All times on this page are BST (Bristol, UK, UTC+1)
Other timezones can be found here: UTC, UTC+1, UTC+2, UTC+3, UTC+4, UTC+5, UTC+6, UTC+7, UTC+8, UTC+9, UTC+10, UTC+11, UTC+12, UTC-1, UTC-2, UTC-3, UTC-4, UTC-5, UTC-6, UTC-7, UTC-8, UTC-9, UTC-10, UTC-11, UTC-12
Conference Schedule
Workshops
FOCI Room: Main lecture theater 9:00-17:30 Program18:00
8:30
Opening Remarks (Main)
9:00
Keynote:
Natalia Bielova, Inria Centre at Université Côte d'Azur Room: Main10:00
Break (Humanities Foyer)
10:30
Session 1A: Biometrics and People Fingerprints
10:30-12:00 Internet Users' Willingness to Disclose Biometric Data for Continuous Online Account Protection: An Empirical Investigation I still know it's you! On Challenges in Anonymizing Source Code Artifact: Available User-Controlled Privacy: Taint, Track, and Control Artifact: Reproduced Privacy-Preserving Fingerprinting Against Collusion and Correlation Threats in Genomic Data Towards Biologically Plausible and Private Gene Expression Data Generation A False Sense of Privacy: Towards a Reliable Evaluation Methodology for the Anonymization of Biometric DataSession 1B: ML and AI (I)
10:30-12:00 Data Isotopes for Data Provenance in DNNs Artifact: Available PrivDNN: A Secure Multi-Party Computation Framework for Deep Learning using Partial DNN Encryption Artifact: Reproduced SoK: Wildest Dreams: Reproducible Research in Privacy-preserving Neural Network Training Link Stealing Attacks Against Inductive Graph Neural Networks Subgraph Structure Membership Inference Attacks against Graph Neural Networks Maui: Black-Box Edge Privacy Attack on Graph Neural NetworksSession 1C: Tracing and Tracking
10:30-12:00 DP-ACT: Decentralized Privacy-Preserving Asymmetric Digital Contact Tracing Deniability in Automated Contact Tracing: Impossibilities and Possibilities Divisible E-Cash for Billing in Private Ad Retargeting Why Privacy-Preserving Protocols Are Sometimes Not Enough: A Case Study of the Brisbane Toll Collection Infrastructure Artifact: Reproduced Attacking Connection Tracking Frameworks as used by Virtual Private Networks Artifact: Reproduced Please Unstalk Me: Understanding Stalking with Bluetooth Trackers and Democratizing Anti-Stalking Protection12:00
Lunch (Humanities Foyer)
13:30
Session 2A: Understanding Users (I)
13:30-15:00 What Does It Mean to Be Creepy? Responses to Visualizations of Personal Browsing Activity, Online Tracking, and Targeted Ads Artifact: Reproduced Exploring the Privacy Experiences of Closeted Users of Online Dating Services in the US Data Safety vs. App Privacy: Comparing the Usability of Android and iOS Privacy Labels How Does Connecting Online Activities to Advertising Inferences Impact Privacy Perceptions? "Those things are written by lawyers, and programmers are reading that." Mapping the Communication Gap Between Software Developers and Privacy Experts Mastodon Administrators’ Experience with Selecting and Using Privacy PoliciesSession 2B: Mixing, Intersections, and Unions
13:30-15:00 Are continuous stop-and-go mixnets provably secure? Provable Security for the Onion Routing and Mix Network Packet Format Sphinx Traceable mixnets Artifact: Reproduced Toward A Practical Multi-party Private Set Union MixMatch: Flow Matching for Mixnet Traffic Artifact: Available Multiparty Private Set Intersection Cardinality and Its ApplicationsSession 2C: Devices and TEEs
13:30-15:00 Security and Privacy with Second-Hand Storage Devices: A User-Centric Perspective from Switzerland Efficient Privacy-Preserving Machine Learning with Lightweight Trusted Hardware Privadome: Delivery Drones and Citizen Privacy Sloth: Key Stretching and Deniable Encryption using Secure Elements on Smartphones SGXonerate:Finding (and Partially Fixing) Privacy Flaws in TEE-based Smart Contract Platforms Without Breaking the TEE Physical Side-Channel Attacks against Intermittent Devices15:00
Break (Humanities Foyer)
15:30
Session 3A: Cookies
15:30-17:00 A Large-Scale Study of Cookie Banner Interaction Tools and their Impact on Users' Privacy Artifact: Available Supporting Informed Choices about Browser Cookies: The Impact of Personalised Cookie Banners Artifact: Available Block Cookies, Not Websites: Analysing Mental Models and Usability of the Privacy-Preserving Browser Extension CookieBlock Artifact: Available Crumbling Cookie Categories: Deconstructing Common Cookie Categories to Create Categories that People Understand Generalizable Active Privacy Choice: Designing a Graphical User Interface for Global Privacy Control Artifact: Available Opted Out, Yet Tracked: Are Regulations Enough to Protect Your Privacy?Session 3B: Data Privacy
15:30-17:00 FedLAP-DP: Federated Learning by Sharing Differentially Private Loss Approximations Revealing the True Cost of Locally Differentially Private Protocols: An Auditing Perspective A Cautionary Tale: On the Role of Reference Data in Empirical Privacy Defenses Artifact: Reproduced SoK: Data Privacy in Virtual Reality Computational Differential Privacy for Encrypted Databases Supporting Linear Queries Differentially Private Functional EncryptionSession 3C: IoT
15:30-17:00 Our Data, Our Solutions: A Participatory Approach for Enhancing Privacy in Wearable Activity Tracker Third-Party Apps Scalable Metadata-Hiding for Privacy-Preserving IoT Systems Connecting the Dots: Tracing Data Endpoints in IoT Devices "My Best Friend's Husband Sees and Knows Everything": A Cross-Contextual and Cross-Country Approach to Understanding Smart Home Privacy SocIoTy: Practical Cryptography in Smart Home Contexts Artifact: Reproduced Contextualizing Interpersonal Data Sharing in Smart Homes17:00
Town Hall (Main)
9:00
Keynote: Building User-Centred Privacy Enhancing Technologies
Hamed Haddadi, Imperial College London Room: Main 9:00-10:00 Abstract: Researchers and industry practitioners have been building privacy-preserving analytics, data collection, and telemetry techniques for over a decade. However, the rise of interests of the tech industry in consumer analytics and the appetite of governments in citizen surveillance have led to a dichotomy between data collection, privacy, and providing data agency to the individuals. In this walk I will present an overview of the latest techniques and tools for private analytics, their dual-use nature, and potential solutions in designing technologies that caters for, and serve the individual users of modern systems. Bio: Hamed is the Professor of Human-Centred Systems at the Department of Computing at Imperial College London. He also serves as a Security Science Fellow of the Institute for Security Science and Technology. In his industrial role, he is the Chief Scientist at Brave Software where he works on developing privacy-preserving analytics protocols. He is interested in User-Centred Systems, IoT, Applied Machine Learning, and Data Security & Privacy. He enjoys designing and building systems that enable better use of our digital footprint, while respecting users' privacy. https://haddadi.github.io/about/10:00
Break (Humanities Foyer)
10:30
Session 4A: Censorship
10:30-12:00 Automatic generation of web censorship probe lists Communication Breakdown: Modularizing Application Tunneling for Signaling Around Censorship A Framework for Provably Secure Onion Routing against a Global Adversary Onion Services in the Wild: A Study of Deanonymization Attacks CoStricTor: Collaborative HTTP Strict Transport Security in Tor Browser Artifact: Reproduced DeTorrent: An Adversarial Padding-only Traffic Analysis Defense Artifact: AvailableSession 4B: ML and AI (II)
10:30-12:00 GenAIPABench: A Benchmark for Generative AI-based Privacy Assistants Artifact: Available Edge Private Graph Neural Networks with Singular Value Perturbation GCL-Leak: Link Membership Inference Attacks against Graph Contrastive Learning TMI! Finetuned Models Leak Private Information from their Pretraining Data Privacy Preserving Feature Selection for Sparse Linear Regression Artifact: Available Model-driven Privacy Artifact: ReproducedSession 4C: Regulation and Policies
10:30-12:00 A Bilingual Longitudinal Analysis of Privacy Policies Measuring the Impacts of the GDPR and the CCPA/CPRA Two Steps Forward and One Step Back: The Right to Opt-out of Sale under CPRA What to Expect When You're Accessing: An Exploration of User Privacy Rights in People Search Websites Defining and Controlling Information Leakage in US Equities Trading Artifact: Reproduced Honesty is the Best Policy: On the Accuracy of Apple Privacy Labels Compared to Apps' Privacy Policies Mitigating Inference Risks with the NIST Privacy Framework12:00
Lunch (Humanities Foyer)
13:30
Session 5A - Analyses and Key Rotation
13:30-14:00 QUICKeR: Quicker Updates Involving Continuous Key Rotation Artifact: Available Provable Security Analysis of Butterfly Key Mechanism Protocol in IEEE 1609.2.1 StandardSession 5B - Human Privacy
13:30-14:00 Anonify: Decentralized Dual-level Anonymity for Medical Data Donation Artifact: Reproduced SoK: Secure Human-centered Wireless SensingSpeed Mentoring (Info and signups)
14:00
BoFs 1
14:00
BoFs 2
15:00
Break (Humanities Foyer)
15:30
Session 6A: Understanding Users (II)
15:30-17:00 Privacy Protection Behaviors from a New Angle: Exploratory Analysis on a Russian Sample Media talks Privacy: Unraveling a Decade of Privacy Discourse around the World Generational Differences in Understandings of Privacy Terminology Tailoring Digital Privacy Education Interventions for Older Adults: A Comparative Study on Modality Preferences and Effectiveness Cross-Contextual Examination of Older Adults' Privacy Concerns, Behaviors, and Vulnerabilities Exploring Design Opportunities for Family-Based Privacy Education in Informal Learning SpacesSession 6B: Multiparty Computation
15:30-17:00 The Multiple Millionaires' Problem: New Algorithmic Approaches and Protocols Efficiently Compiling Secure Computation Protocols From Passive to Active Security: Beyond Arithmetic Circuits Artifact: Reproduced Summation-based Private Segmented Membership Test from Threshold-Fully Homomorphic Encryption Multipars: Reduced-Communication MPC over Z2k Artifact: Reproduced PRAC: Round-Efficient 3-Party MPC for Dynamic Data Structures Artifact: Reproduced Extending the Security of SPDZ with FairnessSession 6C: Location Privacy
15:30-17:00 PRIVIC: A privacy-preserving method for incremental collection of location data Artifact: Available Snail: Secure Single Iteration Localization Artifact: Reproduced Over Fences and Into Yards: Privacy Threats and Concerns of Commercial Satellites Selective Authenticated Pilot Location Disclosure for Remote ID-enabled Drones A Zero-Knowledge Membership Inference Attack on Aggregate Location Data SoK: Can Trajectory Generation Combine Privacy and Utility? Artifact: Reproduced17:00
Poster Session (Humanities Gallery)
19:00
9:00
Keynote 3: Title
Roya Ensafi, University of Michigan Room: Main10:00
Break (Humanities Foyer)
10:30
Session 7A: Advertising
10:30-1200 Summary Reports Optimization in the Privacy Sandbox Attribution Reporting API Differentially Private Ad Conversion Measurement Johnny Still Can't Opt-out: Assessing the IAB CCPA Compliance Framework Evaluating Google's Protected Audience Protocol What Do Privacy Advertisements Communicate to Consumers? CheckOut: User-Controlled Anonymization for Customer Loyalty Programs Artifact: ReproducedSession 7B: ML and AI (III)
10:30-12:00 Hawk: Accurate and Fast Privacy-Preserving Machine Learning Using Secure Lookup Table Computation SIGMA: Secure GPT Inference with Function Secret Sharing Privacy-Preserving Membership Queries for Federated Anomaly Detection SEDMA: Self-Distillation with Model Aggregation for Membership Privacy AUTOLYCUS: Exploiting Explainable Artificial Intelligence (XAI) for Model Extraction Attacks against Interpretable Models VFLGAN: Vertical Federated Learning-based Generative Adversarial Network for Vertically Partitioned Data PublicationSession 7C: Private Computing
10:30-12:00 PLASMA: Private, Lightweight Aggregated Statistics against Malicious Adversaries Artifact: Reproduced Compact: Approximating Complex Activation Functions for Secure Computation Constant-Round Private Decision Tree Evaluation for Secret Shared Data Artifact: Available Blending Different Latency Traffic With Beta Mixing DeVoS: Deniable Yet Verifiable Vote Updating Artifact: Reproduced Delegated Private Matching For Compute Artifact: Reproduced12:00
Lunch (Humanities Foyer)
13:30
Session 8A: Tracking
13:30-15:00 Interest-disclosing Mechanisms for Advertising are Privacy-Exposing (not Preserving) Artifact: Reproduced The Devil is in the Details: Detection, Measurement and Lawfulness of Server-Side Tracking on the Web Client-side and Server-side Tracking on Meta: Effectiveness and Accuracy FP-tracer: Fine-grained Browser Fingerprinting Detection via Taint-tracking and Multi-level Entropy-based Thresholds Overprofiling Analysis on Major Internet PlayersSession 8B: Credentials, Signatures, and Sign-on
13:30-15:00 Simply tell me how - On Trustworthiness and Technology Acceptance of Attribute-Based Credentials Compact Issuer-Hiding Authentication, Application to Anonymous Credential Support Personas: A Concept for Tailored Support of Users of Privacy-Enhancing Technologies Unlinkable Policy-Compliant Signatures for Compliant and Decentralized Anonymous Payments SoK: Trusting Self-Sovereign Identity Post-quantum XML and SAML Single Sign-OnSession 8C: Potpourri
13:30-15:00 FlashSwift: A Configurable and More Efficient Range Proof With Transparent Setup On the Quality of Privacy Policy Documents of Virtual Personal Assistant Applications Artifact: Reproduced SublonK: Sublinear Prover PlonK Investigating the Effect of Misalignment on Membership Privacy in the White-box Setting Artifact: Reproduced Measuring Conditional Anonymity---A Global Study Decision-based Data Distribution (D³): Enabling Users to Minimize Data Propagation in Privacy-sensitive Scenarios15:00
Break (Humanities Foyer)
15:30
Rump Session (Main)
16:30
Session 9A: Messaging
16:30-18:00 SoK: Metadata-Protecting Communication Systems The Medium is the Message: How Secure Messaging Apps Leak Sensitive Data to Push Notification Services A Deniability Analysis of Signal’s Initial Handshake PQXDH Anonymous Complaint Aggregation for Secure Messaging A Black-Box Privacy Analysis of Messaging Service Providers' Chat Message Processing Artifact: Available NOTRY: Deniable messaging with retroactive avowal Artifact: ReproducedSession 9B:Faces, Images, and the Web
16:30-18:00 Diversity-driven Privacy Protection Masks Against Unauthorized Face Recognition Fantômas: Understanding Face Anonymization Reversibility Website Data Transparency in the Browser Artifact: Available Raising the Bar: Improved Fingerprinting Attacks and Defenses for Video Streaming Traffic StyleAdv: A Usable Privacy Framework Against Facial Recognition with Adversarial Image Editing Artifact: Available PrivacyLens: On-Device PII Removal from RGB Images using Thermally-Enhanced SensingSession 9C: Search and Aggregation
16:30-18:00 Understanding Leakage in Searchable Encryption: a Quantitative Approach MAPLE: MArkov Process Leakage attacks on Encrypted Search Artifact: Reproduced PLAN: Variance-Aware Private Mean Estimation MicroSecAgg: Streamlined Single-Server Secure Aggregation SWiSSSE: System-Wide Security for Searchable Symmetric Encryption Artifact: Reproduced Secure Range-Searching Using Copy-And-Recurse18:15
Closing Remarks (Main)
18:30
Awards Reception (Humanities Foyer)
9:00
Opening Remarks
9:10
Session A
Room: Main 9:10–10:30 Online advice following disruptive events: A case study on TikTok and reproductive privacy Okay, so you’ve got a PET? That don’t impress me much Raising Awareness of the Privacy and Safety Challenges Faced by Smart Home Product Teams in Non-WEIRD Countries10:30
Break (Humanities Foyer)
11:00
Keynote: Measuring and mitigating risks with online advertising and micro-targeting
Oana Goga, CNRS Room: Main 11:00–12:00 Abstract: In this talk, I will discuss risks associated with online advertising and micro-targeting and present methodological approaches for measuring and mitigating these risks. I will provide insights from some of our latest results on political ad micro-targeting, marketing to children, and exposure to misinformation. I will discuss how our measurement studies informed European lawmaking, how citizens can help, and how laws can help detection algorithms. Bio: Oana Goga is a tenured research scientist at the French National Center for Scientific Research (CNRS), and a member of the Inria CEDAR team and the Laboratoire d’Informatique d’Ecole Polytechnique (LIX). She investigates risks for humans and society brought by online platforms and their deployments of AI, such as advertising technologies. She looks at risks ranging from privacy to disinformation and manipulation to child protection. Her research is interdisciplinary, and she works with economists, social scientists, and legal scholars. Her work has influenced European law, and she has served as an external expert for the European Commission on problems related to data access in the Digital Services Act (DSA). She received the Lovelace-Babbage Award from the French Science Academy and the French Computer Society in 2023, the CNRS Bronze Medal in 2024, and she received an ERC Starting Grant in 2022 that aims to measure and mitigate the impact of AI-driven information targeting. Her research received several awards, including the Honorable Mention Award at The Web Conference in 2020 and the CNIL-Inria Award for Privacy Protection 2020.12:00
Lunch (Humanities Foyer)
13:30
Session B
Room: Main 13:30–15:00 The fine art of opening shady documents Automating the discovery and reverse-engineering of proprietary cryptography in popular Chinese applications Looking back at the impacts of Tor's end-of-life policy15:00
Ice Cream! (Humanities Foyer)
15:30
Session C
Room: Main 15:30-16:30 Automated Enforcement, Monitoring, and Satisfaction of Notices, Consents, and Controls The Need for a (Research) Sandstorm through the Privacy Sandbox16:30
Closing Remarks and Award
PETS Hike
Info coming soon!
