Accepted papers for PETS 2026
Issue 1
- How We Define Privacy Literacy: Teaching Experiences & Challenges of Community-Engaged Privacy Educators
Tanisha Afnan (University of Michigan), Sheza Naveed (University of Michigan), Griffin Christie (University of Michigan), Jackie Hu (University of Michigan), Byron Lowens (Indiana University at Indianapolis), Allison McDonald (Boston University), and Florian Schaub (University of Michigan)
- Obscura: Enabling Ephemeral Proxies for Traffic Encapsulation in WebRTC Media Streams Against Cost-Effective Censors Artifact: Available, Functional
Afonso Vilalonga (NOVA LINCS, NOVA School of Science and Technology), Kevin Gallagher (NOVA LINCS, NOVA School of Science and Technology), João S. Resende (Universidade do Porto), and Henrique Domingos (NOVA LINCS, NOVA School of Science and Technology)
- Ad Personalization and Transparency in Mobile Ecosystems: A Comparative Analysis of Google’s and Apple’s EU App Stores Artifact: Available, Functional, Reproduced
David Breuer (Technical University Darmstadt), Lucas Becker (Technical University Darmstadt), and Matthias Hollick (Technical University Darmstadt)
- Making Sense of Private Advertising: A Principled Approach to a Complex Ecosystem Artifact: Available, Functional, Reproduced
Kyle Hogan (MIT), Alishah Chator (Boston University), Gabriel Kaptchuk (University of Maryland), Mayank Varia (Boston University), and Srinivas Devadas (MIT)
- SilhouetteTell: Practical Video Identification Leveraging Blurred Recordings of Video Subtitles
Guanchong Huang (University of Oklahoma) and Song Fang (University of Oklahoma)
- Securing Private Federated Learning in a Malicious Setting: A Scalable TEE-Based Approach with Client Auditing Artifact: Available
Shun Takagi (LY Corporation) and Satoshi Hasegawa (LY Corporation)
- Word-level Annotation of GDPR Transparency Compliance in Privacy Policies using Large Language Models Artifact: Available
Thomas Cory (Technische Universität Berlin), Wolf Rieder (Technische Universität Berlin), Julia Krämer (Erasmus University Rotterdam), Philip Raschke (Technische Universität Berlin), Patrick Herbke (Technische Universität Berlin), and Axel Küpper (Technische Universität Berlin)
- Privacy vs. Profit: The Impact of Google's Manifest Version 3 (MV3) Update on Ad Blocker Effectiveness Artifact: Available, Functional, Reproduced
Karlo Lukic (Goethe University Frankfurt) and Lazaros Papadopoulos (Goethe University Frankfurt)
- Linguistic Hooks: Investigating The Role of Language Triggers in Phishing Emails Targeting African Refugees and Students
Mythili Menon (Wichita State University), Nisha Vinayaga-Sureshkanth (University of Texas at San Antonio), Alec Schon (Wichita State University), Kaitlyn Hemberger (University of Kansas), and Murtuza Jadliwala (University of Texas at San Antonio)
- Gaze3P: Gaze-Based Prediction of Perceived Privacy Artifact: Available
Mayar Elfares (University of Stuttgart), Pascal Reisert (University of Stuttgart), Ralf Küsters (University of Stuttgart), and Andreas Bulling (University of Stuttgart)
- Sanitization or Deception? Rethinking Privacy Protection in Large Language Models Artifact: Available
Bipin Paudel (Kansas State University), Bishwas Mandal (Kansas State University), George Amariucai (Kansas State University), and Shuangqing Wei (Louisiana State University)
- Argmax and XGBoost Training over Fully Homomorphic Encryption
Ramy Masalha (IBM Research and University of Haifa), Adi Akavia (University of Haifa), Allon Adir (IBM Research), Ehud Aharoni (IBM Research), and Eyal Kushnir (IBM Research)
- dX-Privacy for Text and the Curse of Dimensionality Artifact: Available, Functional
Hassan Asghar (Macquarie University), Robin Carpentier (Macquarie University), Benjamin Zi Hao Zhao (Macquarie University), and Dali Kaafar (Macquarie University)
- What-App? App usage detection using encrypted LTE/5G traffic Artifact: Available, Functional
Jinjin WANG (University of Birmingham), Zishuai Cheng (Beijing University of Posts and Telecommunications), Mihai Ordean (University of Birmingham), and Baojiang Cui (Beijing University of Posts and Telecommunications)
- Evaluating connection migration based QUIC censorship circumvention Artifact: Available, Functional, Reproduced
Seungju Lee (Princeton University), Mona Wang (Princeton University), Watson Jia (Princeton University), Qiang Wu (GFW Report), Henry Birge-Lee (Princeton University), Liang Wang (Princeton University), and Prateek Mittal (Princeton University)
- Personal Data Flows and Privacy Policy Traceability in Third-party GPT Integrations Artifact: Available, Functional, Reproduced
Juan Carlos Carrillo (VRAIN, Universitat Politècnica de València), Jose Luis Martin Navarro (Aalto University & VRAIN, Universitat Politècnica de València), Rongjun Ma (Aalto University), and Jose Such (King’s College London & VRAIN, Universitat Politècnica de València)
- Bot Among Us: Exploring User Awareness and Privacy Concerns About Chatbots in Group Chats Artifact: Available, Functional, Reproduced
Kai-Hsiang Chou (National Taiwan University), Yi-An Wang (National Taiwan University), Chong Kai Lau (National Taiwan University), Mahmood Sharif (Tel Aviv University), and Hsu-Chun Hsiao (National Taiwan University)
- How Experts Personalize Privacy & Security Advice for At-Risk Users Artifact: Available
Wentao Guo (University of Maryland), Alexander Yang (University of Maryland), Nathan Malkin (New Jersey Institute of Technology), and Michelle L. Mazurek (University of Maryland)
- Location-Enhanced Information Flow for Home Automations Artifact: Available, Functional, Reproduced
McKenna McCall (Colorado State University), Ben Weinshel (Carnegie Mellon University), Kunlin Cai (University of California, Los Angeles), Ying Li (University of California, Los Angeles), Eric Zeng (Georgetown University), Devika Manohar (Carnegie Mellon University), Lujo Bauer (Carnegie Mellon University), Limin Jia (Carnegie Mellon University), and Yuan Tian (University of California, Los Angeles)
- Are Bite-Size Data Safety Details a Healthy Diet for Android Telehealth App Users? Impacts of Privacy Nutrition Labels on Users' Privacy Perceptions
Alisa Frik (International Computer Science Institute), Subham Mitra (University of California, Berkeley), Priyasha Chatterjee (Max Planck Institute for Security and Privacy), and Julia Bernd (International Computer Science Institute)
- ReporTor: Facilitating User Reporting of Issues Encountered in Naturalistic Web Browsing via the Tor Browser Artifact: Available, Functional
Nicholas Micallef (Swansea University), Cameron Cartier (Black Hills Information Security), Kevin Gallagher (NOVA LINCS, NOVA School of Science and Technology), Lucas Zagal (University of Utah), and Sameer Patil (University of Utah)
- SEED: Streamlined End-to-End Data Processing in Cloud Environments
Omar Jarkas (The University of Queensland), Ryan Ko (The University of Queensland), Naipeng Dong (The University of Queensland), and MD Redowan Mahmud (Curtin University)
- Ephemeral Network-Layer Fingerprinting Defenses Artifact: Available, Functional, Reproduced
Tobias Pulls (Karlstad University), Topi Korhonen (Independent), Ethan Witwer (Linköping University), and Niklas Carlsson (Linköping University)
- Are we collaborative yet? A Usability Perspective on Mixnet Latency for Real-Time Applications Artifact: Available, Functional
Killian Davitt (King's College London), Dan Ristea (UCL), and Steve. J Murdoch (UCL)
- PriVA-C: Defending Voice Assistants from Fingerprinting Attacks Artifact: Available
Dilawer Ahmed (North Carolina State University), Aafaq Sabir (North Carolina State University), Ahsan Zafar (North Carolina State University), and Anupam Das (North Carolina State University)
- “We Need a Standard”:Toward an Expert–Informed Privacy Label for Differential Privacy
Onyinye Dibia (University of Vermont), Mengyi Lu (University of Vermont), Prianka Bhattacharjee (University of Vermont), Joseph P Near (University of Vermont), and Yuanyuan Feng (University of Vermont)
- Privacy Attacks on Matrix Profiles based on Reconstruction Techniques Artifact: Available, Functional, Reproduced
Haoying Zhang (Insa-CVL), Nicolas Anciaux (Inria), Benjamin Nguyen (Insa-CVL), Fabien GIRARD (ENSTA Paris), Jose Maria de Fuentes (UC3M), and Adrien Boiret (Insa-CVL)
- AI-in-the-Loop: Privacy Preserving Real-Time Scam Detection and Conversational Scambaiting by Leveraging LLMs and Federated Learning Artifact: Available
Ismail Hossain (University of Texas at El Paso), Sai Puppala (Southern Illinois University Carbondale), Md Jahangir Alam (University of Texas at El Paso), and Sajedul Talukder (University of Texas at El Paso)
- User Perceptions and Attitudes Toward Untraceability in Messaging Platforms
Carla Florencia Griggio (Department of Computer Science, Aalborg University), Boel Nelson (Department of Computer Science, University of Copenhagen), Zefan Sramek (IIS Lab, The University of Tokyo), and Aslan Askarov (Department of Computer Science, Aarhus University)
- SPRINT: Scalable Secure & Differentially Private Inference for Transformers Artifact: Available, Functional
Francesco Capano (SAP SE), Jonas Boehler (SAP SE), and Benjamin Weggenmann (Technische Hochschule Würzburg Schweinfurt)
Issue 2
- tigro: Trust Infrastructure for Grassroots Organizing via Grounded Digital Annotations Artifact: Available
Leah Namisa Rosenbloom (Northeastern University), Seny Kamara (Brown University and MongoDB Research), Zachary Espiritu (MongoDB Research), Tarik Moataz (MongoDB Research), Amine Bahi (École Normale Supérieure), and John Wilkinson (Brown University)
- Cryptographically-Secured Domain Validation Artifact: Available, Functional, Reproduced
Henry Birge-Lee (Princeton University), Grace H. Cimaszewski (Princeton University), Cyrill Krähenbühl (Princeton University), Liang Wang (Princeton University), Aaron Gable (Lets Encrypt), and Prateek Mittal (Princeton University)
- ROTL: Faster Lookup Table Evaluation
Xiaoyang Hou (Zhejiang University), Jian Liu (Zhejiang University), Jingyu Li (Zhejiang University), Jiawen Zhang (Zhejiang University), Kui Ren (Zhejiang University), and Chun Chen (Zhejiang University)
- Preserving Target Distributions With Differentially Private Count Mechanisms Artifact: Available, Functional, Reproduced
Nitin Kohli (UC Berkeley) and Paul Laskowski (UC Berkeley)
- Pirouette: Query Efficient Single-Server PIR
Jiayi Kang (COSIC, KU Leuven) and Leonard Schild (COSIC, KU Leuven)
- A Risk Assessment Framework for Digital Identification Systems
Allison Woodruff (Google), Dirk Balfanz (Google), Will Drewry (Google), and Mariana Raykova (Google)
- Privacy by Voice: Designing Usable Privacy Notices for the Voice Interface Artifact: Available
Aafaq Sabir (North Carolina State University), Abhinaya S.B. (North Carolina State University), Dilawer Ahmed (North Carolina State University), and Anupam Das (North Carolina State University)
- Analyzing Societal Awareness and Perception of Digital Fingerprinting and Fingerprinting Countermeasures Artifact: Available, Functional
Pascal Schramm (Technical University of Munich), Emmanuel Syrmoudis (Technical University of Munich), Alexandros Markou (Technical University of Munich), and Jens Grossklags (Technical University of Munich)
- Website fingerprinting on Nym: Attacks and Defenses Artifact: Available, Functional, Reproduced
Eric Jollès (EPFL), Simon Wicky (Nym Technologies), Ania M. Piotrowska (Nym Technologies), Harry Halpin (Nym Technologies), and Carmela Troncoso (EPFL & MPI-SP)
- Dropout-Robust Mechanisms for Differentially Private and Fully Decentralized Mean Estimation
César Sabater (INSA Lyon), Sonia Ben Mokhtar (INSA Lyon, CNRS), and Jan Ramon (INRIA Lille)
- “I don’t think it needs to be political”: Privacy Experiences and Concerns of FemHealth App Users in the United States
Ina Kaleva (King's College London), Alisa Frik (International Computer Science Institute), Lisa Malki (University College London), Mark Warner (University College London), and Ruba Abu-Salma (King's College London)
- PROVGEN: A Privacy-Preserving Approach for Outcome Validation in Genomic Research Artifact: Available, Functional
Yuzhou Jiang (Case Western Reserve University), Tianxi Ji (Texas Tech University), and Erman Ayday (Case Western Reserve University)
- HyperVerITAS: Verifying Image Transformations at Scale on Boolean Hypercubes Artifact: Available, Functional
Garrett Greiner (University of Utah), Toshi Mowery (University of Utah), and Pratik Soni (University of Utah)
- The Empire Strikes Back (at Your Privacy): An Archaeology of Tracking on Government Websites
Sachin Kumar Singh (University of Utah), Faisal Mahmud (New York University Abu Dhabi), Robert Ricci (University of Utah), and Sandra Siby (New York University Abu Dhabi)
- CURE: Privacy-Preserving Split Learning Done Right Artifact: Available, Functional
Halil Ibrahim Kanpak (Koç University), Aqsa Shabbir (Bilkent University), Esra Genç (Bilkent University), Alptekin Küpçü (Koç University), and Sinem Sav (Bilkent University)
- Analysis and Attacks on the Reputation System of Nym Artifact: Available, Functional, Reproduced
Xinmu Alexis Cao (Johns Hopkins University) and Matthew Green (Johns Hopkins University)
- Unveiling Graph Copycats: Inference Attacks with Student Models
Paul Agbaje (University Of Texas At Arlington), Afia Anjum (University Of Texas At Arlington), Arkajyoti Mitra (University Of Texas At Arlington), and Habeeb Olufowobi (University Of Texas At Arlington)
- Humanitarian Aid Distribution with Privacy-Preserving Assessment Capabilities Artifact: Available, Functional, Reproduced
Christian Knabenhans (EPFL), Lucy Qin (Georgetown), Justinas Sukaitis (ICRC), Vincent Graf Narbel (ICRC), and Carmela Troncoso (MPI-SP,EPFL)
- Pantomime: Motion Data Anonymization Using Foundation Motion Models Artifact: Available
Simon Hanisch (Technical University Dresden), Julian Todt (Karlsruhe Institute of Technology), and Thorsten Strufe (Karlsruhe Institute of Technology)
- SoK: Can Fully Homomorphic Encryption Support General AI Computation? A Functional and Cost Analysis Artifact: Available, Functional
Jiaqi Xue (University of Central Florida), Xin Xin (University of Central Florida), Wei Zhang (University of Central Florida), Mengxin Zheng (University of Central Florida), Qianqian Song (University of Florida), Minxuan Zhou (Illinois Institute of Technology), Yushun Dong (Florida State University), Dongjie Wang (The University of Kansas), Xun Chen (Samsung Research America), Jiafeng Xie (Villanova University), Liqiang Wang (University of Central Florida), David Mohaisen (University of Central Florida), Hongyi Wu (University of Arizona), and Qian Lou (University of Central Florida)
- A Year Under the DSA: Ad Transparency’s Uneven Landscape
Abir Benzaamia (LIX, CNRS, Inria, École Polytechnique, IP Paris), Asmaa El fraihi (LIX, CNRS, Inria, École Polytechnique, IP Paris), Ines Abdelaziz (LIX, CNRS, Inria, École Polytechnique, IP Paris), and Oana Goga (LIX, CNRS, Inria, École Polytechnique, IP Paris)
- CoinJoin ecosystem insights for Wasabi 1.x, Wasabi 2.x and Whirlpool coordinator-based privacy mixers Artifact: Available, Functional, Reproduced
Petr Svenda (Masaryk University, CZ), Jiří Gavenda (Masaryk University, CZ), Vasilios Mavroudis (Turing Institute, UK), and Chris Hicks (Turing Institute, UK)
- Privacy Bias in Language Models: A Contextual Integrity-based Auditing Metric Artifact: Available, Functional, Reproduced
Yan Shvartzshnaider (York University) and Vasisht Duddu (University of Waterloo)
- Exercising the CCPA Opt-out Right on Android: Legally Mandated but Practically Challenging Artifact: Available, Functional
Sebastian Zimmeck (Wesleyan University), Nishant Aggarwal (Wesleyan University), Zachary Liu (Wesleyan University), Sage Altman (Wesleyan University), and Konrad Kollnig (Law & Tech Lab, Maastricht University)
- Breaking BAD? Better Call SAUL! -- Breaking and Fixing Bloom Filters with Added Diffusion Artifact: Available
Frederik Armknecht (University of Mannheim) and Jochen Schäfer (University of Mannheim)
- Frequency Estimation of Correlated Multi-attribute Data under Local Differential Privacy Artifact: Available, Functional, Reproduced
Shafizur Rahman Seeam (Rochester Institute of Technology), Ye Zheng (Rochester Institute of Technology), and Yidan Hu (Rochester Institute of Technology)
- Multi-Party Private Join Artifact: Available, Functional, Reproduced
Anja Lehmann (Hasso-Plattner-Institute, University of Potsdam), Christian Mouchet (Hasso-Plattner-Institute, University of Potsdam), and Andrey Sidorenko (Hasso-Plattner-Institute, University of Potsdam)
- GAN-Invert: Unveiling Vulnerabilities in Privacy-Preserving Facial Transformations
Umesh Kashyap (Indian Institute of Technology Bhilai) and Sk. Subidh Ali (Indian Institute of Technology Bhilai)
- Clicking into Exposure: Uncovering Privacy Risks of Google Click Identifier in YouTube Ads Artifact: Available, Functional, Reproduced
Ha Dao (MPI-INF), Abhishek Shinde (Saarland University), Sana Athar (MPI-INF), and Devashish Gosain (IIT Bombay)
- Secure Change-Point Detection for Time Series under Homomorphic Encryption Artifact: Available, Functional, Reproduced
Federico Mazzone (University of Twente), Giorgio Micali (University of Twente), and Massimiliano Pronesti (IBM Research Europe)
- SentinelTouch: A Lightweight Privacy-Preserving Biometric-Fingerprinting Authentication and Identification System Based on Neural Networks and Homomorphic Encryption Artifact: Available, Functional, Reproduced
Nges Brian Njungle (Arizona State University), Eric Jahns (Arizona State University), Mishel Jyothis Paul (Arizona State University), and Michel Kinsy (Arizona State University)
- Poisoning-based Link Inference Attacks Against Federated Graph Neural Networks
GUIZHEN YANG (Deakin University), Yanjun Zhang (University of Technology Sydney), Leo Yu Zhang (Griffith University), Mengmeng Ge (Monash University), and Shang Gao (Deakin University)
- “I Just Press Allow”: Understanding Privacy Practices of New Internet Users in Urban India Artifact: Available
Priyanka Chowdary Popuri (BITS Pilani, Hyderabad), Srishti Sanghi (The University of Sydney), Sri Lekha Mondreti (BITS Pilani, Hyderabad), and Dipanjan Chakraborty (BITS Pilani, Hyderabad)
- Gryphes: Hybrid Proofs for Modular SNARKs with Applications to zkRollups Artifact: Available, Functional, Reproduced
Jiajun Xin (The Hong Kong University of Science and Technology), Samuel Cheung On Tin (The Hong Kong University of Science and Technology), Christodoulos Pappas (The Hong Kong University of Science and Technology), Yongjin Huang (OKG), and Dimitrios Papadopoulos (The Hong Kong University of Science and Technology)
Issue 3
- Pseudonymity at Risk: Linkage Attacks on Blockchain Users with Off-Chain Cues Artifact: Available
Alexander Smirnov (Technische Universität Berlin), Stefan Schmid (Technische Universität Berlin), and Friedhelm Victor (TRM Labs)
- zkRevoke: Configurable Untraceability for Verifiable Credentials using ZKPs Artifact: Available, Functional, Reproduced
praveensankar manimaran (University of Oslo, Norway), Mayank Raikwar (University of Oslo, Norway), Thiago Garrett (University of Oslo, Norway), Arlindo F. da Conceição (Federal University of São Paulo, Brazil), Leander Jehl (University of Stavanger, Norway), and Roman Vitenberg (University of Oslo, Norway)
- An Improved Entropy Measure for Web Browser Fingerprinting Risk Artifact: Available, Functional, Reproduced
Alex Berke (Google), Enrico Bacis (Google), and Umar Syed (Google)
- Access Granted, Privacy Lost: Formalizing & Quantifying the Hidden Anonymity Risks of Exclusive-Use Systems Artifact: Available, Functional, Reproduced
Christopher Ellis (Ohio State University) and Zhiqiang Lin (Ohio State University)
- Contextual Intent: Activists’ Privacy Considerations for Collaborative Technology in Social Movement Groups
Alexandria LeClerc (Oregon State University), Glencora Borradaile (Oregon State University), and Kelsy Kretschmer (Oregon State University)
- Precarious But Active: A Look At Privacy Behaviors in Chinese Transformative Fandom on a Censored and Surveilled Internet
Kelly Wang (Northeastern University), Ruochen Liu (Northeastern University), Ada Lerner (Northeastern University), Abigail Marsh (Macalester College), and Tianshi Li (Northeastern University)
- CensorLess: Cost-Efficient Censorship Circumvention Through Serverless Cloud Functions Artifact: Available, Functional
Dayeon Kang (University of Massachusetts Amherst), Jade Sheffey (University of Massachusetts Amherst), Mingshi Wu (GFW Report), Pubali Datta (University of Massachusetts Amherst), and Amir Houmansadr (University of Massachusetts Amherst)
- Weight initialization based on gradient similarity for versatile machine unlearning Artifact: Available
Doun Lee (Kookmin University), Jongyun Shin (Kookmin University), Jinwoo Bae (Kookmin University), Hyunjoon Cho (Kookmin University), and Jangho Kim (Kookmin University)
- OAuthHub: Mitigating OAuth Data Overaccess through a Local Data Hub Artifact: Available, Functional
Qiyu Li (University of California, San Diego), Yuhe Tian (University of California, San Diego), and Haojian Jin (University of California, San Diego)
- Secure and Privacy-Preserving Vertical Federated Learning
Shan Jin (Visa Research), Sai Rahul Rachuri (Visa Research), Yizhen Wang (Visa Research), Anderson C.A. Nascimento (Visa Research), and Yiwei Cai (Visa Research)
- Statistics-Friendly Confidentiality Protection for Establishment Data, with Applications to the QCEW
Kaitlyn Webb (Pennsylvania State University), Prottay Protivash (Pennsylvania State University), John Durrell (Pennsylvania State University), Aleksandra Slavkovi\'c (Pennsylvania State University), Daniel Kifer (Pennsylvania State University), and Daniell Toth (U.S. Bureau of Labor Statistics)
- Redefining Website Fingerprinting Attacks with Multi-Agent LLMs Artifact: Available
Chuxu Song (Rutgers University), Dheekshith Dev Manohar Mekala (Rutgers University), Hao Wang (Rutgers University), and Richard P. Martin (Rutgers University)
- Quantifying Classifier Utility under Local Differential Privacy Artifact: Available, Functional, Reproduced
Ye Zheng (Rochester Institute of Technology) and Yidan Hu (Rochester Institute of Technology)
- Oblivis: A Framework for Delegated and Efficient Oblivious Transfer
Aydin Abadi (Newcastle University) and Yvo Desmedt (The University of Texas at Dallas)
- Revisiting the LiRA Membership Inference Attack Under Realistic Assumptions Artifact: Available, Functional, Reproduced
Najeeb Jebreel (Universitat Rovira i Virgili), Mona Khalil (Universitat Rovira i Virgili), David Sánchez (Universitat Rovira i Virgili), and Josep Domingo-Ferrer (Universitat Rovira i Virgili)
- The TCF doesn’t really A(A)ID – Automatic Privacy Analysis and Legal Compliance of TCF-based Android Applications
Victor Morel (Chalmers University of Technology), Cristiana Santos (Utrecht University), Pontus Carlsson (Chalmers University of Technology), Joel Ahlinder (Chalmers University of Technology), and Romaric Duvignau (Chalmers University of Technology)
- VeriDP: Verifiable Differentially Private Training
Behzad Abdolmaleki (University of Sheffield), Amir R. Asadi (University of Cambridge), Vahid R. Asadi (University of Waterloo), Stefan Köpsell (Barkhausen Institut), Bhavish Mohee (University of Sheffield), Nahid Roustaeifar (University of Sheffield), and Maryam Zarezadeh (Barkhausen Institut)
- Between a Rock and a Hard Place: Examining Public Understanding and Perceptions of Data Practices in Smart Cities
Wejdan Alsarih (University of Bristol), Inah Omoronyia (University of Bristol), and Kopo Marvin Ramokapane (University of Bristol)
- Dodge: A Client-Side Framework for Application-Layer Video Fingerprinting Defenses Artifact: Available
Ethan Witwer (Linköping University), David Hasselquist (Linköping University, Sectra Communications), Tobias Pulls (Karlstad University), and Niklas Carlsson (Linköping University)
- Automated Risk Estimation of Attribute Inference Attacks Against Limited Fixed Aggregate Statistics
Yifeng Mao (Imperial College London), Bozhidar Stevanoski (Imperial College London), and Yves-Alexandre de Montjoye (Imperial College London)
- TraCS: Trajectory Collection in Continuous Space under Local Differential Privacy Artifact: Available, Functional
Ye Zheng (Rochester Institute of Technology) and Yidan Hu (Rochester Institute of Technology)
- DP-Hype: Distributed Differentially Private Hyperparameter Search Artifact: Available, Functional, Reproduced
Johannes Liebenow (University of Lübeck), Thorsten Peinemann (University of Lübeck), and Esfandiar Mohammadi (University of Lübeck)
- Dynamic Probabilistic Noise Injection for Membership Inference Defense Artifact: Available, Functional, Reproduced
Javad Forough (Imperial College London) and Hamed Haddadi (Imperial College London)
- AudAgent: Automated Auditing of Privacy Policy Compliance in AI Agents Artifact: Available, Functional
Ye Zheng (Rochester Institute of Technology), Yimin Chen (University of Massachusetts Lowell), and Yidan Hu (Rochester Institute of Technology)
- Banned Books: Analysis of Censorship on Amazon.com Artifact: Available
Jeffrey Knockel (Bowdoin College / Citizen Lab, University of Toronto), Jakub Dałek (Citizen Lab, University of Toronto), Noura Aljizawi (Citizen Lab, University of Toronto), Mohamed Ahmed (Citizen Lab, University of Toronto), Levi Meletti (Citizen Lab, University of Toronto), and Justin Lau (Citizen Lab, University of Toronto)
- KeyDroid: A Large-Scale Analysis of Secure Key Storage in Android Apps
Jenny Blessing (University of Cambridge), Ross J. Anderson (University of Cambridge and Edinburgh), and Alastair R. Beresford (University of Cambridge)
- Practical Semi-Open Chat Groups for Secure Messaging Applications Artifact: Available, Functional, Reproduced
Alex Davidson (LASIGE, Universidade de Lisboa), Luiza Soezima (Aarhus University), and Fernando Virdia (University of Surrey)
- Chatbot Confessions: Large-Scale Analysis of Private Data Disclosure in Shared AI Chatbot Conversations Artifact: Available, Functional
Majid Mollaeefar (Center for Cybersecurity, Fondazione Bruno Kessler (FBK), Trento, Italy), Dimitri Van Landuyt (LIRIS, Faculty of Economics and Business (FEB), KU Leuven, Leuven, Belgium), Gertjan Franken (DistriNet, KU Leuven, Leuven, Belgium), Nico Ebert (ZHAW School of Management and Law, Institute of Business Information Technology, Switzerland), and Silvio Ranise (Center for Cybersecurity, Fondazione Bruno Kessler (FBK), Trento, Italy)
- EXADPrinter: Semi-Exhaustive Permissionless Device Fingerprinting Within the Android Ecosystem Artifact: Available, Functional
Sihem Bouhenniche (Univ. Lille, CNRS, Inria), Pierre Laperdrix (Univ. Lille, CNRS, Inria), and Walter Rudametkin (Univ. Rennes, CNRS, Inria)
- Gradient-Free Privacy Leakage in Federated Language Models through Selective Weight Tampering
Md Rafi Ur Rashid (Pennsylvania State University), Vishnu Asutosh Dasu (Pennsylvania State University), Kang Gu (Dartmouth College), Najrin Sultana (Pennsylvania State University), and Shagufta Mehnaz (Pennsylvania State University)
- SoK: Multi-Perspective-Video-Anonymization
Islam Amar (Karlsruhe Institute of Technology), Omar Moured (Karlsruhe Institute of Technology), Simon Hanisch (Technical University Dresden), and Thorsten Strufe (Karlsruhe Institute of Technology)
- Understanding Privacy and Quality Tradeoffs in Synthetic Network Data Artifact: Available
Andrew Chu (University of Chicago), Kyle MacMillan (University of Chicago), Paul Schmitt (Cal Poly), and Nick Feamster (University of Chicago)
- Personalizing Agent Privacy Decisions via Logical Entailment
James Flemings (University of Southern California), Ren Yi (Google), Octavian Suciu (Google), Kassem Fawaz (University of Wisconsin--Madison), Murali Annavaram (University of Southern California), and Marco Gruteser (Google)
- When Tables Leak: Attacking String Memorization in LLM-Based Tabular Data Generation
Joshua Ward (University of California Los Angeles), Bochao Gu (University of California Los Angeles), Chi-Hua Wang (University of California Los Angeles), and Guang Cheng (University of California Los Angeles)
- From Lines of Code to Lines of Policy? Exploring Software Developers’ Perceptions of Their Privacy Policy–Related Activities
Ria Prianka Saha (Technical University of Darmstadt), Daniel Stäcker (Technical University of Darmstadt), Jonas Stromberg (Fraunhofer IGD), Steven Lamarr Reynolds (Fraunhofer IGD), Kilian Demuth (Technical University of Darmstadt - PEASEC), Frank Nelles (Technical University of Darmstadt - PEASEC), Christian Reuter (Technical University of Darmstadt - PEASEC), Jörn Kohlhammer (Fraunhofer IGD), and Alexander Benlian (Technical University of Darmstadt)
- Operationalizing the Motivated Intruder: A Codebook-Guided Inference Framework for Semantic Input Privacy in LLMs
Michael Maximilian Grötzner (FernUniversität in Hagen) and Pascal Tippe (FernUniversität in Hagen)
- Privacy in Theory, Bugs in Practice: Grey-Box Auditing of Differential Privacy Libraries Artifact: Available, Functional, Reproduced
Tudor Cebere (Inria, Université de Montpellier), David Erb (Technical University of Munich, Oblivious), Damien Desfontaines (Hiding Nemo), Aurélien Bellet (Inria, Université de Montpellier), and Jack Fitzsimons (Oblivious)
- Toward Transparent IoT Purchases: Understanding User Preferences for Privacy and Security Properties of IoT Devices
Lindrit Kqiku (University of Göttingen) and Delphine Reinhardt (University of Göttingen)
- The Masks We (Think We) Wear: Privacy Threats of Browser-Extension Wallets in the Web3 Ecosystem Artifact: Available, Functional, Reproduced
Weihong Wang (DistriNet, KU Leuven), Yana Dimova (DistriNet, KU Leuven), Victor Vansteenkiste (DistriNet, KU Leuven), Tom Van Goethem (DistriNet, KU Leuven), and Tom Van Cutsem (DistriNet, KU Leuven)
Issue 4
- PQKryvos: Post-Quantum Secure E-Voting With Flexible Ballot Formats and Public Tally-Hiding
Nicolas Huber (University of Stuttgart), Ralf Küsters (University of Stuttgart), and Pascal Reisert (University of Stuttgart)
- The PET Paradox: How Amazon Instrumentalises PETs in Sidewalk to Entrench Its Infrastructural Power
Thijmen van Gend (Dutch Organisation for Applied Scientific Research (TNO) & Delft University of Technology), Donald Jay Bertulfo (Delft University of Technology), and Seda Gürses (Delft University of Technology)
- Waterfall: A Capsule-Based Framework for Evaluating Traffic Watermarking in Anonymity Systems
Dimitri Mankowski (Ruhr University Bochum), Eduard Marin (Telefonica Research), Nuno Santos (INESC-ID / Instituto Superior Técnico, University of Lisbon), and Veelasha Moonsamy (Ruhr University Bochum)
- Precision Leads Recalling You! Improved Location Privacy for Shared Mobility Services
Debasree Das (University of Bamberg) and Daniela Nicklas (University of Bamberg)
- Understanding How University Guidelines Address Privacy and Security Issues of Generative AI in Academic Settings
Bei Yi Ng (University of Edinburgh), Jiarui Li (University of Edinburgh), Xinyuan Tong (University of Edinburgh), Kevin Ye (University of Illinois Urbana-Champaign), Gauthami Yenne (University of Illinois Urbana-Champaign), Varun Chandrasekaran (University of Illinois Urbana-Champaign), and Jingjie Li (University of Edinburgh)
- Toward Adaptive Privacy-Enhancing Training: A Longitudinal Study of How Personality Shapes Responsiveness to Information Security Awareness Training
Ofir Cohen (Ben-Gurion University of the Negev), Asaf Shabtai (Ben-Gurion University of the Negev), and Rami Puzis (Ben-Gurion University of the Negev)
- RingOA: Fast Oblivious Access for Large-Scale Privacy-Preserving Structured Data Analysis
Tomoki Uchiyama (Waseda University) and Kana Shimizu (Waseda University)
- Priv360: Application-Oriented QoE-Optimized Client-Side Protection for 360-Viewer Identification
Sheyda Mirzakhani (Linköping University) and Niklas Carlsson (Linköping University)
- "The city isn't uploading me to TikTok": Exploring Privacy Attitudes towards Data Collection in Urban Public Spaces
Julian Todt (Karlsruhe Institute of Technology), Emiram Kablo (Paderborn University), Felix Morsbach (Karlsruhe Institute of Technology), Patricia Arias Cabarcos (European Commission, Joint Research Centre (JRC)), and Thorsten Strufe (Karlsruhe Institute of Technology)
- Designing Reflective Thinking-Based Contextual Privacy Policy for Mobile Applications
Shuning Zhang (Tsinghua University), Sixing Tao (University of Washington), Eve He (Independent Researcher), Yuting Yang (Independent Researcher), Ying Ma (The University of Melbourne), Ailei Wang (Tsinghua University), Xin Yi (Tsinghua University), and Hewu Li (Tsinghua University)
- More Space, Less Privacy? Measuring the Effectiveness of IP-based Website Fingerprinting in IPv6
Sumeer Ahmad (Stony Brook University), Michalis Polychronakis (Stony Brook University), Theophilus A. Benson (Carnegie Mellon University), and Nguyen Phong Hoang (University of British Columbia)
- When Threshold Meets Anamorphic Signatures: What is Possible and What is Not!
Hien Chu (TU Wien), Khue Do (CISPA Helmholtz Center for Information Security), Lucjan Hanzlik (CISPA Helmholtz Center for Information Security), and Sri AravindaKrishnan Thyagarajan (University of Sydney)
- P-Box: Preventing Unwanted Data Flows using Permission Sandboxes on Android
Lucas Becker (Technical University of Darmstadt), David Breuer (Technical University of Darmstadt), and Matthias Hollick (Technical University of Darmstadt)
- SoK: Metric Differential Privacy in Theory and Practice
Xinpeng Xie (University of North Texas), Chenyang Yu (University of North Texas), Yan Huang (University of North Texas), Yang Cao (Institute of Science Tokyo), and Chenxi Qiu (University of North Texas)
- Cultivating a Tech-Safety Mindset using Game-Based Learning for Defending against Technology-Facilitated Abuse
Majed Almansoori (University of Wisconsin–Madison and United Arab Emirates University (UAEU)), Chirag Ghosh (Indian Institute of Technology, Kharagpur), Sarita Singh (Indian Institute of Technology, Kharagpur), Rahul Chatterjee (University of Wisconsin–Madison), and Mainack Mondal (Indian Institute of Technology, Kharagpur)
- Overcoming Language Barriers: Multilingual Analysis of the 2023 Swiss Privacy Law's Impact
Luka Nenadic (ETH Zurich), David Rodriguez (Information Processing and Telecommunications Center, Universidad Politécnica de Madrid, ETSI Telecomunicación), and Joseph A. Calandrino (Carnegie Mellon University)
- "Alexa, Do Not Say That in Front of my Boss!" A Cross-Cultural Comparison of User and AI Preferences for Privacy-Aware Smart Speaker Interactions Across Contexts
Lynne Warin (University of Göttingen), Tony Tang (Singapore Management University), Emily Aurelia (Singapore Management University), Archan Misra (Singapore Management University), and Delphine Reinhardt (University of Göttingen)
- Zero-Knowledge Proofs of Generalized Regular Expression Matching for Anonymized Email Verification
Shreyas Londhe (ZK Email), Aayush Gupta (ZK Email), Sora Suegami (Ethereum Foundation), Yogesh Shahi (ZK Email), Rute Figueiredo (ZK Email), Parisa Hassanizadeh (IPPT PAN), and Shahriar Ebrahimi (Alan Turing Institute)
- No Privacy for Privates: How Military Communities Experience and Perceive the Privacy Risks of Military-Marketed Mobile Apps
Joshua Shinkle (Purdue University), Chandrika Mukherjee (Purdue University), Abdullah Imran (Purdue University), Arjun Arunasalam (Florida International University), Donna Artusy (Army Cyber Institute), Antonio Bianchi (Purdue University), Z. Berkay Celik (Purdue University), and Alexander Master (United States Military Academy)
- CoP-LDP: Coordinated Perturbation for Minimal Disclosure Under Local Differential Privacy
Sandaru Jayawardana (The University of Sydney), Ming Ding (Data61, CSIRO, Australia), and Kanchana Thilakarathna (The University of Sydney)
- Enabling Personal Dataflow Sovereignty via Bolt-on Data Escrow
Zhiru Zhu (University of Chicago) and Raul Castro Fernandez (University of Chicago)
- “Users are worried, but we are confused”: Exploring the Privacy, Security, and Safety Perspectives and Practices of FemHealth App Product Team Members
Chenkai Ma (King's College London), Shijing He (King's College London), Ina Kaleva (King's College London), Alisa Frik (International Computer Science Institute), Jose Such (INGENIO (CSIC-Universitat Politècnica de València)), and Ruba Abu-Salma (King's College London)
- POPPY: Scalable and Secure Spectral Centrality for Distributed Graphs via Homomorphic Encryption
Claire Guichemerre (Université de Rennes, CNRS, IRISA), Tristan Allard (Université de Rennes, CNRS, IRISA), Sofiane Azogagh (Université du Québec à Montréal), Marc-Olivier Killijian (Université du Québec à Montréal), Sébastien Gambs (Université du Québec à Montréal), and Amr El Abbadi (University of California, Santa Barbara)
- Proteus: A Practical Framework for Privacy-Preserving Device Logs
Sanket Goutam (Stony Brook University), Hunter Kippen (Samsung Research America), Michael Grace (Unaffiliated), and Amir Rahmati (Stony Brook University)
- "Because I didn't touch these and even don't know why I should to change these": Why App Developers Do (Not) Update Apple's Privacy Labels
Arwa Alsahdi (The George Washington University), Jialiang Yan (The George Washington University), Monica Kodwani (The George Washington University), Matthias Fassl (The George Washington University), Chris Kanich (University of Illinois Chicago), and Adam J. Aviv (The George Washington University)
- On the Suitability of LLM-Driven Agents for Dark Pattern Audits
Chen Sun (University of Iowa), Yash Vekaria (University of California, Davis), and Rishab Nithyanand (University of Iowa)
- EvaluatAR: A Cross-Device Evaluation Framework for Rapid Prototyping of Bystander PETs in AR
Syed Ibrahim Mustafa Shah Bukhari (Virginia Tech), Matthew Corbett (Army Cyber Institute at West Point), Bo Ji (Virginia Tech), and Brendan David-John (Virginia Tech)
- Troll Patrol: Anonymous User Reporting of Bridge Censorship
Vecna (University of Waterloo) and Ian Goldberg (University of Waterloo)
- Beyond the Output: Inference Attacks on Private Set Union and Multi-Key Private Matching
Andrea Raguso (ETH Zurich), Francesca Falzon (ETH Zurich), Tianxin Tang (University of Glasgow), and Kenneth G. Paterson (ETH Zurich)
- Maude-HCS: Model Checking the Undetectability-Performance Tradeoffs in Hidden Communication Systems
Joud Khoury (RTX BBN Technologies), Minyoung Kim (SRI International), Christophe Merlin (RTX BBN Technologies), Jose Meseguer (University of Illinois at Urbana-Champaign), Zachary Ratliff (Harvard University), and Carolyn Talcott (SRI International)
- Where to Intervene? Benchmarking Fairness-Aware Learning on Differentially Private Synthetic Tabular Data
Vinícius Gabriel Angelozzi (Centre Inria de l'Université Grenoble Alpes) and Héber Hwang Arcolezi (ÉTS Montréal)
- LendLocked: Privacy & Transparency for Digital Library Lending
Boya Wang (MPI-SP and EPFL), Peter Hall (NYU), and Sunoo Park (NYU)
- Dead Domains, Living Data: A Privacy Risk Analysis of Domain Lifecycle in Android Apps
Gabriel Hortea (Universidad Carlos III de Madrid), Aniketh Girish (IMDEA Networks Institute), Narseo Vallina-Rodríguez (IMDEA Networks Institute), and Juan Tapiador (Universidad Carlos III de Madrid)
- SoK: Offline Finding Protocols for Lightweight Location Tracking
Akshaya Kumar (Georgia Institute of Technology), Carolina Ortega Pérez (Cornell University), Joseph Jaeger (Georgia Institute of Technology), Thomas Ristenpart (Univeristy of Toronto), and Michael Specter (Georgia Institute of Technology)
- Measuring Legislature-Aligned Privacy Risks in Synthetic Graphs
Abele Mălan (University of Neuchâtel), Ahmad Al Kurdi (University of Kaiserslautern-Landau), Stefanie Roos (University of Kaiserslautern-Landau), and Lydia Chen (University of Neuchâtel)
- Di5Guise: 5G Privacy with vSIM
Shirin Ebadi (University of Colorado Boulder), Zach Moolman (University of Colorado Boulder), Tamara Lehman (University of Colorado Boulder), and Eric Keller (University of Colorado Boulder)
- Disclosure Divergence: Measuring Privacy Policy and Data Safety Misalignment at Scale
Mst Eshita Khatun (Louisiana State University), Lamine Noureddine (Louisiana State University), Sideeq Bello (Louisiana State University), and Aisha Ali-Gombe (Louisiana State University)
- SoK: Verifiable Integrity Claims for Privacy-Preserving Federated Learning
Marco Esposito (Politecnico di Milano), Andrea Rizzini (Politecnico di Milano, Horizen Labs), Tommaso Gagliardoni (Horizen Labs), and Francesco Bruschi (Politecnico di Milano)
- Breaking and (Partially) Fixing Onion Routing with Fragmentation
Daniel Schadt (Karlsruhe Institute of Technology), Christoph Coijanovic (Karlsruhe Institute of Technology), and Thorsten Strufe (Karlsruhe Institute of Technology)
- When Drones Meet Privately: Secure Coordination with 𝑡-PSI
Matteo Cornacchia (Sapienza University of Rome), Leonardo Ventura (Sapienza University of Rome), Riccardo Lazzeretti (Sapienza University of Rome), and Giulio Rigoni (Sapienza University of Rome)
- From Syntactic Matching to Taint Tracking and Back: A Comparative Study of Web Tracking Detection Techniques
Stefano Calzavara (Università Ca' Foscari Venezia), Samuele Casarin (Università Ca' Foscari Venezia & Scuola IMT Alti Studi Lucca), Marco Squarcina (TU Wien), and Matteo Maffei (TU Wien)
- The Role of Online Forums in Developer Understanding of Privacy Law - A Reddit Case Study
Sara Haghighi (University of Maine), Clark LaChance (University of Maine), Ali Pourghasemi Fatideh (University of Maine), Travis Breaux (Carnegie Mellon University), and Sepideh Ghanavati (University of Maine)
- Sensor Privacy as a Spectrum: Quantifying Privacy in Edge and Multimodal Systems through Games
Jainta Paul (University of Utah), Miles Bovero (University of Utah), Swapnil Saha (STMicroelectronics Inc.), Mahesh Chowdhary (STMicroelectronics Inc.), Pratik Soni (University of Utah), and Luis Garcia (University of Utah)
- Panoptes: Detecting Out-of-Sight Privacy Exposure in Android
Sajjad Pourali (Concordia University) and Mohammad Mannan (Concordia University)
- Training TFHE-Based Neural Networks with Approximated Floating-Point Arithmetic
Emanuele Nicoletti (Politecnico di Milano), Fabrizio Pittorino (Politecnico di Milano), Alessandro Falcetta (Politecnico di Milano), Luca Colombo (Politecnico di Milano), and Manuel Roveri (Politecnico di Milano)
- CAnonize: a Compact Anonymous Survey Protocol
Marie Lonfils (UCLouvain), Olivier Pereira (UCLouvain), Thomas Peters (UCLouvain), and Moti Yung (Google LLC - Columbia University)
- More Modalities, More Problems: Examining User Understanding of The Meta Quest Permissions Framework
Sarah Radway (Harvard University), Matthew Soto (Tufts University), Suvi Lama (University of Southern Mississippi), Carson Powers (Tufts University), and Daniel Votipka (Tufts University)
- SoK: Mapping the Privacy Landscape of Geolocation Ecosystems
Augustin Laouar (École Normale Supérieure de Lyon), Paul Lachat (INRIA), Loïc Desgeorges (Université Claude Bernard Lyon 1), Mathieu Cunche (INRIA), Vincent Roca (INRIA), Pascale Vicat-Blanc (INRIA), and Francesco Bronzino (École Normale Supérieure de Lyon / Institut universitaire de France)
- Poison to Detect: Detection of Targeted Overfitting in Federated Learning
Soumia Zohra El Mestari (University of Luxembourg), Maciej Krzysztof Zuziak (University of Leeds), and Gabriele Lenzini (University of Luxembourg)
- FHEON: A Configurable Framework for Developing Privacy-Preserving Encrypted Neural Networks
Nges Brian Njungle (Arizona State University), Erich Jahns (Arizona State University), and Michel A. Kinsy (Arizona State University)
- Revisiting Assumptions for Membership Inference on Summary Statistics
Pascal Berrang (University of Birmingham), Mark Ryan (University of Birmingham), and Kiera Wooldridge (University of Birmingham)
- Privacy Pass is Anamorphic: Practical Consequences and Attacks in the Black-box Model
Mirosław Kutyłowski (NASK National Research Institute) and Oliwer Sobolewski (NASK National Research Institute)
- FinP: Fairness-in-Privacy in Federated Learning by Addressing Disparities in Privacy Risk
Tianyu Zhao (University of California, Irvine), Mahmoud Srewa (University of California, Irvine), and Salma Elmalaki (University of California, Irvine)
- CODoH: Privacy-Preserving Caching for Oblivious DNS over HTTPS
Pankaj Niroula (William & Mary), Lily Gloudemans (William & Mary), Aashutosh Poudel (William & Mary), Collin MacDonald (William & Mary), and Stephen Herwig (William & Mary)
- Impact of Graph Structure on Membership-Inference Risk for Graph Neural Networks
Megha Khosla (Delft University of Technology)
- LLMs Leak Training Data Beyond Verbatim Memorization via Membership Decoding
Zitai Chen (National University of Singapore) and Reza Shokri (National University of Singapore)
- WebSP-Eval: Evaluating Web Agents on Website Security and Privacy Tasks
Guruprasad Viswanathan Ramesh (University of Wisconsin-Madison), Asmit Nayak (University of Wisconsin-Madison), Basieem Siddique (University of Wisconsin-Madison), and Kassem Fawaz (University of Wisconsin-Madison)