All Times on this page are AEST (Sydney, UTC+10)

Other timezones can be found here: UTC, UTC+1, UTC+2, UTC+3, UTC+4, UTC+5, UTC+6, UTC+7, UTC+8, UTC+9, UTC+10, UTC+11, UTC+12, UTC-1, UTC-2, UTC-3, UTC-4, UTC-5, UTC-6, UTC-7, UTC-8, UTC-9, UTC-10, UTC-11, UTC-12

Conference Schedule


Light Breakfast



8:45-13:00 Program


8:45-16:30 Program


Reception (18:00-20:00)




Opening Remarks [video]


Mini Break


Keynote: "Privacy Integrated Computing:” Cryptographic Protocols in Practice [video]

Moti Yung Abstract: The talk will cover why, when, and how to design privacy enhancing protocols for real scenarios that require care, and how to think about such scenarios within industrial settings, so as to assure successful deployment. Actual cases will be described. Bio: Moti Yung is a Security and Privacy Principal Research Scientist with Google. He got his PhD from Columbia University in 1988. Previously, he was with IBM Research, Certco, RSA Laboratories, and Snap. He is also an adjunct senior research faculty at Columbia, where he has co-advised and worked with PhD students. Among his awards: The IEEE Computer Society 2021 "Computer Pioneer Award" and 2018 "W. Wallace McDowell Award." In 2014 he received the ACM's "SIGSAC Outstanding Innovation Award," and ESORICS "Outstanding Research Award," while in 2010 he gave the IACR's Distinguished Lecture. Yung is a fellow of the ACM, IEEE, IACR, and EATCS (European Assoc. for Theoretical Computer Science). His current service includes being an editor of Springer's LNCS series, a board member of the IACR, and the president of the International Financial Cryptography Association. Yung's papers with over 365 authors broadly cover numerous areas of cryptography, privacy, and security.




Session 1A: Sentiment and Perceptions

Chair: Rachel Greenstadt 10:50–12:15 How Can and Would People Protect from Online Tracking? Maryam Mehrnezhad (Newcastle University), Kovila Coopamootoo (Newcastle University), and Ehsan Toreini (Durham University) The Effectiveness of Adaptation Methods in Improving User Engagement and Privacy Protection on Social Network Sites [video] Moses Namara (Clemson University), Henry Sloan (Binghamton University), and Bart P. Knijnenburg (Clemson University) User Perceptions of Gmail’s Confidential Mode [video] Elham Al Qahtani (University of North Carolina at Charlotte), Yousra Javed (National University of Sciences and Technology), and Mohamed Shehab (University of North Carolina at Charlotte) On the Challenges of Developing a Concise Questionnaire to Identify Privacy Personas artifact [video] Tom Biselli (PEASEC, Technical University Darmstadt), Enno Steinbrink (PEASEC, Technical University Darmstadt), Franziska Herbert (PEASEC, Technical University Darmstadt), Gina Maria Schmidbauer-Wolf (PEASEC, Technical University Darmstadt), and Christian Reuter (PEASEC, Technical University Darmstadt) Ctrl-Shift: How Privacy Sentiment Changed from 2019 to 2021 Angelica Goetzen (Max Planck Institute for Software Systems), Samuel Dooley (University of Maryland), and Elissa M. Redmiles (Max Planck Institute for Software Systems)

Session 1B: Anonymous Communication

Chair: Christiane Kuhn 10:50–12:15 CoverDrop: Blowing the Whistle Through A News App Mansoor Ahmed-Rengers (University of Cambridge), Diana A. Vasile (University of Cambridge), Daniel Hugenroth (University of Cambridge), Alastair R. Beresford (University of Cambridge), and Ross Anderson (University of Cambridge) Mixnet optimization methods artifact Iness BEN GUIRAT (imec-COSIC, KU Leuven) and Claudia Diaz (imec-COSIC, KU Leuven) OrgAn: Organizational Anonymity with Low Latency artifact [video] Debajyoti Das (KU Leuven), Easwar Vivek Mangipudi (Purdue University), and Aniket Kate (Purdue University) Learning to Behave: Improving Covert Channel Security with Behavior-Based Designs Ryan Wails (Georgetown University, U.S. Naval Research Laboratory), Andrew Stange (Georgetown University), Eliana Troper (Georgetown University), Aylin Caliskan (University of Washington), Roger Dingledine (Tor Project), Rob Jansen (U.S. Naval Research Laboratory), and Micah Sherr (Georgetown University) Leveraging Strategic Connection Migration-Powered Traffic Splitting for Privacy artifact Mona Wang (Princeton University), Anunay Kulshrestha (Princeton University), Liang Wang (Princeton University), and Prateek Mittal (Princeton University)

Session 1C: Private Set Operations

Chair: Sherman S. M. Chow (online) 10:50–12:15 Updatable Private Set Intersection [video] Saikrishna Badrinarayanan (Visa Research), Peihan Miao (University of Illinois at Chicago), and Tiancheng Xie (University of California, Berkeley) Efficient Set Membership using MPC-in-the-Head [video] Aarushi Goel (Johns Hopkins University), Matthew Green (Johns Hopkins University), Mathias Hall-Anderson (Aarhus University), and Gabriel Kaptchuk (Boston University) Fully Secure PSI via MPC-in-the-Head [video] S. Dov Gordon (George Mason University), Carmit Hazay (Bar-Ilan University), and Phi Hung Le (George Mason University) Circuit-PSI with Linear Complexity via Relaxed Batch OPPRF artifact Nishanth Chandran (Microsoft Research, India), Divya Gupta (Microsoft Research, India), and Akash Shah (Microsoft Research, India) Homomorphically counting elements with the same property [video] Ilia Iliashenko (Ciphermode Labs, imec-COSIC - KU Leuven), Malika Izabachène (Cosmian), Axel Mertens (imec-COSIC - KU Leuven), and Hilder V. L. Pereira (imec-COSIC - KU Leuven)


Lunch + time to explore Sydney on your own

Welcome to PETS Meet & Greet 12:15-13:15

Host: Susan McGregor, Track C in


Session 2A: Health, Education, and Privacy Labels

Chair: Bailey Kacsmar 15:00-16:25 Keeping Privacy Labels Honest artifact [video] Simon Koch (Technische Universität Braunschweig), Malte Wessels (Technische Universität Braunschweig), Benjamin Altpeter (Technische Universität Braunschweig), Madita Olvermann (Technische Universität Braunschweig), and Martin Johns (Technische Universität Braunschweig) How Usable Are iOS App Privacy Labels? [video] Shikun Zhang (Carnegie Mellon University), Yuanyuan Feng (University of Vermont), Yaxing Yao (University of Maryland, Baltimore County), Lorrie Faith Cranor (Carnegie Mellon University), and Norman Sadeh (Carnegie Mellon University) User-friendly yet rarely read: A case study on the redesign of an online HIPAA authorization artifact [video] Sarah Pearman (Carnegie Mellon University), Ellie Young (New College of Florida), and Lorrie Cranor (Carnegie Mellon University) Privacy-Preserving and Efficient Verification of the Outcome in Genome-Wide Association Studies artifact [video] Anisa Halimi (IBM Research Europe - Ireland), Leonard Dervishi (Case Western Reserve University), Erman Ayday (Case Western Reserve University), Apostolos Pyrgelis (EPFL), Juan Ramon Troncoso-Pastoriza (Tune Insight), Jean-Pierre Hubaux (EPFL), Xiaoqian Jiang (University of Texas, Health Science Center), and Jaideep Vaidya (Rutgers Univeristy) Understanding Utility and Privacy of Demographic Data in Education Technology by Causal Analysis and Adversarial-Censoring [video] Rakibul Hasan (CISPA Helmholtz Center for Information Security) and Mario Fritz (CISPA Helmholtz Center for Information Security)

Session 2B: Multi-Party Computation

Chair: Marcel Keller 15:00-16:25 Polymath: Low-Latency MPC via Secure Polynomial Evaluations and its Applications artifact [video] Donghang Lu (Purdue University), Albert Yu (Purdue University), Aniket Kate (Purdue University), and Hemanta Maji (Purdue University) PUBA: Privacy-Preserving User-Data Bookkeeping and Analytics Valerie Fetzer (Karlsruhe Institute of Technology, Germany), Marcel Keller (CSIRO's Data61), Sven Maier (Karlsruhe Institute of Technology, Germany), Markus Raiber (Karlsruhe Institute of Technology, Germany), Andy Rupp (University of Luxembourg), and Rebecca Schwerdt (Karlsruhe Institute of Technology, Germany) AriaNN: Low-Interaction Privacy-Preserving Deep Learning via Function Secret Sharing [video] Théo Ryffel (INRIA, DI ENS, ENS, CNRS, PSL University, Paris, France), Pierre Tholoniat (Columbia University, New York, USA), David Pointcheval (DI ENS, ENS, CNRS, PSL University, INRIA, Paris, France), and Francis Bach (INRIA, DI ENS, ENS, CNRS, PSL University, Paris, France) Towards Sparse Federated Analytics: Location Heatmaps under Distributed Differential Privacy with Secure Aggregation [video] Eugene Bagdasaryan (Cornell Tech), Peter Kairouz (Google), Stefan Mellem (Google), Adrià Gascón (Google), Kallista Bonawitz (Google), Deborah Estrin (Google), and Marco Gruteser (Google) Multiparty Reach and Frequency Histogram: Private, Secure and Practical [video] Badih Ghazi (Google), Ravi Kumar (Google), Ben Kreuter (Google), Pasin Manurangsi (Google), Jiayu Peng (Google), Evgeny Skvortsov (Google), Yao Wang (Google), and Craig Wright (Google)

Session 2C: Online Fingerprinting

Chair: Tobias Urban 15:00-16:25 OmniCrawl: Comprehensive Measurement of Web Tracking With Real Desktop and Mobile Browsers artifact [video] Darion Cassel (Carnegie Mellon University), Su-Chin Lin (National Taiwan University), Alessio Buraggina (University of Miami), William Wang (University of Chicago), Andrew Zhang (University of Illinos Urbana-Champaign), Lujo Bauer (Carnegie Mellon University), Hsu-Chun Hsiao (National Taiwan University), Limin Jia (Carnegie Mellon University), and Timothy Libert (Google) RegulaTor: A Straightforward Website Fingerprinting Defense [video] James K Holland (University of Minnesota) and Nicholas Hopper (University of Minnesota) FP-Radar: Longitudinal Measurement and Early Detection of Browser Fingerprinting [video] Pouneh Nikkhah Bahrami (University of California, Davis), Umar Iqbal (University of Iowa), and Zubair Shafiq (University of California, Davis) My Cookie is a phoenix: detection, measurement, and lawfulness of cookie respawning with browser fingerprinting [video] Imane Fouad (Univ Lille, Inria), Cristiana Santos (Utrecht University), Arnaud Legout (Inria), and Nataliia Bielova (Inria) Blocked or Broken? Automatically Detecting When Privacy Interventions Break Websites Michael Smith (University of California, San Diego), Peter Snyder (Brave Software), Moritz Haller (Brave Software), Benjamin Livshits (Imperial College London), Deian Stefan (University of California, San Diego), and Hamed Haddadi (Imperial College London \ Brave Software)




Session 3A: Pandemic Related

Chair: Debajyoti Das 16:40-18:05 Proof-of-Vax: Studying User Preferences and Perception of Covid Vaccination Certificates [video] Marvin Kowalewski (Ruhr University Bochum), Franziska Herbert (Ruhr University Bochum), Theodor Schnitzler (Ruhr University Bochum), and Markus Dürmuth (Ruhr University Bochum) Replay (Far) Away: Exploiting and Fixing Google/Apple Exposure Notification Contact Tracing artifact [video] Christopher Ellis (The Ohio State University), Haohuang Wen (The Ohio State University), Zhiqiang Lin (The Ohio State University), and Anish Arora (The Ohio State University) Privately Connecting Mobility to Infectious Diseases via Applied Cryptography artifact [video] Alexandros Bampoulidis (), Alessandro Bruni (KU Leuven), Lukas Helminger (TU Graz/Know-Center), Daniel Kales (TU Graz), Christian Rechberger (TU Graz), and Roman Walch (TU Graz/Know-Center) On the Feasibility of Linking Attack to Google/Apple Exposure Notification Framework artifact [video] Kazuki Nomoto (Waseda University), Mitsuaki Akiyama (NTT), Masashi Eto (Ministry of Internal Affairs and Communications (MIC)), Atsuo Inomata (Osaka University), and Tatsuya Mori (Waseda University/NICT/RIKEN AIP) Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing Apps artifact [video] Yucheng Yang (University of Wisconsin—Madison), Jack West (Loyola University Chicago), George K. Thiruvathukal (Loyola University Chicago), Neil Klingensmith (Loyola University Chicago), and Kassem Fawaz (University of Wisconsin—Madison)

Session 3B: Differential Privacy

Chair: Catuscia Palamidessi 16:40-18:05 Making the Most of Parallel Composition in Differential Privacy [video] Josh Smith (Data61, CSIRO), Hassan Jameel Asghar (Macquarie University and Data61, CSIRO), Gianpaolo Gioiosa (Data61, CSIRO), Sirine Mrabet (Data61, CSIRO), Serge Gaspers (University of New South Wales), and Paul Tyler (Data61, CSIRO) Privacy accounting εconomics: Improving differential privacy composition via a posteriori bounds artifact [video] Valentin Hartmann (EPFL), Vincent Bindschaedler (University of Florida), Alexander Bentkamp (Vrije Universiteit Amsterdam & State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences), and Robert West (EPFL) Connect the Dots: Tighter Discrete Approximations of Privacy Loss Distributions [video] Vadym Doroshenko (Google), Badih Ghazi (Google Research), Pritish Kamath (Google Research), Ravi Kumar (Google Research), and Pasin Manurangsi (Google Research) Differentially private partition selection artifact [video] Damien Desfontaines (Google / ETH Zürich), James Voss (Google), Bryant Gipson (Google), and Chinmoy Mandayam (Google) d3p - A Python Package for Differentially-Private Probabilistic Programming artifact Lukas Prediger (Aalto University, Finland), Niki Loppi (NVIDIA AI Technology Center, Finland), Samuel Kaski (Aalto University, Finland & University of Manchester, UK), and Antti Honkela (University of Helsinki, Finland)

Session 3C: Online Data Sharing

Chair: Rakibul Hasan 16:40-18:05 ATOM: Ad-network Tomography artifact [video] Maaz Bin Musa (University of Iowa) and Rishab Nithyanand (University of Iowa) Leave no Data Behind - Empirical Insights into Data Erasure from Online Services [video] Eduard Rupp (Technical University of Munich), Emmanuel Syrmoudis (Technical University of Munich), and Jens Grossklags (Technical University of Munich) "It Feels Like Whack-a-mole": User Experiences of Data Removal from People Search Websites [video] Kejsi Take (New York University), Kevin Gallagher (New York University), Andrea Forte (Drexel University), Damon McCoy (New York University), and Rachel Greenstadt (New York University) Who Knows I Like Jelly Beans? An Investigation Into Search Privacy [video] Daniel Kats (NortonLifeLock Research Group), Johann Roturier (NortonLifeLock Research Group), and David Silva (NortonLifeLock Research Group)




Town Hall [video]




Rump Session (sign up)




Session 4A: Regulation and Compliance

Chair: Mohammad Tahaei 10:30-11:55 Checking Websites' GDPR Consent Compliance for Marketing Emails [video] Karel Kubicek (ETH Zurich), Jakob Merane (ETH Zurich), Carlos Cotrini (ETH Zurich), Alexander Stremitzer (ETH Zurich), Stefan Bechtold (ETH Zurich), and David Basin (ETH Zurich) Setting the Bar Low: Are Websites Complying With the Minimum Requirements of the CCPA? artifact [video] Maggie Van Nortwick (Northeastern University) and Christo Wilson (Northeastern University) On dark patterns and manipulation of website publishers by CMPs Michael Toth (Inria, Univ. Grenoble Alpes), Nataliia Bielova (Inria, Université Côte d'Azur), and Vincent Roca (Inria, Univ. Grenoble Alpes) Revisiting Identification Issues in GDPR `Right Of Access' Policies: A Technical and Longitudinal Analysis Mariano Di Martino (tUL - Hasselt University, Expertise Center of Digital Media), Isaac Meers (tUL - Hasselt University, Expertise Center of Digital Media), Peter Quax (tUL - Hasselt University, Expertise Center of Digital Media, Flanders Make), Ken Andries (Hasselt University, Law Faculty), and Wim Lamotte (tUL - Hasselt University, Expertise Center of Digital Media) Investigating GDPR Fines in the Light of Data Flows [video] Marlene Saemann (Bosh), Daniel Theis (Institute for Internet Security), Martin Degeling (Ruhr University Bochum), and Tobias Urban (Institute for Internet Security & secunet Security Networks AG)

Session 4B: Smart Home

Chair: Nathan Malkin 10:30-11:55 SoK: Privacy-enhancing Smart Home Hubs [video] Igor Zavalyshyn (UCLouvain), Axel Legay (UCLouvain), Annanda Rath (Sirris), and Etienne Riviere (UCLouvain) If This Context Then That Concern: Exploring users' concerns with IFTTT applets Mahsa Saeidi (Oregon State University), McKenzie Calvert (Oregon State University), Audrey W. Au (Oregon State University), Anita Sarma (Oregon State University), and Rakesh B. Bobba (Oregon State University) A Multi-Region Investigation of Use and Perceptions of Smart Home Devices artifact [video] Patrick Bombik (Technical University of Munich), Tom Wenzel (Technical University of Munich), Jens Grossklags (Technical University of Munich), and Sameer Patil (University of Utah) Exploring the Privacy Concerns of Bystanders in Smart Homes from the Perspectives of both Owners and Bystanders [video] Ahmed Alshehri (Colorado School of Mines), Joseph Spielman (Colorado School of Mines), Amiya Prasad (Colorado School of Mines), and Chuan Yue (Colorado School of Mines) "You offer privacy like you offer tea": Investigating Mechanisms for Improving Guest Privacy in IoT-Equipped Households Karola Marky (University of Glasgow), Nina Gerber (Technical University of Darmstadt), Michelle Gabriela Pelzer (Technical University of Darmstadt), Mohamed Khamis (University of Glasgow), and Max Mühlhäuser (Technical University of Darmstadt)

Session 4C: ML and Crypto

Chair: Ryan Henry 10:30-11:55 Privacy-Preserving training of tree ensembles over continuous data [video] Samuel Adams (University of Washington Tacoma), Chaitali Choudhary (University of Washington Tacoma), Martine De Cock (University of Washington Tacoma), Rafael Dowsley (Monash University), David Melanson (University of Washington Tacoma), Anderson Nascimento (University of Washington Tacoma), Davis Railsback (University of Washington Tacoma), and Jianwei Shen (University of Arizona) XORBoost: Tree Boosting in the Multiparty Computation Setting [video] Kevin Deforth (Inpher), Marc Desgroseilliers (Inpher), Nicolas Gama (Inpher), Mariya Georgieva (Inpher), Dimitar Jetchev (Inpher), and Marius Vuille (Inpher) Pika: Secure Computation using Function Secret Sharing over Rings [video] Sameer Wagh (Devron Corporation) LLAMA: A Low Latency Math Library for Secure Inference artifact [video] Kanav Gupta (Microsoft Research), Deepak Kumaraswamy (Microsoft Research), Divya Gupta (Microsoft Research), and Nishanth Chandran (Microsoft Research) 3LegRace: Privacy-Preserving DNN Training over TEEs and GPUs [video] Yue Niu (University of Southern California), Ramy E. Ali (University of Southern California), and Salman Avestimehr (University of Southern California)


Lunch + time to explore Sydney on your own

1-on-1 Human-centered security & privacy discussion with Michelle Mazurek 12:15-13:00

Three 15-minute slots available. Email to request an online meeting!


Session 5A: Authentication and Private Systems

Chair: Wouter Lueks (online) 14:50-16:15 DALock: Password Distribution-Aware Throttling [video] Jeremiah Blocki (Purdue University) and Wuwei Zhang (Purdue University) Hidden Issuer Anonymous Credential artifact [video] Mathieu Gestin (INRIA - IRISA - Université Rennes 1), Davide Frey (INRIA - IRISA - Université Rennes 1), Guillaume Piolle (INRIA - IRISA - CentraleSupelec), and Daniel Bosk (KTH) How Not to Handle Keys: Timing Attacks on FIDO Authenticator Privacy [video] Michal Kepkowski (Macquarie University), Lucjan Hanzlik (CISPA Helmholtz Center for Information Security), Ian D. Wood (Macquarie University), and Mohamed Ali Kaafar (Macquarie University) DataProVe: Fully Automated Conformance Verification Between Data Protection Policies and System Architectures artifact [video] Vinh Thong Ta (Edge Hill University) and Max Hashem Eiza (University of Central Lancashire) Integrating Privacy into the Electric Vehicle Charging Architecture artifact [video] Dustin Kern (Darmstadt University of Applied Sciences), Timm Lauser (Darmstadt University of Applied Sciences), and Christoph Krauß (Darmstadt University of Applied Sciences)

Session 5B: Defenses for ML

Chair: Meisam Mohammady 14:50-16:15 Zen and the art of model adaptation: Low-utility-cost attack mitigations in collaborative machine learning [video] Dmitrii Usynin (Imperial College, TU Munich), Jonathan Passerat-Palmbach (Imperial College, ConsenSys Health), Georgios Kaissis (TU Munich, Imperial College), and Daniel Rueckert (TU Munich, Imperial College) Machine Learning with Differentially Private Labels: Mechanisms and Frameworks artifact [video] Xinyu Tang (Princeton University), Milad Nasr (University of Massachusetts Amherst), Saeed Mahloujifar (Princeton University), Virat Shejwalkar (University of Massachusetts Amherst), Liwei Song (Princeton University), Amir Houmansadr (University of Massachusetts Amherst), and Prateek Mittal (Princeton Univeristy) Adam in Private: Secure and Fast Training of Deep Neural Networks with Adaptive Moment Estimation Nuttapong Attrapadung (AIST), Koki Hamada (NTT), Dai Ikarashi (NTT), Ryo Kikuchi (NTT), Takahiro Matsuda (AIST), Ibuki Mishina (NTT), Hiraku Morita (University of St. Gallen), and Jacob C. N. Schuldt (AIST) Differentially Private Simple Linear Regression Daniel Alabi (Harvard University), Audra McMillan (Apple), Jayshree Sarathy (Harvard University), Adam Smith (Boston University), and Salil Vadhan (Harvard University) Masking Feedforward Neural Networks against Power Analysis Attacks artifact Konstantinos Athanasiou (Northeastern University), Thomas Wahl (Northeastern University), A. Adam Ding (Northeastern University), and Yunsi Fei (Northeastern University)

Session 5C: Specific Populations

Chair: Nathan Malkin 14:50-16:15 "We may share the number of diaper changes": A Privacy and Security Analysis of Mobile Child Care Applications [video] Moritz Gruber (AWARE7), Christian Höfig (AWARE7), Maximilian Golla (Max Planck Institute for Security and Privacy), Tobias Urban (Institute for Internet Security), and Matteo Große-Kampmann (AWARE7, Institute for Internet Security, Ruhr University Bochum) Developers Say the Darnedest Things: Privacy Compliance Processes Followed by Developers of Child-Directed Apps [video] Noura Alomar (University of California, Berkeley), and Serge Egelman (University of California, Berkeley and International Computer Science Institute) Analyzing the Monetization Ecosystem of Stalkerware [video] Cassidy Gibson (University of Florida), Vanessa Frost (University of Florida), Katie Platt (University of Florida), Washington Garcia (University of Florida), Luis Vargas (University of Florida), Sara Rampazzi (University of Florida), Vincent Bindschaedler (University of Florida), Patrick Traynor (University of Florida), and Kevin R. B. Butler (University of Florida) A Global Survey of Android Dual-Use Applications Used in Intimate Partner Surveillance artifact [video] Majed Almansoori (University of Wisconsin-Madison), Andrea Gallardo (Carnegie Mellon University), Julio Poveda (University of Maryland), Adil Ahmed (University of Wisconsin-Madison), and Rahul Chatterjee (University of Wisconsin-Madison) Employees’ privacy perceptions: exploring the dimensionality and antecedents of personal data sensitivity and willingness to disclose Jan Tolsdorf (Bonn-Rhein-Sieg University of Applied Sciences), Delphine Reinhardt (University of Göttingen), and Luigi Lo Iacono (Bonn-Rhein-Sieg University of Applied Sciences)


Boat departs from King Street Warf for Deckhouse





Welcome / Intro


Session 6A: App Privacy, Wireless Fingerprinting

Chair: Veelasha Moonsamy 8:05-9:30 Are iPhones Really Better for Privacy? A Comparative Study of iOS and Android Apps artifact [video] Konrad Kollnig (University of Oxford), Anastasia Shuba (Broadcom Inc.), Reuben Binns (University of Oxford), Max Van Kleek (University of Oxford), and Nigel Shadbolt (University of Oxford) Charting App Developers' Journey Through Privacy Regulation Features in Ad Networks [video] Mohammad Tahaei (University of Bristol), Kopo M. Ramokapane (University of Bristol), Tianshi Li (Carnegie Mellon University), Jason I. Hong (Carnegie Mellon University), and Awais Rashid (University of Bristol) "All apps do this": Comparing Privacy Concerns Towards Privacy Tools and Non-Privacy Tools for Social Media Content [video] Vanessa Bracamonte (KDDI Research, Inc), Sebastian Pape (Goethe University Frankfurt), Sascha Loebner (Goethe University Frankfurt) Privacy-Preserving Positioning in Wi-Fi Fine Timing Measurement Domien Schepers (Northeastern University) and Aanjhan Ranganathan (Northeastern University) Analyzing the Feasibility and Generalizability of Fingerprinting Internet of Things Devices artifact Dilawer Ahmed (North Carolina State University), Anupam Das (North Carolina State University), and Fareed Zaffar (Lahore University of Management Sciences)

Session 6B: Membership Privacy and Unlearning

Chair: Milad Nasr 8:05-9:30 Formalizing and Estimating Distribution Inference Risks artifact [video] Anshuman Suri (University of Virginia) and David Evans (University of Virginia) Disparate Vulnerability to Membership Inference Attacks artifact [video] Bogdan Kulynych (EPFL), Mohammad Yaghini (University of Toronto), Giovanni Cherubin (Alan Turing Institute), Michael Veale (University College London), and Carmela Troncoso (EPFL) Knowledge Cross-Distillation for Membership Privacy [video] Rishav Chourasia (NUS School of Computing), Batnyam Enkhtaivan (NEC Corporation), Kunihiro Ito (NEC Corporation), Junki Mori (NEC Corporation), Isamu Teranishi (NEC Corporation), and Hikaru Tsuchida (NEC Corporation) Athena: Probabilistic Verification of Machine Unlearning artifact David Sommer (ETH Zurich), Liwei Song (Princeton University), Sameer Wagh (Princeton University), and Prateek Mittal (Princeton University) Deletion Inference, Reconstruction, and Compliance in Machine (Un)Learning artifact [video] Ji Gao (University of Virginia), Sanjam Garg (University of California, Berkeley), Mohammad Mahmoody (University of Virginia), and Prashant Nalini Vasudevan (National University of Singapore)

Session 6C: Blockchain

Chair: Diogo Barradas (online) 8:05-9:30 SoK: Assumptions underlying Cryptocurrency Deanonymizations [video] Dominic Deuber (Friedrich-Alexander-Universität Erlangen-Nürnberg), Viktoria Ronge (Friedrich-Alexander-Universität Erlangen-Nürnberg), and Christian Rückert (Friedrich-Alexander-Universität Erlangen-Nürnberg) (ε, δ)-Indistinguishable Mixing for Cryptocurrencies [video] Foteini Baldimtzi (GMU), S. Dov Gordon (GMU), Ioanna Karantaidou (GMU), Mingyu Liang (GMU), and Mayank Varia (BU) On Defeating Graph Analysis of Anonymous Transactions artifact [video] Christoph Egger (Friedrich-Alexander-Universität Erlangen-Nürnberg), Russell W. F. Lai (Friedrich-Alexander-Universität Erlangen-Nürnberg), Viktoria Ronge (Friedrich-Alexander-Universität Erlangen-Nürnberg), Ivy K. Y. Woo (Independent), and Hoover H. F. Yin (The Chinese University of Hong Kong) Toward Uncensorable, Anonymous and Private Access Over Satoshi Blockchains [video] Ruben Recabarren (Florida International University) and Bogdan Carbunar (Florida International University) SoK: TEE-assisted Confidential Smart Contract [video] Rujia Li (Southern University of Science and Technology & University of Birmingham), Qin Wang (Swinburne University of Technology & CSIRO Data61), Qi Wang (Southern University of Science and Technology), David Galindo (University of Birmingham), and Mark Ryan (University of Birmingham)




Session 7A: Smart Devices

Chair: Rakibul Hasan 9:45-11:10 FingerprinTV: Fingerprinting Smart TV Apps artifact [video] Janus Varmarken (University of California, Irvine), Jad Al Aaraj (University of California, Irvine), Rahmadi Trimananda (University of California, Irvine), and Athina Markopoulou (University of California, Irvine) Watch Over Your TV: A Security and Privacy Analysis of the Android TV ecosystem artifact [video] Marcos Tileria (Royal Holloway, University of London) and Jorge Blasco (Royal Holloway, University of London) Building a Privacy-Preserving Smart Camera System artifact [video] Yohan Beugin (The Pennsylvania State University), Quinn Burke (The Pennsylvania State University), Blaine Hoak (The Pennsylvania State University), Ryan Sheatsley (The Pennsylvania State University), Eric Pauley (The Pennsylvania State University), Gang Tan (The Pennsylvania State University), Syed Rafiul Hussain (The Pennsylvania State University), and Patrick McDaniel (The Pennsylvania State University) Personal Information Inference from Voice Recordings: User Awareness and Privacy Concerns Jacob Leon Kröger (Technische Universität Berlin, Germany), Leon Konstantin Gellrich (Universität Potsdam, Germany), Sebastian Pape (Goethe Universität, Frankfurt, Germany), Saba Rebecca Brause (Technische Universität Berlin, Germany), Stefan Ullrich (Technische Universität Berlin, Germany) Effects of privacy permissions on user choices in voice assistant app stores Gary Liu (University of California, Berkeley) and Nathan Malkin (University of California, Berkeley & University of Maryland, College Park)

Session 7B: Zero-Knowledge and Fairness

Chair: Ryan Henry 9:45-11:10 How to prove any NP statement jointly? Efficient Distributed-prover Zero-Knowledge Protocols [video] PANKAJ DAYAMA (IBM Research), ARPITA PATRA (Indian Institute of Science Bangalore), PROTIK PAUL (Indian Institute of Science Bangalore), NITIN SINGH (IBM Research), and DHINAKARAN VINAYAGAMURTHY (IBM Research) gOTzilla: Efficient Disjunctive Zero-Knowledge Proofs from MPC in the Head, with Application to Proofs of Assets in Cryptocurrencies artifact [video] Foteini Baldimtsi (George Mason University), Panagiotis Chatzigiannis (George Mason University), S. Dov Gordon (George Mason University), Phi Hung Le (George Mason University), and Daniel McVicker (George Mason University) Polaris: Transparent Succinct Zero-Knowledge Arguments for R1CS with Efficient Verifier [video] Shihui Fu (University of Waterloo) and Guang Gong (University of Waterloo) Zswap: zk-SNARK Based Non-Interactive Multi-Asset Swaps artifact [video] Felix Engelmann (Aarhus University), Thomas Kerber (IOHK), Markulf Kohlweiss (University of Edinburgh, IOHK), and Mikhail Volkhov (University of Edinburgh) Privacy-preserving FairSwap: Fairness and Privacy Interplay artifact [video] Sepideh Avizheh (University of Calgary), Preston Haffey (University of Calgary), and Reihaneh Safavi-Naini (University of Calgary)

Session 7C: Mobile Authentication and Systems

Chair: Kassem Fawaz (online) 9:45-11:10 PrivacyScout: Assessing Vulnerability to Shoulder Surfing on Mobile Devices [video] Mihai Bâce (Institute for Visualisation and Interactive Systems, University of Stuttgart, Stuttgart, Germany), Alia Saad (HCI Group, University of Duisburg-Essen, Essen, Germany), Dr. Mohamed Khamis (University of Glasgow, Glasgow, United Kingdom), Stefan Schneegass (HCI Group, University of Duisburg-Essen, Essen, Germany), and Andreas Bulling (Institute for Visualisation and Interactive Systems, University of Stuttgart, Stuttgart, Germany) Neural Fuzzy Extractors: A Secure Way to Use Artificial Neural Networks for Biometric User Authentication [video] Abhishek Jana (Kansas State University), Bipin Paudel (Kansas State University), Md Kamruzzaman Sarker (Kansas State University), Monireh Ebrahimi (Kansas State University), Pascal Hitzler (Kansas State University), and George T Amariucai (Kansas State University) I know what you did on Venmo: Discovering privacy leaks in mobile social payments artifact [video] Rajat Tandon (University of Southern California Information Sciences Institute), Pithayuth Charnsethikul (University of Southern California Information Sciences Institute), Ishank Arora (University of Texas, Austin), Dhiraj Murthy (University of Texas, Austin), and Jelena Mirkovic (University of Southern California Information Sciences Institute) SoK: Cryptographic Confidentiality of Data on Mobile Devices [video] Maximilian Zinkus (Johns Hopkins University), Tushar M. Jois (Johns Hopkins University), and Matthew Green (Johns Hopkins University) Moby: A Blackout-resistant Anonymity Network for Mobile Devices Amogh Pradeep (Northeastern University), Hira Javaid (Northeastern University), Ryan Williams (Northeastern University), Antoine Rault (EPFL), David Choffnes (Northeastern University), Stevens Le Blond (EPFL), and Bryan Ford (EPFL)


Lunch + time to explore Sydney on your own


Session 8A: Location Privacy, Data Collection

Chair: Meisam Mohammady 14:50-16:00 In Search of Lost Utility: Private Location Data [video] Szilvia Lestyan (Budapest University of Technology), Gergely Acs (Budapest University of Technology), and Gergely Biczok (Budapest University of Technology) Collection, Usage and Privacy of Mobility Data in the Enterprise and Public Administrations [video] Alexandra Kapp (Hochschule für Technik und Wirtschaft Berlin) Private Aggregation of Trajectories [video] Badih Ghazi (Google), Neel Kamal (Google), Ravi Kumar (Google), Pasin Manurangsi (Google), and Annika Zhang (Google) Privacy-preserving High-dimensional Data Collection with Federated Generative Autoencoder [video] Xue Jiang (Technical University of Munich), Xuebing Zhou (Huawei Technologies Duesseldorf GmbH), and Jens Grossklags (Technical University of Munich)

Session 8B: Encrypted Storage and Leakage

Chair: Sushmita Ruj 14:50-16:00 Forward and Backward-Secure Range-Searchable Symmetric Encryption [video] Jiafan Wang (Chinese University of Hong Kong) and Sherman S. M. Chow (Chinese University of Hong Kong) On the Cost of Suppressing Volume for Encrypted Multi-maps [video] Megumi Ando (MITRE) and Marilyn George (Brown University) SoK: Plausibly Deniable Storage [video] Chen Chen (Stony Brook University), Xiao Liang (Stony Brook University), Bogdan Carbunar (FIU), and Radu Sion (Stony Brook University) Time- and Space-Efficient Aggregate Range Queries over Encrypted Databases [video] Zachary Espiritu (Brown University), Evangelia Anna Markatou (Brown University), and Roberto Tamassia (Brown University)

Session 8C: Tor

Chair: Roger Dingledine 14:50-16:00 MLEFlow: Learning from History to Improve Load Balancing in Tor artifact [video] Hussein Darir (University of Illinois at Urbana-Champaign), Hussein Sibai (University of Illinois at Urbana-Champaign), Chin-Yu Cheng (University of Illinois at Urbana-Champaign), Nikita Borisov (University of Illinois at Urbana-Champaign), Geir Dullerud (University of Illinois at Urbana-Champaign), and Sayan Mitra (University of Illinois at Urbana-Champaign) From "Onion Not Found" to Guard Discovery artifact [video] Lennart Oldenburg (imec-COSIC KU Leuven), Gunes Acar (imec-COSIC KU Leuven), and Claudia Diaz (imec-COSIC KU Leuven) Increasing Adoption of Tor Browser Using Informational and Planning Nudges artifact [video] Peter Story (Clark University), Daniel Smullen (Carnegie Mellon University), Rex Chen (Carnegie Mellon University), Yaxing Yao (University of Maryland, Baltimore County), Alessandro Acquisti (Carnegie Mellon University), Lorrie Faith Cranor (Carnegie Mellon University), Norman Sadeh (Carnegie Mellon University), and Florian Schaub (University of Michigan) Trace Oddity: Methodologies for Data-Driven Traffic Analysis on Tor artifact [video] Vera Rimmer (KU Leuven), Theodor Schnitzler (Ruhr-University Bochum), Tom Van Goethem (KU Leuven), Abel Rodríguez Romero (KU Leuven), Wouter Joosen (KU Leuven), and Katharina Kohls (Radboud University)




Session 9A: Deanonymization

Chair: Guillermo Suarez-Tangil 16:15-17:25 Towards Improving Code Stylometry Analysis in Underground Forums [video] Michal Tereszkowski-Kaminski (King's College London), Sergio Pastrana (Universidad Carlos III de Madrid), Jorge Blasco (Royal Holloway, University of London), and Guillermo Suarez-Tangil (IMDEA Networks Institute and King's College London) A novel reconstruction attack on foreign-trade official statistics, with a Brazilian case study [video] Danilo Fabrino Favato (Universidade Federal de Minas Gerais), Gabriel de Morais Coutinho (Universidade Federal de Minas Gerais), Mário S. Alvim (Universidade Federal de Minas Gerais), and Natasha Fernandes (Macquarie University) If You Like Me, Please Don’t "Like" Me: Inferring Vendor Bitcoin Addresses From Positive Reviews artifact Jochen Schäfer (University of Mannheim), Christian Müller (University of Mannheim), and Frederik Armknecht (University of Mannheim) Flexible and scalable privacy assessment for very large datasets, with an application to official governmental microdata artifact [video] Mário S. Alvim (Department of Computer Science, UFMG), Natasha Fernandes (School of Computing, Macquarie University), Annabelle McIver (School of Computing, Macquarie University), Carroll Morgan (UNSW and Data61), and Gabriel H. Nunes (Department of Computer Science, UFMG)

Session 9B: Biometrics and ML Attacks

Chair: Alptekin Küpçü (online) 16:15-17:25 Adversarial Images Against Super-Resolution Convolutional Neural Networks for Free [video] Arezoo Rajabi (University of Washington), Mahdieh Abbasi (Universté Laval), Rakesh B. Bobba (Oregon State University), and Kimia Tajik (Case Western Reserve University) User-Level Label Leakage from Gradients in Federated Learning [video] Aidmar Wainakh (Technical University of Darmstadt), Fabrizio Ventola (Technical University of Darmstadt), Till Müßig (Technical University of Darmstadt), Jens Keim (Technical University of Darmstadt), Carlos Garcia Cordero (Technical University of Darmstadt), Ephraim Zimmer (Technical University of Darmstadt), Tim Grube (Technical University of Darmstadt), Kristian Kersting (Technical University of Darmstadt), and Max Mühlhäuser (Technical University of Darmstadt) Comprehensive Analysis of Privacy Leakage in Vertical Federated Learning During Prediction [video] Xue Jiang (Technical University of Munich), Xuebing Zhou (Huawei Technologies Duesseldorf GmbH), and Jens Grossklags (Technical University of Munich) Ulixes: Facial Recognition Privacy with Adversarial Machine Learning [video] Thomas Cilloni (University of Mississippi), Wei Wang (Xi'an Jiaotong-Liverpool University), Charles Walter (University of Mississippi), and Charles Fleming (University of Mississippi)

Session 9C: Visualization, Audit, Advice

Chair: Sze Yiu Chau (online) 16:15-17:25 Visualizing Privacy-Utility Trade-Offs in Differentially Private Data Releases artifact [video] Priyanka Nanayakkara (Northwestern University), Johes Bater (Duke University), Xi He (University of Waterloo), Jessica Hullman (Northwestern University), and Jennie Rogers (Northwestern University) SoK: SCT Auditing in Certificate Transparency Sarah Meiklejohn (Google), Joe DeBlasio (Google), Devon O'Brien (Google), Chris Thompson (Google), Kevin Yeo (Google), and Emily Stark (Google) ZoomP3: Privacy-Preserving Publishing of Online Video Conference Recordings [video] Yuanyi Sun (Penn State University), Sencun Zhu (Penn State University), and Yu Chen (Binghamton University, SUNY) Understanding Privacy-Related Advice on Stack Overflow [video] Mohammad Tahaei (University of Bristol), Tianshi Li (Carnegie Mellon University), and Kami Vaniea (University of Edinburgh)




Awards Ceremony (with drinks!) [video]


Closing Remarks [video]


LGBTQI+ Affinity Meetup!

18:30-19:30 Hosts: Rebekah Overdorf and Carmela Troncoso, Track C in


Social Coffee Hour with Light Breakfast


Opening/Keynote: Sex, Work, and Technology: Lessons for Internet Governance & Digital Safety [video]

Elissa M. Redmiles Abstract: Sex workers sit at the intersection of multiple marginalized identities and make up a sizable workforce: the UN estimates that at least 42 million sex workers are conducting business across the globe. Sex workers face a unique and significant set of digital, social, political, legal, and safety risks; yet their digital experiences have received little study in the CS and HCI literature. In this talk we will review findings from four years of research we have conducted with sex workers on their use of technology to conduct business, the multifaceted safety risks they face, and their carefully curated strategies for online and offline safety. Drawing on these findings, we will discuss open questions in internet governance, digital discrimination, and safety protections for marginalized and vulnerable users whose experiences bisect the digital and physical. Bio: Dr. Elissa M. Redmiles is a faculty member and research group leader at the Max Planck Institute for Software Systems. She uses computational, economic, and social science methods to understand users’ security, privacy, and online safety-related decision-making processes. Her work has been recognized with multiple paper awards at USENIX Security, ACM CCS and ACM CHI and has been featured in popular press publications such as the New York Times, Wall Street Journal, Scientific American, Rolling Stone, Wired, Business Insider, and CNET. Dr. Redmiles will be a Visiting Scholar at the Berkman Klein Center for Internet & Society at Harvard University for the 2022-2023 academic year and has additionally served as a consultant and researcher at multiple institutions, including Microsoft Research, Facebook, the World Bank, the Center for Democracy and Technology, and the University of Zurich.




Discussion: Novel methods to teach foreign ideas in information security to the public

Discussion Lead: Ali Parsaee


Discussion: Improving Usability of Internet Censorship Data through a Censorship Dashboard

Discussion Lead: Ramakrishnan Sundara Raman

Project website, Request access




Invitied Talk: Learning from Low-Tech PETS [video]

Susan McGregor Abstract: Long before the advent of digital computing, individuals and communities have found ways to both keep information private - and share it with specific groups. This talk will review examples of these (mostly) pre-digital technologies, to see how historical PETS can help us think more creatively about the PETS that people want and need, even today.


Lunch + Ice Cream + time to explore Sydney on your own


Afternoon Opening


Invitied Talk: The Right To Ask project [video]

Vanessa Teague Abstract: Right To Ask is an open-source Australian project designed to help people raise and focus political questions. The questions are intended to be either answered by members of parliament, or raised in parliament or committees. Participants can up-vote (or downvote by dismissing) questions, allowing us to sort them by popularity. The difficult part is protecting the privacy of individuals' up-voting patterns. Although we can use some of the techniques from cryptographic election protocols, the ongoing nature of the vote aggregation, and the fact that people may only respond to a small subset of the questions, means that traditional notions of vote privacy are not enough.

Joint work with a large number of colleagues, friends and volunteers.


Discussion: More than informed: Why rational decision-making for privacy matters

Discussion Lead: Anna Leschanowsky




Discussion: Biometrics in Humanitarian Aid: Blessing or Curse?

Discussion Lead: Wouter Lueks


Discussion: Privacy Preserving Telemetry in Reality, an illusion bound to silicon?

Discussion Lead: Antonio Nappa




Keynote: "Each of us is a micro-media": citizen mobilisation as digital media practices in the context of Russia's war in Ukraine [video]

Tanya Lokot Abstract: In participatory warfare, opportunities for participating in conflicts are greatly expanded, often through networked means. Russia's ongoing war in Ukraine has been characterised by high levels of social media use – and media activity – by governments, military actors, media outlets, and ordinary citizens. Ukrainian citizens in particular have relied on the openness and power of horizontal networks to mobilise for collective action away from or alongside centralised authority. On social media, this activity has manifested as a range of digital media practices, both strategic and impromptu ones. The resulting assemblage of practices includes (re)framing and articulating messages; privacy and security practices; crowdsourcing resources and expertise; and prebunking and debunking activity. I argue that in a complex environment where the realities of war mix with platform algorithms, state disinformation, and mainstream media logics, these digitally mediated "micro-media" practices can act as drivers of democracy, resistance, and resilience - and therefore demand greater scholarly attention and understanding. Bio: Dr Tanya (Tetyana) Lokot is Associate Professor in Digital Media and Society at the School of Communications in Dublin City University, Ireland. She researches threats to digital rights, networked authoritarianism, digital resistance, internet freedom, and internet governance in Eastern Europe. She is the author of Beyond the Protest Square: Digital Media and Augmented Dissent(Rowman & Littlefield, 2021), an in-depth study of protest and digital media in Ukraine and Russia.


PETS Hike - Wattamolla to Garie Beach

8:00-17:00 Please see the hike page for full details, including map, schedule, and tips on what to bring and wear.