Accepted papers for PETS 2024

Issue 1

  • A Large-Scale Study of Cookie Banner Interaction Tools and their Impact on Users' Privacy
    Nurullah Demir (Institute for Internet Security & Karlsruhe Institute of Technology), Tobias Urban (Institute for Internet Security & secunet Security Networks AG), Christian Wressnegger (Karlsruhe Institute of Technology), and Norbert Pohlmann (Institute for Internet Security)
  • SoK: Data Privacy in Virtual Reality
    Gonzalo Munilla Garrido (TUM), Vivek Nair (UC Berkeley), and Dawn Song (UC Berkeley)
  • Interest-disclosing Mechanisms for Advertising are Privacy-Exposing (not Preserving)
    Yohan Beugin (University of Wisconsin-Madison) and Patrick McDaniel (University of Wisconsin-Madison)
  • "Those things are written by lawyers, and programmers are reading that." Mapping the Communication Gap Between Software Developers and Privacy Experts
    Stefan Albert Horstmann (Ruhr University Bochum), Samuel Domiks (Independent), Marco Gutfleisch (Ruhr University Bochum), Mindy Tran (Paderborn University), Yasemin Acar (Paderborn University & The George Washington University), Veelasha Moonsamy (Ruhr University Bochum), and Alena Naiakshina (Ruhr University Bochum)
  • Supporting Informed Choices about Browser Cookies: The Impact of Personalised Cookie Banners
    Tom Biselli (Technical University of Darmstadt, Science and Technology for Peace and Security (PEASEC)), Laura Utz (Technical University of Darmstadt, Science and Technology for Peace and Security (PEASEC)), and Christian Reuter (Technical University of Darmstadt, Science and Technology for Peace and Security (PEASEC))
  • Block Cookies, Not Websites: Analysing Mental Models and Usability of the Privacy-Preserving Browser Extension CookieBlock
    Lorin Schöni (ETH Zurich), Karel Kubicek (ETH Zurich), and Verena Zimmermann (ETH Zurich)
  • Mitigating Inference Risks with the NIST Privacy Framework
    Christopher B. Landis (Naval Postgraduate School) and Joshua A. Kroll (Naval Postgraduate School)
  • Why Privacy-Preserving Protocols Are Sometimes Not Enough: A Case Study of the Brisbane Toll Collection Infrastructure
    Amirhossein Adavoudi Jolfaei (University of Luxembourg), Andy Rupp (University of Luxembourg and KASTEL SRL), Stefan Schiffner (Berufliche Hochschule Hamburg (BHH)), and Thomas Engel (University of Luxembourg)
  • Generalizable Active Privacy Choice: Designing a Graphical User Interface for Global Privacy Control
    Sebastian Zimmeck (Wesleyan University), Eliza Kuller (Wesleyan University), Chunyue Ma (Wesleyan University), Bella Tassone (Wesleyan University), and Joe Champeau (Wesleyan University)
  • Opted Out, Yet Tracked: Are Regulations Enough to Protect Your Privacy?
    Zengrui Liu (Texas A&M University), Umar Iqbal (University of Washington), and Nitesh Saxena (Texas A&M University)
  • Privacy Preserving Feature Selection for Sparse Linear Regression
    Adi Akavia (University of Haifa), Ben Galili (Technion), Hayim Shaul (IBM Research), Mor Weiss (Bar Ilan University), and Zohar Yakhini (Reichman University and Technion)
  • Model-driven Privacy
    Srdan Krstic (ETH Zurich), Hoàng Bao Nguyen-Phuoc (ETH Zurich), and David Basin (ETH Zurich)
  • DP-ACT: Decentralized Privacy-Preserving Asymmetric Digital Contact Tracing
    Azra Abtahi Fahliani (Department of Electrical and Information Technology, Lund University, Lund), Mathias Payer (School of Computer and Communication Sciences, EPFL), and Amir Aminifar (Department of Electrical and Information Technology, Lund University, Lund)
  • CoStricTor: Collaborative HTTP Strict Transport Security in Tor Browser
    Killian Davitt (UCL), Dan Ristea (UCL), and Steven Murdoch (UCL)
  • DeVoS: Deniable Yet Verifiable Vote Updating
    Johannes Mueller (University of Luxembourg), Balázs Pejó (Budapest University of Technology and Economics), and Ivan Pryvalov (Brandenburgische Technische Universität Cottbus-Senftenberg)
  • Over Fences and Into Yards: Privacy Threats and Concerns of Commercial Satellites
    Rachel McAmis (University of Washington), Mattea Sim (Indiana University Bloomington), Mia Bennett (University of Washington), and Tadayoshi Kohno (University of Washington)
  • Constant-Round Private Decision Tree Evaluation for Secret Shared Data
    Nan Cheng (University of St.Gallen), Naman Gupta (IIT Delhi), Katerina Mitrokotsa (University of St.Gallen), Hiraku Morita (Aarhus University, University of Copenhagen), and Kazunari Tozawa (The University of Tokyo)
  • Data Isotopes for Data Provenance in DNNs
    Emily Wenger (University of Chicago), Xiuyu Li (UC Berkeley), Ben Zhao (University of Chicago), and Vitaly Shmatikov (Cornell Tech)
  • MAPLE: MArkov Process Leakage attacks on Encrypted Search
    Seny Kamara (MongoDB & Brown University), Abdelkarim Kati (Mohammed VI Polytechnic University), Tarik Moataz (MongoDB), Jamie DeMaria (Brown University), Andrew Park (Carnegie Mellon University), and Amos Treiber (Rohde & Schwarz Cybersecurity GmbH)
  • SocIoTy: Practical At-Home Cryptography from IoT Devices
    Tushar Jois (City College of New York), Gabrielle Beck (Johns Hopkins University), Sofia Belikovetsky (Johns Hopkins University), Joseph Carrigan (Johns Hopkins University), Alishah Chator (Boston University), Logan Kostick (Johns Hopkins University), Maximilian Zinkus (Johns Hopkins University), Gabriel Kaptchuk (University of Maryland), and Aviel D. Rubin (Johns Hopkins University)
  • Communication Breakdown: Modularizing Application Tunneling for Signaling Around Censorship
    Paul Vines (Two Six Technologies)
  • On the Quality of Privacy Policy Documents of Virtual Personal Assistant Applications
    Chuan Yan (University of Queensland), Fuman Xie (University of Queensland), Mark Huasong Meng (National University of Singapore), Yanjun Zhang (Deakin University), and Guangdong Bai (University of Queensland)
  • SEDMA: Self-Distillation with Model Aggregation for Membership Privacy
    Tsunato Nakai (Mitsubishi Electric), Ye Wang (Mitsubishi Electric Research Laboratories), Kota Yoshida (Ritsumeikan University), and Takeshi Fujino (Ritsumeikan University)
  • SoK: Metadata-Protecting Communication Systems
    Sajin Sasy (University of Waterloo) and Ian Goldberg (University of Waterloo)
  • A Cautionary Tale: On the Role of Reference Data in Empirical Privacy Defenses
    Caelin Gordon Kaplan (Inria, Université Côte d’Azur, SAP Labs France), Chuan Xu (Inria, Université Côte d’Azur), Othmane Marfoq (Inria, Université Côte d’Azur, Accenture Labs), Giovanni Neglia (Inria, Université Côte d’Azur), and Anderson Santana de Oliveira (SAP Labs France)
  • SWiSSSE: System-Wide Security for Searchable Symmetric Encryption
    Zichen Gui (ETH Zürich), Kenneth G. Paterson (ETH Zürich), Sikhar Patranabis (IBM Research India), and Bogdan Warinschi (University of Bristol/Dfinity)
  • PRIVIC: A privacy-preserving method for incremental collection of location data
    Sayan Biswas (INRIA, École polytechnique) and Catuscia Palamidessi (INRIA, École polytechnique)
  • User-controlled Privacy: Taint, Track, and Control
    François Hublet (ETH Zürich), David Basin (ETH Zürich), and Srđan Krstić (ETH Zürich)
  • SGXonerated: Finding (and Partially Fixing) Privacy Flaws in TEE-based Smart Contract Platforms Without Breaking the TEE
    Nerla Jean-Louis (University of Illinois Urbana Champaign), Yunqi Li (University of Illinois Urbana Champaign), Yan Ji (Cornell University), Harjasleen Malvai (University of Illinois Urbana Champaign), Thomas Yurek (University of Illinois Urbana Champaign), Sylvain Bellemare (IC3 (Cornell University)), and Andrew Miller (University of Illinois Urbana Champaign)
  • Tailoring Digital Privacy Education Interventions for Older Adults: A Comparative Study on Modality Preferences and Effectiveness
    Heba Aly (Clemson University), Yizhou Liu (Clemson University), Reza Ghaiumy Anaraky (New York University), Sushmita Khan (Clemson University), Moses Namara (Clemson University), Kaileigh Angela Byrne (Clemson University), and Bart Knijnenburg (Clemson University)
  • QUICKeR: Quicker Updates Involving Continuous Key Rotation
    Lawrence Lim (University of California, Santa Barbara), Wei-Yee Goh (University of California, Santa Barbara), Divyakant Agrawal (University of California, Santa Barbara), Amr El Abbadi (University of California, Santa Barbara), and Trinabh Gupta (University of California, Santa Barbara)
  • Efficiently Compiling Secure Computation Protocols From Passive to Active Security: Beyond Arithmetic Circuits
    Marina Blanton (University at Buffalo), Dennis Murphy (University at Buffalo), and Chen Yuan (Meta Inc.)
  • DeTorrent: An Adversarial Padding-only Traffic Analysis Defense
    James K Holland (University of Minnesota), Jason Carpenter (University of Minnesota), Se Eun Oh (Ewha Womans University), and Nick Hopper (University of Minnesota)
  • A False Sense of Privacy: Towards a Reliable Evaluation Methodology for the Anonymization of Biometric Data
    Simon Hanisch (Technical University Dresden), Julian Todt (Karlsruhe Institute of Technology), Jose Patino (Cerence), Nicholas Evans (EURECOM), and Thorsten Strufe (Karlsruhe Institute of Technology)
  • Cross-Contextual Examination of Older Adults' Privacy Concerns, Behaviors, and Vulnerabilities
    Yixin Zou (Max Planck Institute for Security and Privacy), Kaiwen Sun (University of Michigan), Tanisha Afnan (University of Michigan), Ruba Abu-Salma (King’s College London), Robin Brewer (University of Michigan), and Florian Schaub (University of Michigan)

Issue 2

  • Multipars: Reduced-Communication MPC over Z2k
    Sebastian Hasler (University of Stuttgart), Pascal Reisert (University of Stuttgart), Marc Rivinius (University of Stuttgart), and Ralf Küsters (University of Stuttgart)
  • Privadome: Delivery Drones and Citizen Privacy
    Gokulnath Pillai (Cerebras Systems Bangalore), Ajith Suresh (Technology Innovation Institute (TII)), Eikansh Gupta (Qualcomm Hyderabad), Vinod Ganapathy (Indian Institute of Science Bangalore), and Arpita Patra (Indian Institute of Science Bangalore)
  • Delegated Private Matching for Compute
    Dimitris Mouris (University of Delaware), Daniel Masny (Meta Inc.), Ni Trieu (Arizona State University), Shubho Sengupta (Meta Inc.), Prasad Buddhavarapu (Meta Inc.), and Benjamin Case (Meta Inc.)
  • Exploring the Privacy Experiences of Closeted Users of Online Dating Services in the US
    Elijah Bouma-Sims (Carnegie Mellon University), Sanjnah Ananda Kumar (Carnegie Mellon University), and Lorrie Cranor (Carnegie Mellon University)
  • Data Safety vs. App Privacy: Comparing the Usability of Android and iOS Privacy Labels
    Yanzi Lin (Wellesley College), Jaideep Juneja (Carnegie Mellon University), Eleanor Birrell (Pomona College), and Lorrie Faith Cranor (Carnegie Mellon University)
  • Website Data Transparency in the Browser
    Sebastian Zimmeck (Wesleyan University), Daniel Goldelman (Wesleyan University), Owen Kaplan (Wesleyan University), Logan Brown (Wesleyan University), Justin Casler (Wesleyan University), Judeley Jean-Charles (Wesleyan University), Joe Champeau (Wesleyan University), and Hamza Harkous (Google)
  • Traceable mixnets
    Prashant Agrawal (IIT Delhi), Abhinav Nakarmi (University of Michigan), Mahabir Prasad Jhanwar (Ashoka University), Subodh Vishnu Sharma (IIT Delhi), and Subhashis Banerjee (Ashoka University)
  • MixMatch: Flow Matching for Mixnet Traffic
    Lennart Oldenburg (COSIC, KU Leuven), Marc Juarez (University of Edinburgh), Enrique Argones Rúa (COSIC, KU Leuven), and Claudia Diaz (COSIC, KU Leuven, Nym Technologies SA)
  • Contextualizing Interpersonal Data Sharing in Smart Homes
    Weijia He (Dartmouth College), Nathan Reitinger (University of Maryland, College Park), Atheer Almogbil (Johns Hopkins University), Yi-Shyuan Chiang (University of Illinois Urbana-Champaign), Timothy J. Pierson (Dartmouth College), and David Kotz (Dartmouth College)
  • Differentially Private Functional Encryption
    Jasmin Zalonis (University of Mannheim), Frederik Armknecht (University of Mannheim), and Linda Scheu-Hachtel (University of Mannheim)
  • SoK: Secure Human-centered Wireless Sensing
    Wei Sun (Duke University), Tingjun Chen (Duke University), and Neil Gong (Duke University)
  • Towards Biologically Plausible and Private Gene Expression Data Generation
    Dingfan Chen (CISPA – Helmholtz Center for Information Security), Marie Oestreich (Modular High Performance Computing and Artificial Intelligence, Systems Medicine, German Center for Neurodegenerative Diseases (DZNE), Bonn), Tejumade Afonja (CISPA – Helmholtz Center for Information Security), Raouf Kerkouche (CISPA – Helmholtz Center for Information Security), Matthias Becker (Modular High Performance Computing and Artificial Intelligence, Systems Medicine, German Center for Neurodegenerative Diseases (DZNE), Bonn), and Mario Fritz (CISPA – Helmholtz Center for Information Security)
  • Extending the Security of SPDZ with Fairness
    Bart Veldhuizen (Independent researcher), Gabriele Spini (TNO), Thijs Veugen (TNO, University of Twente), and Lisa Kohl (CWI)
  • Defining and Controlling Information Leakage in US Equities Trading
    Arthur Americo (Proof Trading), Allison Bishop (Proof Trading and City College, CUNY), Paul Cesaretti (Graduate Center, CUNY and Proof Trading), Garrison Grogan (), Adam McKoy (Proof Trading), Robert Nicholas Moss (Proof Trading), Lisa Oakley (Northeastern University and Proof Trading), Marcel Ribeiro (Proof Trading), and Mohammad Shokri (Graduate Center, CUNY and Proof Trading)
  • How Does Connecting Online Activities to Advertising Inferences Impact Privacy Perceptions?
    Florian Farke (Ruhr University Bochum), David G. Balash (University of Richmond), Maximilian Golla (CISPA Helmholtz Center for Information Security), and Adam J. Aviv (The George Washington University)
  • NOTRY: Deniable messaging with retroactive avowal
    Faxing Wang (University of Melbourne), Shaanan Cohney (University of Melbourne), Riad Wahby (Carnegie Mellon University), and Joseph Bonneau (a16z crypto research)
  • Security and Privacy with Second-Hand Storage Devices: A User-centric Perspective
    Kavous Salehzadeh Niksirat (University of Lausanne / EPFL), Diana Korka (University of Lausanne), Quentin Jacquemin (University of Lausanne), Céline Vanini (University of Lausanne), Mathias Humbert (University of Lausanne), Mauro Cherubini (University of Lausanne), Sylvain Métille (University of Lausanne), and Kévin Huguenin (University of Lausanne)
  • A Bilingual Longitudinal Analysis of Privacy Policies Measuring the Impacts of the GDPR and the CCPA/CPRA
    Henry Hosseini (University of Münster), Christine Utz (CISPA Helmholtz Center for Information Security), Martin Degeling (Stiftung Neue Verantwortung), and Thomas Hupperich (University of Münster)
  • Blending Different Latency Traffic With Beta Mixing
    Iness Ben Guirat (KU Leuven), Debajyoti Das (KU Leuven), and Claudia Diaz (KU Leuven)
  • Multiparty Private Set Intersection Cardinality and Its Applications
    Jiahui Gao (Arizona State University), Ni Trieu (Arizona State University), and Avishay Yanai (VMware Research)
  • Two Steps Forward and One Step Back: The Right to Opt-out of Sale under CPRA
    Jan Charatan (Pomona College) and Eleanor Birrell (Pomona College)
  • Internet Users' Willingness to Disclose Biometric Data for Continuous Online Account Protection: An Empirical Investigation
    Florian Dehling (H-BRS University of Applied Sciences), Jan Tolsdorf (H-BRS University of Applied Sciences), Hannes Federrath (University of Hamburg), and Luigi Lo Iacono (H-BRS University of Applied Sciences)
  • StyleAdv: A Usable Privacy Framework Against Facial Recognition with Adversarial Image Editing
    Minh-Ha Le (Linköping University) and Niklas Carlsson (Linkoping University)
  • Differentially Private Ad Conversion Measurement
    John Delaney (Google), Badih Ghazi (Google Research), Charlie Harrison (Google), Christina Ilvento (Google), Ravi Kumar (Google Research), Pasin Manurangsi (Google Research), Martin Pal (Google), Karthik Prabhakar (Google), and Mariana Raykova (Google)
  • A Framework for Provably Secure Onion Routing against a Global Adversary
    Philip Scherer (Karlsruhe Institute of Technology), Christiane Weis (NEC Research Labs), and Thorsten Strufe (Karlsruhe Institute of Technology)

Issue 3

Some of these papers are accepted conditionally on approval of a shepherd.

  • PLASMA: Private, Lightweight Aggregated Statistics against Malicious Adversaries
    Dimitris Mouris (University of Delaware), Pratik Sarkar (Supra Research), and Nektarios G. Tsoutsos (University of Delaware)
  • Compact: Approximating Complex Activation Functions for Secure Computation
    Mazharul Islam (University of Wisconsin-Madison), Sunpreet S. Arora (Visa Research), Rahul Chatterjee (University of Wisconsin-Madison), Peter Rindal (Visa Research), and Maliheh Shirvanian (Netflix)
  • SoK: Can Trajectory Generation Combine Privacy and Utility?
    Erik Buchholz (UNSW Sydney), Sharif Abuadbba (CSIRO's Data61), Shuo Wang (CSIRO's Data61), Surya Nepal (CSIRO's Data61), and Salil S. Kanhere (UNSW Sydney)
  • Snail: Secure Single Iteration Localization
    James Choncholas (Georgia Institute of Technology), Pujith Kachana (Georgia Institute of Technology), André Mateus (Ericsson Research), Gregoire Phillips (Ericsson Research), and Ada Gavrilovska (Georgia Institute of Technology)
  • Physical Side-Channel Attacks against Intermittent Devices
    Muslum Ozgur Ozmen (Purdue University), Habiba Farrukh (University of California Irvine), and Z. Berkay Celik (Purdue University)
  • PrivDNN: A Secure Multi-Party Computation Framework for Deep Learning using Partial DNN Encryption
    Liangqin Ren (University of Kansas), Zeyan Liu (University of Kansas), Fengjun Li (University of Kansas), Kaitai Liang (Delft University of Technology), Zhu Li (University of Missouri--Kansas City), and Bo Luo (University of Kansas)
  • Connecting the Dots: Tracing Data Endpoints in IoT Devices
    Md Jakaria (North Carolina State University), Danny Yuxing Huang (New York University), and Anupam Das (North Carolina State University)
  • Selective Authenticated Pilot Location Disclosure for Remote ID-enabled Drones
    Pietro Tedeschi (Technology Innovation Institute (TII), Abu Dhabi, UAE), Siva Ganesh Ganti (Eindhoven University of Technology (TU/e), Eindhoven, Netherlands), and Savio Sciancalepore (Eindhoven University of Technology (TU/e), Eindhoven, Netherlands)
  • FP-tracer: Fine-grained Browser Fingerprinting Detection via Taint-tracking and Multi-level Entropy-based Thresholds
    Soumaya Boussaha (SAP Security Research), Lukas Hock (SAP Security Research), Miguel Bermejo (UC3M), Ruben Cuevas Rumin (UC3M), Angel Cuevas Rumin (UC3M), David Klein (TU Braunschweig), Martin Johns (TU Braunschweig), Luca Compagna (SAP Security Research), Daniele Antonioli (Eurecom), and Thomas Barber (SAP Security Research)
  • Crumbling Cookie Categories: Deconstructing Common Cookie Categories to Create Categories that People Understand
    Soha Jiwani (Carnegie Mellon University), Rachna Sasheendran (Carnegie Mellon University), Adhishree Abhyankar (Carnegie Mellon University), Elijah Bouma-Sims (Carnegie Mellon University), and Lorrie Cranor (Carnegie Mellon University)
  • Generational Differences in Understandings of Privacy Terminology
    Charlotte Moremen (Pomona College), Jordan Hoogsteden (Harvard Law School), and Eleanor Birrell (Pomona College)
  • PLAN: Variance-Aware Private Mean Estimation
    Martin Aumüller (IT University of Copenhagen), Christian Lebeda (BARC and IT University of Copenhagen), Boel Nelson (Aarhus University), and Rasmus Pagh (BARC and University of Copenhagen)
  • Secure Range-Searching Using Copy-And-Recurse
    Hayim Shaul (IBM Research), Eyal Kushnir (IBM Research), and Guy Moshkowich (IBM Research)
  • Efficient Issuer-Hiding Authentication, Application to Anonymous Credential
    Olivier Sanders (Orange) and Jacques Traoré (Orange)
  • Privacy-Preserving Fingerprinting Against Collusion and Correlation Threats in Genomic Data
    Tianxi Ji (Texas Tech University), Erman Ayday (Case Western Reserve University), Emre Yilmaz (University of Houston-Downtown), and Pan Li (Case Western Reserve University)
  • A Black-Box Privacy Analysis of Messaging Service Providers’ Chat Message Processing
    Robin Kirchner (TU Braunschweig), Simon Koch (TU Braunschweig), Noah Kamangar (TU Braunschweig), David Klein (TU Braunschweig), and Martin Johns (TU Braunschweig)
  • PRAC: Round-Efficient 3-Party MPC for Dynamic Data Structures
    Sajin Sasy (University of Waterloo), Adithya Vadapalli (IIT Kanpur), and Ian Goldberg (University of Waterloo)
  • What Does It Mean to Be Creepy? Responses to Visualizations of Personal Browsing Activity, Online Tracking, and Targeted Ads
    Nathan Reitinger (University of Maryland), Bruce Wen (University of Chicago), Michelle L. Mazurek (University of Maryland), and Blase Ur (University of Chicago)
  • I still know it's you! On Challenges in Anonymizing Source Code
    Micha Horlboge (TU Berlin), Erwin Quiring (Ruhr-University Bochum + ICSI), Roland Meyer (TU Braunschweig), and Konrad Rieck (TU Berlin)
  • Hawk: Accurate and Fast Privacy-Preserving Machine Learning Using Secure Lookup Table Computation
    Hamza Saleem (University of Southern California), Amir Ziashahabi (University of Southern California), Muhammad Naveed (University of Southern California), and Salman Avestimehr (University of Southern California)
  • FlashSwift: A Configurable and More Efficient Range Proof With Transparent Setup
    Nan Wang (CSIRO's Data61) and Dongxi Liu (CSIRO's Data61)
  • Anonify: Decentralized Dual-level Anonymity for Medical Data Donation
    Sarah Abdelwahab Gaballah (Ruhr University Bochum), Lamya Abdullah (Technical University of Darmstadt), Mina Alishahi (Open Universiteit), Thanh Hoang Long Nguyen (Technical University of Darmstadt), Ephraim Zimmer (Technical University of Darmstadt), Max Mühlhäuser (Technical University of Darmstadt), and Karola Marky (Ruhr University Bochum)
  • Attacking Connection Tracking Frameworks as used by Virtual Private Networks
    Benjamin Mixon-Baca (Arizona State University/Breakpointing Bad), Jeffrey Knockel (Citizen Lab), Diwen Xue (University of Michigan), Deepak Kapur (University of New Mexico), Roya Ensafi (University of Michigan), and Jed Crandall (Arizona State University)
  • Exploring Design Opportunities for Family-Based Privacy Education in Informal Learning Spaces
    Lanjing Liu (Virginia Tech), Lan Gao (University of Chicago), and Yaxing Yao (Virginia Tech)
  • SoK: Wildest Dreams: Reproducible Research in Privacy-preserving Neural Network Training
    Tanveer Khan (Tampere University), Mindaugas Budzys (Tampere University), Khoa Nguyen (Tampere University), and Antonis Michalas (Tampere University)
  • GCL-Leak: Link Membership Inference Attacks against Graph Contrastive Learning
    Xiuling Wang (Stevens Institute of Technology) and Wendy Hui Wang (Stevens Institute of Technology)
  • Privacy-Preserving Membership Queries for Federated Anomaly Detection
    Jelle Vos (Delft University of Technology), Sikha Pentyala (University of Washington Tacoma), Steven Golob (University of Washington Tacoma), Ricardo Maia (University of Washington Tacoma), Dean Kelley (University of Washington Tacoma), Zekeriya Erkin (Delft University of Technology), Martine De Cock (University of Washington Tacoma), and Anderson Nascimento (University of Washington Tacoma)
  • TMI! Finetuned Models Leak Private Information from their Pretraining Data
    John Abascal (Northeastern University), Stanley Wu (University of Chicago), Alina Oprea (Northeastern University), and Jonathan Ullman (Northeastern University)
  • CheckOut: User-Controlled Anonymization for Customer Loyalty Programs
    Matthew Gregoire (University of North Carolina at Chapel Hill), Rachel Thomas (University of North Carolina at Chapel Hill), and Saba Eskandarian (University of North Carolina at Chapel Hill)
  • MicroSecAgg: Streamlined Single-Server Secure Aggregation
    Yue Guo (JP Morgan AI Research), Antigoni Polychroniadou (JP Morgan AI Research), Elaine Shi (Carnegie Mellon University), David Byrd (Bowdoin College), and Tucker Balch (J.P. Morgan AI Research)
  • Anonymous Complaint Aggregation for Secure Messaging
    Connor Bell (University of North Carolina at Chapel Hill) and Saba Eskandarian (University of North Carolina at Chapel Hill)
  • SoK: Trusting Self-Sovereign Identity
    Evan Krul (UNSW Sydney), Hye-young Paik (UNSW Sydney), Sushmita Ruj (UNSW Sydney), and Salil S. Kanhere (UNSW Sydney)
  • SublonK: Sublinear Prover PlonK
    Arka Rai Choudhuri (NTT Research), Sanjam Garg (UC Berkeley), Aarushi Goel (NTT Research), Sruthi Sekar (UC Berkeley), and Rohit Sinha (Swirlds Inc.)
  • GenAIPABench: A Benchmark for Generative AI-based Privacy Assistants
    Aamir Hamid (University of Maryland Baltimore County), Hemanth Reddy Samidi (University of Maryland Baltimore County), Tim Finin (University of Maryland Baltimore County), Roberto Yus (University of Maryland Baltimore County), and Primal Pappachan (Portland State University)
  • Please Unstalk Me: Understanding Stalking with Bluetooth Trackers and Democratizing Anti-Stalking Protection
    Alexander Heinrich (Technische Universität Darmstadt, Secure Mobile Networking Lab), Leon Würsching (Technische Universität Darmstadt, Secure Mobile Networking Lab), and Matthias Hollick (Technische Universität Darmstadt, Secure Mobile Networking Lab)
  • FedLAP-DP: Federated Learning by Sharing Differentially Private Loss Approximations
    Hui-Po Wang (CISPA Helmholtz Center for Information), Dingfan Chen (CISPA Helmholtz Center for Information), Raouf Kerkouche (CISPA Helmholtz Center for Information), and Mario Fritz (CISPA Helmholtz Center for Information)
  • Edge Private Graph Neural Networks with Singular Value Perturbation
    Tingting Tang (University of Southern California), Yue Niu (University of Southern California), Salman Avestimehr (University of Southern California), and Murali Annavaram (University of Southern California)
  • Investigating the Effect of Misalignment on Membership Privacy in the White-box Setting
    Ana-Maria Cretu (EPFL), Daniel Jones (M365 Research), Yves-Alexandre de Montjoye (Imperial College London), and Shruti Tople (Azure Research)
  • Client-side and Server-side Tracking on Meta: Effectiveness and Accuracy
    Asmaa EL FRAIHI (CNRS, INRIA, Ecole Polytechnique), Nardjes AMIEUR (CNRS, INRIA, Ecole Polytechnique), Oana GOGA (CNRS, INRIA, Ecole Polytechnique), and Walter Rudametkin (INRIA)

Issue 4

Some of these papers are accepted conditionally on approval of a shepherd.

  • Divisible E-Cash for Billing in Private Ad Retargeting
    Kevin Liao (MIT and Harvard Law School), Henry Corrigan-Gibbs (MIT), and Dan Boneh (Stanford University)
  • Fantômas: Understanding Face Anonymization Reversibility
    Julian Todt (Karlsruhe Institute of Technology), Simon Hanisch (Technical University Dresden), and Thorsten Strufe (Karlsruhe Institute of Technology)
  • Summation-based Private Segmented Membership Test from Threshold-Fully Homomorphic Encryption
    Nirajan Koirala (University of Notre Dame), Jonathan Takeshita (University of Notre Dame), Jeremy Stevens (University of Notre Dame), and Taeho Jung (University of Notre Dame)
  • What Do Privacy Advertisements Communicate to Consumers?
    Xiaoxin Shen (Carnegie Mellon University, US), Eman Alashwali (King Abdullah University of Science and Technology (KAUST), King Abdulaziz University (KAU), Saudi Arabia, and Carnegie Mellon University (CMU), US), and Lorrie Faith Cranor (Carnegie Mellon University, US)
  • Our Data, Our Solutions: A Participatory Approach for Enhancing Privacy in Wearable Activity Tracker Third-Party Apps
    Noé Zufferey (ETH Zürich), Kavous Salehzadeh Niksirat (EPFL), Mathias Humbert (University of Lausanne), and Kévin Huguenin (University of Lausanne)
  • The Multiple Millionaires' Problem: New Algorithmic Approaches and Protocols
    Avishay Yanai and Tamir Tassa (Open University, Israel)
  • Support Personas: A Concept for Tailored Support of Users of Privacy-Enhancing Technologies
    Kilian Demuth (PEASEC - TU Darmstadt), Sebastian Linsner (PEASEC - TU Darmstadt), Tom Biselli (PEASEC - TU Darmstadt), Marc-Andre Kaufhold (PEASEC - TU Darmstadt), and Christian Reuter (PEASEC - TU Darmstadt)
  • Link Stealing Attacks Against Inductive Graph Neural Networks
    Yixin Wu (CISPA Helmholtz Center for Information Security), Xinlei He (Hong Kong University of Science and Technology (Guangzhou)), Pascal Berrang (University of Birmingham), Mathias Humbert (University of Lausanne), Michael Backes (CISPA Helmholtz Center for Information Security), Neil Gong (Duke University), and Yang Zhang (CISPA Helmholtz Center for Information Security)
  • VFLGAN: Vertical Federated Learning-based Generative Adversarial Network for Vertically Partitioned Data Publication
    Xun Yuan (National University of Singapore), Yang Yang (National University of Singapore), Prosanta Gope (University of Sheffield), Aryan Mohammadi Pasikhani (University of Sheffield), and Biplab Sikdar (National University of Singapore)
  • Privacy Protection Behaviors from a New Angle: Exploratory Analysis on a Russian Sample
    Denis Obrezkov (German National Library of Science and Technology (TIB))
  • PrivacyLens: On-Device PII Removal from RGB Images using Thermally-Enhanced Sensing
    Yasha Iravantchi (University of Michigan), Thomas Krolikowski (University of Michigan), William Wang (University of Michigan), Kang G. Shin (University of Michigan), and Alanson Sample (University of Michigan)
  • Evaluating Google's Protected Audience Protocol
    Minjun Long (University of Virginia) and David Evans (University of Virginia)
  • A Deniability Analysis of Signal’s Initial Handshake PQXDH
    Rune Fiedler (Technische Universität Darmstadt) and Christian Janson (Technische Universität Darmstadt)
  • Overprofiling Analysis on Major Internet Players
    Francisco Caravaca (Universidad Carlos III de Madrid), José González-Cabañas (UC3M-Santander Big Data Institute), Ángel Cuevas (Universidad Carlos III de Madrid; UC3M-Santander Big Data Institute), and Rubén Cuevas (Universidad Carlos III de Madrid; UC3M-Santander Big Data Institute)
  • Measuring Conditional Anonymity---A Global Study
    Pascal Berrang (), Paul Gerhart (Friedrich-Alexander-Universität Erlangen-Nürnberg), and Dominique Schröder ()
  • The Medium is the Message: How Secure Messaging Apps Leak Sensitive Data to Push Notification Services
    Nikita Samarin (University of California, Berkeley), Alex Sanchez (University of California, Berkeley), Trinity Chung (University of California, Berkeley), Akshay Dan Bhavish Juleemun (University of California, Berkeley), Conor Gilsenan (University of California, Berkeley), Nick Merrill (University of California, Berkeley), Joel Reardon (University of Calgary), and Serge Egelman (International Computer Science Institute (ICSI) and University of California, Berkeley)
  • Automatic generation of web censorship probe lists
    Jenny Tang (Carnegie Mellon University), Leo Alvarez (EPFL and CMU), Arjun Brar (Carnegie Mellon University), Nguyen Phong Hoang (University of Chicago), and Nicolas Christin (Carnegie Mellon University)
  • SIGMA: Secure GPT Inference with Function Secret Sharing
    Kanav Gupta (University of Maryland, College Park), Neha Jawalkar (Indian Institute of Science, Bangalore), Ananta Mukherjee (Microsoft Research), Nishanth Chandran (Microsoft Research), Divya Gupta (Microsoft Research), Ashish Panwar (Microsoft Research), and Rahul Sharma (Microsoft Research)
  • A Zero-Knowledge Membership Inference Attack on Aggregate Location Data
    Vincent Guan (Imperial College London), Florent Guépin (Imperial College London), Ana-Maria Cretu (EPFL), and Yves-Alexandre de Montjoye (Imperial College London)
  • Media talks Privacy: Unraveling a Decade of Privacy Discourse around the World
    Shujaat Mirza (New York University), Corban Villa (New York University Abu Dhabi), and Christina Poepper (New York University Abu Dhabi)
  • Revealing the True Cost of Locally Differentially Private Protocols: An Auditing Perspective
    Héber H. Arcolezi (Inria) and Sébastien Gambs (Université du Québec à Montréal (UQAM))
  • Honesty is the Best Policy: On the Accuracy of Apple Privacy Labels Compared to Apps' Privacy Policies
    Mir Masood Ali (University of Illinois Chicago), David G. Balash (University of Richmond), Monica Kodwani (The George Washington University), Chris Kanich (University of Illinois Chicago), and Adam J. Aviv (The George Washington University)
  • Raising the Bar: Improved Fingerprinting Attacks and Defenses for Video Streaming Traffic
    David Hasselquist (Linköping University & Sectra Communications), Ethan Witwer (Linköping University), August Carlson (Linköping University), Niklas Johansson (Linköping University & Sectra Communications), and Niklas Carlsson (Linköping University)
  • Decision-based Data Distribution (D³): Enabling Users to Minimize Data Propagation in Privacy-sensitive Scenarios
    Sebastian Linsner (PEASEC - TU Darmstadt), Kilian Demuth (PEASEC - TU Darmstadt), Marc Fischlin (Cryptoplexity - TU Darmstadt), and Christian Reuter (PEASEC - TU Darmstadt)
  • Unlinkable Policy-Compliant Signatures for Compliant and Decentralized Anonymous Payments
    Christian Badertscher (Input Output), Mahdi Sedaghat (COSIC, KU Leuven), and Hendrik Waldner (University of Maryland, College Park)
  • Subgraph Structure Membership Inference Attacks against Graph Neural Networks
    Xiuling Wang (Stevens Institute of Technology) and Wendy Hui Wang (Stevens Institute of Technology)
  • Onion Services in the Wild: A Study of Deanonymization Attacks
    Pascal Tippe (FernUniversität in Hagen) and Adrian Tippe (HTW Berlin)
  • What to Expect When You’re Accessing: An Exploration of User Privacy Rights in People Search Websites
    Kejsi Take (NYU), Jordyn Young (University of Michigan), Rasika Bhalerao (Northeastern University), Kevin Gallagher (NOVA LINCS, NOVA School of Science and Technology), Andrea Forte (University of Michigan), Damon McCoy (NYU), and Rachel Greenstadt (NYU)
  • Efficient Privacy-Preserving Machine Learning with Lightweight Trusted Hardware
    Pengzhi Huang (Cornell University), Thang Hoang (Virginia Tech), Yueying Li (Cornell University), Elaine Shi (CMU), and G. Edward Suh (Cornell University / Meta)
  • Johnny Still Can’t Opt-out: Assessing the IAB CCPA Compliance Framework
    Muhammad Abu Bakar Aziz (Northeastern University) and Christo Wilson (Northeastern University)
  • Maui: Black-Box Edge Privacy Attack on Graph Neural Networks
    Haoyu He (The George Washington University), Isaiah J. King (The George Washington University), and H. Howie Huang (The George Washington University)
  • Diversity-driven Privacy Protection Masks Against Unauthorized Face Recognition
    Ka Ho Chow (Georgia Institute of Technology), Sihao Hu (Georgia Institute of Technology), Tiansheng Huang (Georgia Institute of Technology), Fatih Ilhan (Georgia Institute of Technology), Wenqi Wei (Fordham University), and Ling Liu (Georgia Institute of Technology)
  • Sloth: Key Stretching and Deniable Encryption using Secure Elements on Smartphones
    Daniel Hugenroth (University of Cambridge), Alberto Sonnino (MystenLabs & University College London), Sam Cutler (The Guardian), and Alastair R. Beresford (University of Cambridge)
  • "My Best Friend’s Husband Sees and Knows Everything”: A Cross-Contextual and Cross-Country Approach to Understanding Smart Home Privacy
    Tess Despres (UC Berkeley), Marcelino Ayala Constantino (El Colegio de la Frontera Norte), Naomi Zacarias Lizola (El Colegio de la Frontera Norte), Gerardo Sánchez Romero (Mutua Social Research & Innovation), Shijing He (King’s College London), Xiao Zhan (King’s College London), Noura Abdi (Liverpool Hope University), Ruba Abu-Salma (King’s College London), Jose Such (King's College London & Universitat Politecnica de Valencia), and Julia Bernd (International Computer Science Institute)
  • The Devil is in the Details: Detection, Measurement and Lawfulness of Server-Side Tracking on the Web
    Imane Fouad (Inria Lille, Univ Lille,), Cristiana Santos (Utrecht University), and Pierre Laperdrix (CNRS, Univ Lille, Inria Lille)
  • Understanding Leakage in Searchable Encryption: a Quantitative Approach
    Alexandra Boldyreva (Georgia Institute of Technology), Zichen Gui (ETH Zürich), and Bogdan Warinschi (Dfinity & University of Bristol)
  • Post-quantum XML and SAML Single Sign-On
    Johannes Müller (CNRS/INRIA Nancy) and Jan Oupický (University of Luxembourg)
  • Simply tell me how - On Trustworthiness and Technology Acceptance of Attribute-Based Credentials
    Rachel Crowder (Newcastle University), George Price (Newcastle University), and Thomas Gross (Newcastle University)
  • Provable Security Analysis of Butterfly Key Mechanism Protocol in IEEE 1609.2.1 Standard
    Alexandra Boldyreva (Georgia Institute of Technology), Virendra Kumar (Qualcomm), and Jiahao Sun (Georgia Institute of Technology)
  • Computational Differential Privacy for Encrypted Databases Supporting Linear Queries
    Ferran Alborch Escobar (Orange Innovation), Sébastien Canard (Télécom Paris), Fabien Laguillaumie (Université de Montpellier), and Duong Hieu Phan (Télécom Paris)
  • Summary Reports Optimization in the Privacy Sandbox Attribution Reporting API
    Hidayet Aksu (Google), Badih Ghazi (Google Research), Pritish Kamath (Google Research), Ravi Kumar (Google Research), Pasin Manurangsi (Google Research), Adam Sealfon (Google Research), and Avinash V Varadarajan (Google)
  • Toward A Practical Multi-party Private Set Union
    Jiahui Gao (Arizona State University), Son Nguyen (Arizona State University), and Ni Trieu (Arizona State University)
  • Deniability in Automated Contact Tracing: Impossibilities and Possibilities
    Christoph U. Günther (Institute of Science and Technology Austria) and Krzysztof Pietrzak (Institute of Science and Technology Austria)
  • Scalable Metadata-Hiding for Privacy-Preserving IoT Systems
    Yunang Chen (University of Wisconsin-Madison), David Heath (University of Illinois Urbana-Champaign), Rahul Chatterjee (University of Wisconsin-Madison), and Earlence Fernandes (UC San Diego)
  • Are continuous stop-and-go mixnets provably secure?
    Debajyoti Das (KU Leuven), Claudia Diaz (KU Leuven and Nym), Aggelos Kiayias (University of Edinburgh and IOG), and Thomas Zacharias (University of Glasgow)
  • AUTOLYCUS: Exploiting Explainable Artificial Intelligence (XAI) for Model Extraction Attacks against Interpretable Models
    Abdullah Caglar Oksuz (Case Western Reserve University), Anisa Halimi (IBM Research - Dublin), and Erman Ayday (Case Western Reserve University)
  • Mastodon Administrators’ Experience with Selecting and Using Privacy Policies
    Emma Tosch (Northeastern University), Luis Garcia (Northeastern University), Cynthia Li (Independent (prev. Pomona College)), and Chris Martens (Northeastern University)
  • Provable Security for the Onion Routing and Mix Network Packet Format Sphinx
    Philip Scherer (Karlsruhe Institute of Technology), Christiane Weis (NEC Research Labs), and Thorsten Strufe (Karlsruhe Institute of Technology)