We are happy to announce that Paul Gerhart is presenting the talk “Improving Account Security for Victims of Account Compromise through Client-Side Access Logging” at Real World Crypto (RWC) 2026, taking place in Taipei, Taiwan.

Abstract:

Account compromise remains a common threat, particularly for people experiencing interpersonal abuse. Account security interfaces (ASIs) are meant to help users detect and respond to such compromise; however, they have received little systematic attention, despite their central role in user safety. One problem with ASIs is that the information they present can be easily spoofed, making them unreliable. Including more trustworthy information, such as serial numbers, would provide users with reliable evidence of malicious logins. However, this goes against best practices for protecting user privacy, as it can enable platforms to track users. Therefore, we are presented with a seemingly fundamental tension between privacy from providers and accountability to users.

In this talk, we introduce client-side access logging (CSAL) to address this tension. CSAL adds encrypted logging functionality to modern authentication frameworks (such as WebAuthn and passkeys). For this, we rely on support from the operating system to provide and encrypt sensitive information about the device during authentication to a web service. The encrypted entry is stored in a log that only authenticated devices can decrypt. In particular, the web service is blinded from information that could enable device tracking. We present two design directions and invite discussion on how such mechanisms could be integrated into the WebAuthn and FIDO ecosystems to improve user safety at scale.

More information about the symposium can be found on the Real World Crypto 2026 website.