The Andreas Pfitzmann Best Student Paper Award

I had the possibility to contribute to this world that is not as it should be. I hope I could help in some areas to make the world a better place, and that I could also encourage other people to be engaged in improving the world. Please, stay engaged. This world needs you, your love, your initiative –now I cannot be part of that anymore.   — Andreas Pfitzmann

Papers written solely or primarily by a student who is presenting the work at PETS are eligible for the award. Selection criteria include reviews by the program committee, the scientific quality of the final paper, the expected impact on the field, and the quality of the presentation.


Award Chairs: Wouter Lueks (CISPA) and Nina Taft (Google)


Researchers’ Experiences in Analyzing Privacy Policies: Challenges and Opportunities
Abraham Mhaidli (University of Michigan), Selin Fidan (University of Michigan), An Doan (University of Michigan), Gina Herakovic (University of Michigan), Mukund Srinath (Penn State University), Lee Matheson (Future for Privacy Forum), Shomir Wilson (Penn State University), and Florian Schaub (University of Michigan)

Lox: Protecting the Social Graph in Bridge Distribution
Lindsey Tulloch (University of Waterloo), Ian Goldberg (University of Waterloo)

Everybody's Looking for SSOmething: A large-scale evaluation on the privacy of OAuth authentication on the web
Yana Dimova (imec-DistriNet), Tom Van Goethem (Google), and Wouter Joosen (imec-DistriNet)


Convolutions in Overdrive: Maliciously Secure Convolutions for MPC
Marc Rivinius (University of Stuttgart), Pascal Reisert (University of Stuttgart), Sebastian Hasler (University of Stuttgart), Ralf Küsters (University of Stuttgart)

Not Your Average App: A Large-scale Privacy Analysis of Android Browsers
Amogh Pradeep (Northeastern University), Álvaro Feal (IMDEA Networks Institute / Universidad Carlos III de Madrid), Julien Gamba (IMDEA Networks Institute / Universidad Carlos III de Madrid), Ashwin Rao (University of Helsinki), Martina Lindorfer (TU Wien), Narseo Vallina-Rodriguez (IMDEA Networks Institute / AppCensus Inc.), David Choffnes (Northeastern University)

Story Beyond the Eye: Glyph Positions Break PDF Text Redaction
Maxwell Bland (University of Illinois, Urbana-Champaign), Anushya Iyer (University of Illinois, Urbana-Champaign), Kirill Levchenko (University of Illinois, Urbana-Champaign)


Award Chairs: Veelasha Moonsamy and Jeremiah Blocki


CoverDrop: Blowing the Whistle Through A News App
Mansoor Ahmed-Rengers (University of Cambridge), Diana A. Vasile (University of Cambridge), Daniel Hugenroth (University of Cambridge), Alastair R. Beresford (University of Cambridge), and Ross Anderson (University of Cambridge)


ATOM: Ad-network Tomography
Maaz Bin Musa (University of Iowa) and Rishab Nithyanand (University of Iowa)

Leveraging Strategic Connection Migration-Powered Traffic Splitting for Privacy
Mona Wang (Princeton University), Anunay Kulshrestha (Princeton University), Liang Wang (Princeton University), and Prateek Mittal (Princeton University)

On Defeating Graph Analysis of Anonymous Transactions
Christoph Egger (Friedrich-Alexander-Universität Erlangen-Nürnberg), Russell W. F. Lai (Friedrich-Alexander-Universität Erlangen-Nürnberg), Viktoria Ronge (Friedrich-Alexander-Universität Erlangen-Nürnberg), Ivy K. Y. Woo (Independent), and Hoover H. F. Yin (The Chinese University of Hong Kong)


Award Chairs: Apu Kapadia and David Evans


Residue-Free Computing
Logan Arkema (Georgetown University) and Micah Sherr (Georgetown University)

Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS
Sudheesh Singanamalla (University of Washington / Cloudflare Inc.), Suphanat Chunhapanya (Cloudflare Inc.), Jonathan Hoyland (Cloudflare Inc.), Marek Vavruša (Cloudflare Inc.), Tanya Verma (Cloudflare Inc.), Peter Wu (Cloudflare Inc.), Marwan Fayed (Cloudflare Inc.), Kurtis Heimerl (University of Washington), Nick Sullivan (Cloudflare Inc.), and Christopher Wood (Cloudflare Inc.)


Fast Privacy-Preserving Punch Cards
Saba Eskandarian (Stanford University)

The CNAME of the Game: Large-scale Analysis of DNS-based Tracking Evasion
Yana Dimova (imec-DistriNet, KU Leuven), Gunes Acar (imec-COSIC, KU Leuven), Lukasz Olejnik (European Data Protection Supervisor), Wouter Joosen (imec-DistriNet, KU Leuven), and Tom Van Goethem (imec-DistriNet, KU Leuven)


Award Chairs: Nikita Borisov and Nick Hopper

Protecting Private Inputs: Bounded Distortion Guarantees With Randomised Approximations
Patrick Ah-Fat (Imperial College London) and Michael Huth (Imperial College London)

Automatic Discovery of Privacy-Utility Pareto Fronts
Brendan Avent (University of Southern California), Javier González (Amazon), Tom Diethe (Amazon), Andrei Paleyes (University of Cambridge), and Borja Balle (DeepMind)


Award Chairs: Claudia Diaz and Steven Murdoch

Cardinality Estimators do not Preserve Privacy
Damien Desfontaines (ETH Zürich / Google), Andreas Lochbihler (Digital Asset), and David Basin (ETH Zürich)

Investigating sources of PII used in Facebook’s targeted advertising
Giridhari Venkatadri (Northeastern University), Elena Lucherini (Northeastern University), Piotr Sapiezynski (Northeastern University), and Alan Mislove (Northeastern University)

On Privacy Notions in Anonymous Communication
Christiane Kuhn (TU Dresden), Martin Beck (TU Dresden), Stefan Schiffner (Université du Luxembourg), Eduard Jorswieck (TU Dresden), and Thorsten Strufe (TU Dresden)


Award Chair: Paul Syverson

NoMoAds: Effective and Efficient Cross-App Mobile Ad-Blocking
Anastasia Shuba (UC Irvine), Athina Markopoulou (UC Irvine), and Zubair Shafiq (University of Iowa)

Turtles, Locks, and Bathrooms: Understanding Mental Models of Privacy Through Illustration
Maggie Oates, Yama Ahmadullah, Abigail Marsh, Chelse Swoopes, Shikun Zhang, Rebecca Balebako, and Lorrie Cranor (Carnegie Mellon University)

Privacy Pass: Bypassing Internet Challenges Anonymously
Alex Davidson (Royal Holloway, University of London), Ian Goldberg (University of Waterloo), Nick Sullivan (Cloudflare), George Tankersley (Independent), and Filippo Valsorda (Independent)


Social Engineering Attacks on Government Opponents: Target Perspectives and Defenses
William Marczak and Vern Paxson (UC Berkeley)

Bayes, not Naïve: Security Bounds on Website Fingerprinting Defenses
Giovanni Cherubin (Royal Holloway University of London)


Are You Sure You Want to Contact Us? Quantifying the Leakage of PII via Website Contact Forms
Oleksii Starov, Phillipa Gill, and Nick Nikiforakis (Stony Brook University)

Access Denied! Contrasting Data Access in the United States and Ireland
Samuel Grogan (Queen Mary, University of London) and Aleecia M. McDonald (Non-resident Fellow, Stanford Center for Internet and Society)

Don't Interrupt Me While I Type: Inferring Text Entered Through Gesture Typing on Android Keyboards
Laurent Simon, Wenduan Xu, and Ross Anderson (University of Cambridge)


Blocking-resistant communication through domain fronting
David Fifield (University of California, Berkeley), Chang Lan (University of California, Berkeley), Rod Hynes (Psiphon Inc), Percy Wegmann (Brave New Software), and Vern Paxson(University of California, Berkeley and the International Computer Science Institute)


I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis
Brad Miller (UC Berkeley), Ling Huang (Intel Labs), A. D. Joseph (UC Berkeley) and J. D. Tygar (UC Berkeley)


How Low Can You Go: Balancing Performance with Anonymity in Tor
John Geddes (University of Minnesota, Minneapolis), Rob Jansen (U.S. Naval Research Laboratory) and Nicholas Hopper (University of Minnesota, Minneapolis)

The Path Less Travelled: Overcoming Tor's Bottlenecks with Traffic Splitting
Mashael Alsabah, Kevin Bauer, Tariq Elahi and Ian Goldberg (University of Waterloo)


Use Fewer Instances of the Letter ``i'': Toward Writing Style Anonymization
Andrew McDonald, Sadia Afroz, Aylin Caliskan, Ariel Stolerman and Rachel Greenstadt (Drexel University)


How Unique and Traceable are Usernames?
Daniele Perito, Claude Castelluccia, Mohamed Ali Kaafar, and Pere Manils (INRIA)