Asuman Senol Kar

Founder & Principal Consultant

I am the Founder & Principal Consultant at CODEVIA, a boutique consultancy that brings academic rigor and real-world expertise to solve complex technical challenges. With a Ph.D. in Web Security and Data Privacy and a Master's in Cyber Security, I lead projects spanning privacy engineering, data analytics, and secure software development. I currently serve as a consultant at ENGIE, one of the world's leading energy companies.

CODEVIA specializes in three core areas: Privacy Engineering (GDPR compliance, DSR automation, privacy-preserving analytics), Data Analytics & Engineering (robust pipelines, scalable warehouses, BI dashboards), and Software Engineering & Cloud Architecture (enterprise applications, cloud-native systems). I have proficiency in Python, JavaScript, TypeScript, Node.js, C#, SQL, and cloud services, with experience ranging from startups to global enterprises like Google and HERE Technologies.

Education

PhD in Web Privacy, Apr 2020 - June 2024

COSIC, KU LEUVEN
MSc in Cyber Security, Sep 2015 - Jun 2017

METU
BSc in Mathematics, Sep 2010 - Jun 2015

METU

Experience

CODEVIA, 2024 - Present

Founder & Principal Consultant
ENGIE, Dec 2024 - Present

Freelance Software Engineer & Technical Consultant
Here Technologies, Jul 2024 - Dec 2024

Senior Software Engineer
Google LLC, January 2023 - May 2023

Student Researcher
Roketsan Missiles Inc., Apr 2017 - Apr 2020

Application Development Engineer
ONUR YÜKSEK TEKNOLOJİ A.S., Jan 2016 - Apr 2017

Software Engineer
ICTERRA A.S., Feb 2015 - Jan 2016

Software Engineer

Interests & Skills

Programming

Python, JavaScript, TypeScript, Node.js, C#, SQL, ASP.NET MVC, ASP.NET Web API, Flask, RESTful APIs, React Native, Chrome Devtools Protocol, Puppeteer, Entity Framework, PL/SQL, AWS Services, Azure Services, Docker, CI/CD pipelines, Kubernetes, DevOps, ML and AI (TensorFlow, PyTorch, Scikit-learn)

Interests

Web Privacy, Online Tracking, Web measurement, Browser fingerprinting

Professional Experience

Founder & Principal Consultant

CODEVIA • Belgium • 2024 - Present

Privacy Engineering: Led by a Ph.D. in Web Privacy with the 2022 CNIL-Inria Award, helping companies integrate privacy into every layer of their systems
GDPR Compliance & DSR Automation: Implemented comprehensive privacy frameworks and automated data subject request processing
Data Analytics & Engineering: Built robust data pipelines and scalable warehouses (Snowflake, Redshift) with actionable BI dashboards
Software Engineering & Cloud Architecture: Delivered end-to-end solutions for enterprises using modern tech stack and cloud-native approaches
Served clients ranging from startups to global enterprises with academic rigor and real-world expertise

Privacy Engineering GDPR Compliance Data Analytics Cloud Architecture Python TypeScript AWS Kubernetes

Freelance Software Engineer & Technical Consultant

ENGIE • Brussels, Belgium • Dec 2024 - Present

Designed and implemented solutions in C# .NET and Python to meet performance, robustness, and scalability requirements
Deployed applications in a Kubernetes environment, leveraging DevOps tools and practices
Collaborated with functional analysts and end-users to gather requirements, plan development tasks, and ensure alignment with business objectives
Enhanced real-time capabilities, ensuring efficient processing and high reliability for trading operations

Python C# .NET Kubernetes Azure DevOps

Senior Software Engineer

Here Technologies • Brussels, Belgium • Jul 2024 - Dec 2024

Automated Privacy Management: Developed RESTful APIs to streamline privacy compliance, enhancing efficiency for privacy specialists and product teams
Privacy by Design: Integrated privacy principles into the product development lifecycle, automating compliance tasks and aligning with Product Trust initiatives

Python TypeScript JavaScript Flask AWS RESTful APIs MySQL Docker CI/CD

PhD Student Researcher

Google LLC • Zurich, Switzerland • Jan 2023 - May 2023

Privacy Budget Project: Contributed to Google's Privacy Budget initiative
Investigated use cases of browser fingerprinting, focusing on legitimate uses such as fraud prevention
Trained a machine learning model to identify login and signup pages, enabling analysis of browser fingerprinting attempts on authentication pages
Developed a browser add-on with embedded ML model for identifying authentication pages
Published academic article included in The Web Conference 2024 (WWW'24) proceedings

TypeScript Python Go JavaScript TensorFlow Data Privacy Machine Learning

PhD Researcher

KU Leuven (COSIC) • Leuven, Belgium • Apr 2020 - June 2024

Research Focus: Investigating web privacy and browser fingerprinting techniques
Conducted comprehensive measurement studies analyzing privacy implications of browser features
Developed automated web crawling infrastructure for large-scale analysis (100K+ websites)
Collaborated with industry partners including Google on privacy-preserving technologies
Publications: Published multiple peer-reviewed papers in top-tier security conferences (USENIX Security, WWW)
Awarded prestigious CNIL-Inria Privacy Protection Award (2023) for groundbreaking research
Presented research findings at international conferences and industry events
Mentored junior researchers and contributed to open-source privacy tools

Academic Research Web Privacy Browser Fingerprinting Python JavaScript Data Analysis Machine Learning Web Crawling Statistical Analysis

Application Development Engineer

Roketsan Missiles Inc. • Ankara, Turkey • Apr 2017 - Apr 2020

Developed web applications using ASP.NET MVC with agile methodologies
Created mobile applications using React Native
Designed and deployed Web APIs on Microsoft Azure
Enhanced existing projects with new features and issue resolutions

ASP.NET MVC Entity Framework Python Oracle Database C# React Native Azure ASP.NET Web API

Software Engineer

ONUR YÜKSEK TEKNOLOJİ A.S. • Ankara, Turkey • Jan 2016 - Apr 2017

Worked as a front-end developer on a Voice Communication System project using JavaScript
Developed a desktop application using JavaFX as a full-stack engineer

JavaScript JavaFX MySQL Git Jira

Software Engineer

ICTERRA A.S. • Ankara, Turkey • Feb 2015 - Jan 2016

Developed a full-stack internal ERP project using Java and AngularJS

Java Spring AngularJS MySQL Play Framework

Awards

2022 CNIL-Inria Award for Privacy Protection (2023)

Leaky Forms: A Study of Email and Password Exfiltration Before Form Submission (USENIX Security'22)

Projects

Unveiling the Impact of User-Agent Reduction and Client Hints: A Measurement Study

Browsers including Chrome recently reduced the user-agent string to make it less identifying. Simultaneously, Chrome introduced several highly identifying (or high-entropy) the user-agent client hints (UA-CH) to allow access to browser properties that are redacted from the user-agent string. In this empirical study, we attempt to characterize the effects of these major changes through a large-scale web measurement on the top 100K websites. Using an instrumented crawler, we quantify access to high-entropy browser features through UA-CH HTTP headers and the JavaScript API (mainly the navigator.userAgentData.getHighEntropyValues method). With this study we measure access delegation to third parties and investigate whether the new client hints are already used by tracking, advertising and browser fingerprinting scripts.

Website Code

Leaky Forms: A Study of Email and Password Exfiltration Before Form Submission

Email addresses—or identifiers derived from them—are known to be used by data brokers and advertisers for cross-site, cross-platform, and persistent identification of potentially unsuspecting individuals. In order to find out whether access to online forms is misused by online trackers, we present a measurement of email and password collection that occur before form submission on the top 100K websites.

Website Code

We developed LeakInspector to help publishers and end-users to audit third parties that harvest personal information from online forms without their knowledge or consent as a coutermeasure to avoid the leakage of personal information.

Code