or doubts.

Although some of the provisions and wording of the new EU data protection directives are not yet fully defined, the GDPR is overall a big step in the right direction, finally allowing consumers extensive rights which are fully justified. Please do not hesitate to contact us if you have any questions, we will be happy to help. [Source: Kompac't 1/2018]