All times on this page are MDT (Calgary, Canada, UTC-6)

Other timezones can be found here: UTC, UTC+1, UTC+2, UTC+3, UTC+4, UTC+5, UTC+6, UTC+7, UTC+8, UTC+9, UTC+10, UTC+11, UTC+12, UTC-1, UTC-2, UTC-3, UTC-4, UTC-5, UTC-6, UTC-7, UTC-8, UTC-9, UTC-10, UTC-11, UTC-12

Conference Schedule

8:00

Breakfast (provided)

Room: TI Atrium, seating outdoors and in Caribou, TI-160

Breakfast (provided)

Room: TI Atrium, seating outdoors and in Caribou, TI-160 9:00-09:30

FOCI

Room: Caribou, TI-160 9:30-12:00 Program

Policy-Relevant Privacy Research Workshop

Room: Beaver, TI-110 9:00-12:00 Program

12:00

Lunch (provided)

Room: TI Atrium, seating outdoors and in Caribou TI-160

FOCI

Room: Caribou, TI-160 13:00-17:00 Program

Policy-Relevant Privacy Research Workshop

Room: Beaver, TI-110 13:00-17:00 Program

17:00

Games

Room: TI lawn outside

18:00

Opening Reception (refreshments and food trucks)

Room: TI Atrium, ENG and TI greenspaces

7:30

Breakfast (provided)

Room: ENG greenspace (TI Atrium as contingency), seating outdoors and in Caribou

8:30

Opening Remarks

Room: TI Atrium

9:00

Keynote: Privacy and Ads on the Emerging Agentic Web

Franziska Roesner Chair: Gunes Acar Room: Moose, ENA201 9:00-10:00 Abstract: Over the last two or more decades, a key privacy issue on the web has been the collection and use of data in the context of targeted advertising. Members of the computer security and privacy research community (and adjacent communities) have done substantial work over that time to characterize (and improve) this ecosystem and its risks, including: assessing the privacy implications of online tracking and ad targeting, studying problematic (e.g., manipulative or adversarial) ad content and ad targeting, and exploring privacy-preserving ad mechanisms. In this talk, I will first overview research findings and ecosystem developments around privacy and the online advertising ecosystem up until now. Then, I will look to the future in this era of generative AI, considering how tracking and advertising may manifest in the emerging “agentic web” — in which users interact substantially with AI agents, and agents interact directly with other web content — and how the landscape of privacy and related risks may evolve. Bio: Franziska (Franzi) Roesner is the Brett Helsel Professor in the Paul G. Allen School of Computer Science & Engineering at the University of Washington, where she co-directs the Security and Privacy Research Lab. Her research focuses broadly on computer security and privacy for end users of existing and emerging technologies. Her work has studied topics including online tracking and advertising, security and privacy for marginalized and/or vulnerable user groups, security and privacy in emerging augmented reality (AR) and IoT platforms, and online trust and safety. She is the recipient of a Google Security and Privacy Research Award and a Google Research Scholar Award, a Consumer Reports Digital Lab Fellowship, an MIT Technology Review "Innovators Under 35" Award, an Emerging Leader Alumni Award from the University of Texas at Austin, and an NSF CAREER Award. She has received paper awards or runners-up at the USENIX Security Symposium, the IEEE Symposium on Security & Privacy, the Internet Measurement Conference, the WebConf, the Annual Privacy Forum, and the CHI Conference on Human Factors in Computing Systems; as well as Test of Time Awards at NSDI, the IEEE Symposium on Security & Privacy, and USENIX Security. She currently serves on the USENIX Security steering committee. She received her PhD from the University of Washington in 2014 and her BS from UT Austin in 2008.

10:00

Break

Room: TI Atrium, seating outdoors and in Caribou, TI-160

10:30

Best Student Paper Session

Chair: Nick Hopper Room: Moose, ENA201 10:30-12:00 Evaluating connection migration based QUIC censorship circumvention Seungju Lee (Princeton University), Mona Wang (Princeton University), Watson Jia (Princeton University), Qiang Wu (GFW Report), Henry Birge-Lee (Princeton University), Liang Wang (Princeton University), Prateek Mittal (Princeton University) No Privacy for Privates: How Military Communities Experience and Perceive the Privacy Risks of Military-Marketed Mobile Apps Joshua Shinkle (Purdue University), Chandrika Mukherjee (Purdue University), Abdullah Imran (Purdue University), Arjun Arunasalam (Florida International University), Donna Artusy (Army Cyber Institute), Antonio Bianchi (Purdue University), Z. Berkay Celik (Purdue University), Alexander Master (United States Military Academy) Cryptographically-Secured Domain Validation Grace H. Cimaszewski (Princeton University), Henry Birge-Lee (Princeton University), Cyrill Krähenbühl (Princeton University), Liang Wang (Princeton University), Aaron Gable (Lets Encrypt), Prateek Mittal (Princeton University) EXADPrinter: Semi-Exhaustive Permissionless Device Fingerprinting Within the Android Ecosystem Sihem Bouhenniche (Univ. Lille, CNRS, Inria), Pierre Laperdrix (Univ. Lille, CNRS, Inria), Walter Rudametkin (Univ. Rennes, CNRS, Inria) SoK: Offline Finding Protocols for Lightweight Location Tracking Akshaya Kumar (Georgia Institute of Technology), Carolina Ortega Pérez (Cornell University), Joseph Jaeger (Georgia Institute of Technology), Thomas Ristenpart (University of Toronto), Michael Specter (Georgia Institute of Technology)

12:00

Lunch (provided)

Room: TI Atrium, seating outdoors and in Caribou TI-160

13:30

Session 1A: Cryptographic Tools for Privacy 1

Chair: Alishah Chator Room: Alpaca, TI-140 13:30-15:00 When Drones Meet Privately: Secure Coordination with 𝑡-PSI Matteo Cornacchia (Sapienza University of Rome), Leonardo Ventura (Sapienza University of Rome), Riccardo Lazzeretti (Sapienza University of Rome), Giulio Rigoni (Sapienza University of Rome) When Threshold Meets Anamorphic Signatures: What is Possible and What is Not! Hien Chu (TU Wien), Khue Do (CISPA Helmholtz Center for Information Security), Lucjan Hanzlik (CISPA Helmholtz Center for Information Security), Sri AravindaKrishnan Thyagarajan (University of Sydney) CAnonize: a Compact Anonymous Survey Protocol Marie Lonfils (UCLouvain), Olivier Pereira (UCLouvain), Thomas Peters (UCLouvain), Moti Yung (Google LLC - Columbia University) Practical Semi-Open Chat Groups for Secure Messaging Applications Alex Davidson (LASIGE, Universidade de Lisboa), Luiza Soezima (Aarhus University), Fernando Virdia (University of Surrey) Privacy Pass is Anamorphic: Practical Consequences and Attacks in the Black-box Model Mirosław Kutyłowski (NASK National Research Institute), Oliwer Sobolewski (NASK National Research Institute)

Session 1B: Traffic Analysis

Chair: Aaron Johnson Room: Beaver, TI-110 13:30-15:00 Website fingerprinting on Nym: Attacks and Defenses Eric Jollès (EPFL), Simon Wicky (Nym Technologies), Ania M. Piotrowska (Nym Technologies), Harry Halpin (Nym Technologies), Carmela Troncoso (EPFL & MPI-SP) Ephemeral Network-Layer Fingerprinting Defenses Tobias Pulls (Karlstad University), Topi Korhonen (Independent), Ethan Witwer (Linköping University), Niklas Carlsson (Linköping University) Dodge: A Client-Side Framework for Application-Layer Video Fingerprinting Defenses Ethan Witwer (Linköping University), David Hasselquist (Linköping University, Sectra Communications), Tobias Pulls (Karlstad University), Niklas Carlsson (Linköping University) What-App? App usage detection using encrypted LTE/5G traffic Jinjin WANG (University of Birmingham), Zishuai Cheng (Beijing University of Posts and Telecommunications), Mihai Ordean (University of Birmingham), Baojiang Cui (Beijing University of Posts and Telecommunications) More Space, Less Privacy? Measuring the Effectiveness of IP-based Website Fingerprinting in IPv6 Sumeer Ahmad (Stony Brook University), Michalis Polychronakis (Stony Brook University), Theophilus A. Benson (Carnegie Mellon University), Nguyen Phong Hoang (University of British Columbia) PriVA-C: Defending Voice Assistants from Fingerprinting Attacks Dilawer Ahmed (North Carolina State University), Aafaq Sabir (North Carolina State University), Ahsan Zafar (North Carolina State University), Anupam Das (North Carolina State University)

Session 1C: User Privacy Expectations and Norms 1

Chair: Sepideh Ghanavati Room: Caribou, TI-160 13:30-15:00 Bot Among Us: Exploring User Awareness and Privacy Concerns About Chatbots in Group Chats Kai-Hsiang Chou (National Taiwan University), Yi-An Wang (National Taiwan University), Chong Kai Lau (National Taiwan University), Mahmood Sharif (Tel Aviv University), Hsu-Chun Hsiao (National Taiwan University) Are Bite-Size Data Safety Details a Healthy Diet for Android Telehealth App Users? Impacts of Privacy Nutrition Labels on Users' Privacy Perceptions Alisa Frik (International Computer Science Institute), Subham Mitra (University of California, Berkeley), Priyasha Chatterjee (Max Planck Institute for Security and Privacy), Julia Bernd (International Computer Science Institute) “I don’t think it needs to be political”: Privacy Experiences and Concerns of FemHealth App Users in the United States Ina Kaleva (King's College London), Alisa Frik (International Computer Science Institute), Lisa Malki (University College London), Mark Warner (University College London), Ruba Abu-Salma (King's College London) “I Just Press Allow”: Understanding Privacy Practices of New Internet Users in Urban India Priyanka Chowdary Popuri (BITS Pilani, Hyderabad), Srishti Sanghi (The University of Sydney), Sri Lekha Mondreti (BITS Pilani, Hyderabad), Dipanjan Chakraborty (BITS Pilani, Hyderabad) "Alexa, Do Not Say That in Front of my Boss!" A Cross-Cultural Comparison of User and AI Preferences for Privacy-Aware Smart Speaker Interactions Across Contexts Lynne Warin (University of Göttingen), Tony Tang (Singapore Management University), Emily Aurelia (Singapore Management University), Archan Misra (Singapore Management University), Delphine Reinhardt (University of Göttingen)

Session 1D: Web Privacy

Chair: Yohan Beugin Room: Moose, ENA201 13:30-15:00 The Empire Strikes Back (at Your Privacy): An Archaeology of Tracking on Government Websites Sachin Kumar Singh (University of Utah), Faisal Mahmud (New York University Abu Dhabi), Robert Ricci (University of Utah), Sandra Siby (New York University Abu Dhabi) OAuthHub: Mitigating OAuth Data Overaccess through a Local Data Hub Qiyu Li (University of California, San Diego), Yuhe Tian (University of California, San Diego), Haojian Jin (University of California, San Diego) The Masks We (Think We) Wear: Privacy Threats of Browser-Extension Wallets in the Web3 Ecosystem Weihong Wang (DistriNet, KU Leuven), Yana Dimova (DistriNet, KU Leuven), Victor Vansteenkiste (DistriNet, KU Leuven), Tom Van Goethem (DistriNet, KU Leuven), Tom Van Cutsem (DistriNet, KU Leuven) From Syntactic Matching to Taint Tracking and Back: A Comparative Study of Web Tracking Detection Techniques Stefano Calzavara (Università Ca' Foscari Venezia), Samuele Casarin (Università Ca' Foscari Venezia & Scuola IMT Alti Studi Lucca), Marco Squarcina (TU Wien), Matteo Maffei (TU Wien) Clicking into Exposure: Uncovering Privacy Risks of Google Click Identifier in YouTube Ads Ha Dao (MPI-INF), Abhishek Shinde (Saarland University), Sana Athar (MPI-INF), Devashish Gosain (IIT Bombay)

15:00

Break

Room: TI Atrium, seating outdoors and in Caribou TI-160

15:30

Session 2D: Information Leakage

Chair: Anupam Das Room: Moose, ENA201 15:30-17:00 Making Sense of Private Advertising: A Principled Approach to a Complex Ecosystem Kyle Hogan (MIT), Alishah Chator (Boston University), Gabriel Kaptchuk (University of Maryland), Mayank Varia (Boston University), Srinivas Devadas (MIT) Sensor Privacy as a Spectrum: Quantifying Privacy in Edge and Multimodal Systems through Games Jainta Paul (University of Utah), Miles Bovero (University of Utah), Swapnil Saha (STMicroelectronics Inc.), Mahesh Chowdhary (STMicroelectronics Inc.), Pratik Soni (University of Utah), Luis Garcia (University of Utah) Measuring Legislature-Aligned Privacy Risks in Synthetic Graphs Abele Mălan (University of Neuchâtel), Ahmad Al Kurdi (University of Kaiserslautern-Landau), Stefanie Roos (University of Kaiserslautern-Landau), Lydia Chen (University of Neuchâtel) Pseudonymity at Risk: Linkage Attacks on Blockchain Users with Off-Chain Cues Alexander Smirnov (Technische Universität Berlin), Stefan Schmid (Technische Universität Berlin), Friedhelm Victor (TRM Labs) Privacy Attacks on Matrix Profiles based on Reconstruction Techniques Haoying Zhang (Insa-CVL), Nicolas Anciaux (Inria), Benjamin Nguyen (Insa-CVL), Fabien GIRARD (ENSTA Paris), Jose Maria de Fuentes (UC3M), Adrien Boiret (Insa-CVL) SilhouetteTell: Practical Video Identification Leveraging Blurred Recordings of Video Subtitles Guanchong Huang (University of Oklahoma), Song Fang (University of Oklahoma)

Session 2B: Federated Learning

Chair: Rebekah Overdorf Room: Beaver, TI-110 15:30-17:00 AI-in-the-Loop: Privacy Preserving Real-Time Scam Detection and Conversational Scambaiting by Leveraging LLMs and Federated Learning Ismail Hossain (University of Texas at El Paso), Sai Puppala (Southern Illinois University Carbondale), Md Jahangir Alam (University of Texas at El Paso), Sajedul Talukder (University of Texas at El Paso) Secure and Privacy-Preserving Vertical Federated Learning Shan Jin (Visa Research), Sai Rahul Rachuri (Visa Research), Yizhen Wang (Visa Research), Anderson C.A. Nascimento (Visa Research), Yiwei Cai (Visa Research) SoK: Verifiable Integrity Claims for Privacy-Preserving Federated Learning Marco Esposito (Politecnico di Milano), Andrea Rizzini (Politecnico di Milano, Horizen Labs), Tommaso Gagliardoni (Horizen Labs), Francesco Bruschi (Politecnico di Milano) Poison to Detect: Detection of Targeted Overfitting in Federated Learning Soumia Zohra El Mestari (University of Luxembourg), Maciej Krzysztof Zuziak (University of Leeds), Gabriele Lenzini (University of Luxembourg) FinP: Fairness-in-Privacy in Federated Learning by Addressing Disparities in Privacy Risk Tianyu Zhao (University of California, Irvine), Mahmoud Srewa (University of California, Irvine), Salma Elmalaki (University of California, Irvine)

Session 2C: Censorship

Chair: Tobias Pulls Room: Caribou, TI-160 15:30-17:00 Obscura: Enabling Ephemeral Proxies for Traffic Encapsulation in WebRTC Media Streams Against Cost-Effective Censors Afonso Vilalonga (NOVA LINCS, NOVA School of Science and Technology), Kevin Gallagher (NOVA LINCS, NOVA School of Science and Technology), João S. Resende (Universidade do Porto), Henrique Domingos (NOVA LINCS, NOVA School of Science and Technology) CensorLess: Cost-Efficient Censorship Circumvention Through Serverless Cloud Functions Dayeon Kang (University of Massachusetts Amherst), Jade Sheffey (University of Massachusetts Amherst), Mingshi Wu (GFW Report), Pubali Datta (University of Massachusetts Amherst), Amir Houmansadr (University of Massachusetts Amherst) Banned Books: Analysis of Censorship on Amazon.com Jeffrey Knockel (Bowdoin College / Citizen Lab, University of Toronto), Jakub Dałek (Citizen Lab, University of Toronto), Noura Aljizawi (Citizen Lab, University of Toronto), Mohamed Ahmed (Citizen Lab, University of Toronto), Levi Meletti (Citizen Lab, University of Toronto), Justin Lau (Citizen Lab, University of Toronto) Troll Patrol: Anonymous User Reporting of Bridge Censorship Vecna (University of Waterloo), Ian Goldberg (University of Waterloo) Precarious But Active: A Look At Privacy Behaviors in Chinese Transformative Fandom on a Censored and Surveilled Internet Kelly Wang (Northeastern University), Ruochen Liu (Northeastern University), Ada Lerner (Northeastern University), Abigail Marsh (Macalester College), Tianshi Li (Northeastern University)

Session 2A: Policy, Regulation, Compliance

Chair: Shaanan Cohney Room: Alpaca, TI-140 15:30-17:00 A Year Under the DSA: Ad Transparency’s Uneven Landscape Abir Benzaamia (LIX, CNRS, Inria, École Polytechnique, IP Paris), Asmaa El fraihi (LIX, CNRS, Inria, École Polytechnique, IP Paris), Ines Abdelaziz (LIX, CNRS, Inria, École Polytechnique, IP Paris), Oana Goga (LIX, CNRS, Inria, École Polytechnique, IP Paris) Exercising the CCPA Opt-out Right on Android: Legally Mandated but Practically Challenging Sebastian Zimmeck (Wesleyan University), Nishant Aggarwal (Wesleyan University), Zachary Liu (Wesleyan University), Sage Altman (Wesleyan University), Konrad Kollnig (Law & Tech Lab, Maastricht University) The TCF doesn’t really A(A)ID – Automatic Privacy Analysis and Legal Compliance of TCF-based Android Applications Victor Morel (Chalmers University of Technology), Cristiana Santos (Utrecht University), Pontus Carlsson (Chalmers University of Technology), Joel Ahlinder (Chalmers University of Technology), Romaric Duvignau (Chalmers University of Technology) Overcoming Language Barriers: Multilingual Analysis of the 2023 Swiss Privacy Law's Impact Luka Nenadic (ETH Zurich), David Rodriguez (Information Processing and Telecommunications Center, Universidad Politécnica de Madrid, ETSI Telecomunicación), Joseph A. Calandrino (Carnegie Mellon University) The Role of Online Forums in Developer Understanding of Privacy Law - A Reddit Case Study Sara Haghighi (University of Maine), Clark LaChance (University of Maine), Ali Pourghasemi Fatideh (University of Maine), Travis Breaux (Carnegie Mellon University), Sepideh Ghanavati (University of Maine)

17:00

Mini Break

17:10

Calgary surprise

17:20

Future PETS Directions

Chair: PETS 2026 and 2027 Program Chairs Room: Moose/ENA Atrium (immediately outside Moose)

17:40

Mini Rump Session

Chair: Roger Dingledine and Wouter Lueks Room: Moose, ENA201 With invited season rump session presenters. Informal lightning talks about any topic. Any attendee can present. Sign up with Roger or Wouter.

18:00

Optional led excursions (on your own). See registration desk on Monday and Tuesday for signup options

8:00

Breakfast (provided)

Room: TI Atrium, seating outdoors and in Caribou TI-160

9:00

Keynote: Autocratic AI: The Frontier AI Trilemma and the Case for a Privacy-Preserving Freedom Stack

John Scott Railton Chair: Rob Jansen Room: Moose, ENA201 9:00-10:00 Abstract: The 2011 Arab Spring caught autocrats by surprise. Then, they evolved. Today, they’ve co-opted social media and internet infrastructure to surveil and repress civil society. Now, the activists, journalists and dissidents we work with are already pervasively using AI. And autocrats are seeking to respond. They are preparing to exploit AI hyperscalers’ reliance on state-regulated resources, from chips and electricity to land use and market access, as well as dependency on sovereign wealth funds. From the 2026 Anthropic order by the US Commerce Department, leading to frontier models being taken down, to China’s comprehensive AI frameworks, government pressure on the AI sector is growing fast in democracies and autocracies alike. Big companies face a frontier AI trilemma, and must choose only two of the following: global market access, very broad safety compliance, or serving inference without state censorship or monitoring. Today, the conditions that some states attach to 'safety' compliance and market access increasingly appear as a pretext for censorship and monitoring, which precludes unrestricted inference. Combined with competitive pressure, I believe this will push companies to sacrifice unrestricted inference, and embrace broad state demands, framed as comprehensive 'safety frameworks' that subtly conflate legitimate harm reduction with political censorship and monitoring. Such frameworks will offer all autocrats and democracies a tempting fast-track to censorship and surveillance. Unlike traditional censorship methods and blocking, these will be subtle, personalized steering, and resistant to systematic observation and evidence-driven accountability. And the surveillance, unlike mercenary spyware, won’t leave traces on devices. To counter this, we must build a freedom stack requiring precisely the technologies that this community specializes in: a friendly and resilient ecosystem of private, secure inference with minimal-trust architectures and technical guarantees that operators cannot inspect or filter prompts. Its layers include open-weight and open-source models running in trusted execution environments (TEEs) or on user-controlled devices, seamless migration paths for existing AI users, great user experiences, and rigorous research and testing of models for political censorship and security risks. We must push back on the dynamics, however well-intentioned, that concentrate all AI capability in entities vulnerable to state coercion. Bio: John Scott-Railton is an expert on spyware, phishing, and information operations. As Senior Researcher at the Citizen Lab he leads the Targeted Threats team, collaborating with at-risk individuals and partners around the world to expose abuses. For more than fifteen years he has worked on collaborative investigations tracking and exposing digital attacks targeting people because of who they are, what they do, or what they say. He has testified to lawmakers in the U.S., Italy, Poland and the European parliament on the threats posed by spyware proliferation to national security and human rights. He was the Founding Editor of the Security Planner, now operated by Consumer Reports, which provides personalized expert security advice. He has also worked on ensuring connectivity in conflicts, including ensuring the free and secure flow of information during wartime. For example, he co-founded the Voices Projects, which helped bypass internet shutdowns in Egypt and Libya. He is a past fellow at Google Ideas / Jigsaw at Alphabet where he worked on products like the Phishing Quiz.

10:00

Break

Room: TI Atrium, seating outdoors and in Caribou, TI-160

10:30

Session 3D: Language Models 1

Chair: Konrad Kollnig Room: Moose, ENA201 10:30-12:00 Privacy Bias in Language Models: A Contextual Integrity-based Auditing Metric Yan Shvartzshnaider (York University), Vasisht Duddu (University of Waterloo) When Tables Leak: Attacking String Memorization in LLM-Based Tabular Data Generation Joshua Ward (University of California Los Angeles), Bochao Gu (University of California Los Angeles), Chi-Hua Wang (University of California Los Angeles), Guang Cheng (University of California Los Angeles) Operationalizing the Motivated Intruder: A Codebook-Guided Inference Framework for Semantic Input Privacy in LLMs Michael Maximilian Grötzner (FernUniversität in Hagen), Pascal Tippe (FernUniversität in Hagen) LLMs Leak Training Data Beyond Verbatim Memorization via Membership Decoding Zitai Chen (National University of Singapore), Reza Shokri (National University of Singapore)

Session 3B: Homomorphic Encryption

Chair: Alex Davidson Room: Beaver, TI-110 10:30-12:00 Pirouette: Query Efficient Single-Server PIR Jiayi Kang (COSIC, KU Leuven), Leonard Schild (COSIC, KU Leuven) Secure Change-Point Detection for Time Series under Homomorphic Encryption Federico Mazzone (University of Twente), Giorgio Micali (University of Twente), Massimiliano Pronesti (IBM Research Europe) POPPY: Scalable and Secure Spectral Centrality for Distributed Graphs via Homomorphic Encryption Claire Guichemerre (Université de Rennes, CNRS, IRISA), Tristan Allard (Université de Rennes, CNRS, IRISA), Sofiane Azogagh (Université du Québec à Montréal), Marc-Olivier Killijian (Université du Québec à Montréal), Sébastien Gambs (Université du Québec à Montréal), Amr El Abbadi (University of California, Santa Barbara) Training TFHE-Based Neural Networks with Approximated Floating-Point Arithmetic Emanuele Nicoletti (Politecnico di Milano), Fabrizio Pittorino (Politecnico di Milano), Alessandro Falcetta (Politecnico di Milano), Luca Colombo (Politecnico di Milano), Manuel Roveri (Politecnico di Milano)

Session 3C: Human-centered Privacy

Chair: Ha Dao Room: Caribou, TI-160 10:30-12:00 ReporTor: Facilitating User Reporting of Issues Encountered in Naturalistic Web Browsing via the Tor Browser Nicholas Micallef (Swansea University), Cameron Cartier (Black Hills Information Security), Kevin Gallagher (NOVA LINCS, NOVA School of Science and Technology), Lucas Zagal (University of Utah), Sameer Patil (University of Utah) How Experts Personalize Privacy & Security Advice for At-Risk Users Wentao Guo (University of Maryland), Alexander Yang (University of Maryland), Nathan Malkin (New Jersey Institute of Technology), Michelle L. Mazurek (University of Maryland) Cultivating a Tech-Safety Mindset using Game-Based Learning for Defending against Technology-Facilitated Abuse Majed Almansoori (University of Wisconsin–Madison and United Arab Emirates University (UAEU)), Chirag Ghosh (Indian Institute of Technology, Kharagpur), Sarita Singh (Indian Institute of Technology, Kharagpur), Rahul Chatterjee (University of Wisconsin–Madison), Mainack Mondal (Indian Institute of Technology, Kharagpur) Location-Enhanced Information Flow for Home Automations McKenna McCall (Colorado State University), Ben Weinshel (Carnegie Mellon University), Kunlin Cai (University of California, Los Angeles), Ying Li (University of California, Los Angeles), Eric Zeng (Georgetown University), Devika Manohar (Carnegie Mellon University), Lujo Bauer (Carnegie Mellon University), Limin Jia (Carnegie Mellon University), Yuan Tian (University of California, Los Angeles) "Because I didn't touch these and even don't know why I should to change these": Why App Developers Do (Not) Update Apple's Privacy Labels Arwa Alsahdi (The George Washington University), Jialiang Yan (The George Washington University), Monica Kodwani (The George Washington University), Matthias Fassl (The George Washington University), Chris Kanich (University of Illinois Chicago), Adam J. Aviv (The George Washington University)

Session 3A: Anonymous Communications

Chair: Paul Syverson Room: Alpaca, TI-140 10:30-12:00 CoinJoin ecosystem insights for Wasabi 1.x, Wasabi 2.x and Whirlpool coordinator-based privacy mixers Petr Svenda (Masaryk University, CZ), Jiří Gavenda (Masaryk University, CZ), Vasilios Mavroudis (Turing Institute, UK), Chris Hicks (Turing Institute, UK) Access Granted, Privacy Lost: Formalizing & Quantifying the Hidden Anonymity Risks of Exclusive-Use Systems Christopher Ellis (Ohio State University), Zhiqiang Lin (Ohio State University) Waterfall: A Capsule-Based Framework for Evaluating Traffic Watermarking in Anonymity Systems Dimitri Mankowski (Ruhr University Bochum), Eduard Marin (Telefonica Research), Nuno Santos (INESC-ID / Instituto Superior Técnico, University of Lisbon), Veelasha Moonsamy (Ruhr University Bochum) Breaking and (Partially) Fixing Onion Routing with Fragmentation Daniel Schadt (Karlsruhe Institute of Technology), Christoph Coijanovic (Karlsruhe Institute of Technology), Thorsten Strufe (Karlsruhe Institute of Technology) CODoH: Privacy-Preserving Caching for Oblivious DNS over HTTPS Pankaj Niroula (William & Mary), Lily Gloudemans (William & Mary), Aashutosh Poudel (William & Mary), Collin MacDonald (William & Mary), Stephen Herwig (William & Mary) Maude-HCS: Model Checking the Undetectability-Performance Tradeoffs in Hidden Communication Systems Joud Khoury (RTX BBN Technologies), Minyoung Kim (SRI International), Christophe Merlin (RTX BBN Technologies), Jose Meseguer (University of Illinois at Urbana-Champaign), Zachary Ratliff (Harvard University), Carolyn Talcott (SRI International)

12:00

Lunch (provided)

Room: TI Atrium, seating outdoors and in Caribou TI-160

13:30

Session 4D: Differential Privacy 1

Chair: Sébastien Gambs Room: Moose, ENA201 13:30-15:00 Dropout-Robust Mechanisms for Differentially Private and Fully Decentralized Mean Estimation César Sabater (INSA Lyon), Sonia Ben Mokhtar (INSA Lyon, CNRS), Jan Ramon (INRIA Lille) Frequency Estimation of Correlated Multi-attribute Data under Local Differential Privacy Shafizur Rahman Seeam (Rochester Institute of Technology), Ye Zheng (Rochester Institute of Technology), Yidan Hu (Rochester Institute of Technology) Understanding Privacy and Quality Tradeoffs in Synthetic Network Data Andrew Chu (University of Chicago), Kyle MacMillan (University of Chicago), Paul Schmitt (Cal Poly), Nick Feamster (University of Chicago) SoK: Metric Differential Privacy in Theory and Practice Xinpeng Xie (University of North Texas), Chenyang Yu (University of North Texas), Yan Huang (University of North Texas), Yang Cao (Institute of Science Tokyo), Chenxi Qiu (University of North Texas) CoP-LDP: Coordinated Perturbation for Minimal Disclosure Under Local Differential Privacy Sandaru Jayawardana (The University of Sydney), Ming Ding (Data61, CSIRO, Australia), Kanchana Thilakarathna (The University of Sydney)

Session 4B: Mobile Apps

Chair: Joel Reardon Room: Beaver, TI-110 13:30-15:00 Ad Personalization and Transparency in Mobile Ecosystems: A Comparative Analysis of Google’s and Apple’s EU App Stores David Breuer (Technical University Darmstadt), Lucas Becker (Technical University Darmstadt), Matthias Hollick (Technical University Darmstadt) P-Box: Preventing Unwanted Data Flows using Permission Sandboxes on Android Lucas Becker (Technical University of Darmstadt), David Breuer (Technical University of Darmstadt), Matthias Hollick (Technical University of Darmstadt) Dead Domains, Living Data: A Privacy Risk Analysis of Domain Lifecycle in Android Apps Gabriel Hortea (Universidad Carlos III de Madrid), Aniketh Girish (IMDEA Networks Institute), Narseo Vallina-Rodríguez (IMDEA Networks Institute), Juan Tapiador (Universidad Carlos III de Madrid) Panoptes: Detecting Out-of-Sight Privacy Exposure in Android Sajjad Pourali (Concordia University), Mohammad Mannan (Concordia University) Enabling Personal Dataflow Sovereignty via Bolt-on Data Escrow Zhiru Zhu (University of Chicago), Raul Castro Fernandez (University of Chicago)

Session 4C: Privacy Policies

Chair: Glencora Borradaile Room: Caribou, TI-160 13:30-15:00 Word-level Annotation of GDPR Transparency Compliance in Privacy Policies using Large Language Models Thomas Cory (Technische Universität Berlin), Wolf Rieder (Technische Universität Berlin), Julia Krämer (Erasmus University Rotterdam), Philip Raschke (Technische Universität Berlin), Patrick Herbke (Technische Universität Berlin), Axel Küpper (Technische Universität Berlin) Understanding How University Guidelines Address Privacy and Security Issues of Generative AI in Academic Settings Bei Yi Ng (University of Edinburgh), Jiarui Li (University of Edinburgh), Xinyuan Tong (University of Edinburgh), Kevin Ye (University of Illinois Urbana-Champaign), Gauthami Yenne (University of Illinois Urbana-Champaign), Varun Chandrasekaran (University of Illinois Urbana-Champaign), Jingjie Li (University of Edinburgh) Designing Reflective Thinking-Based Contextual Privacy Policy for Mobile Applications Shuning Zhang (Tsinghua University), Sixing Tao (University of Washington), Eve He (Independent Researcher), Yuting Yang (Independent Researcher), Ying Ma (The University of Melbourne), Ailei Wang (Tsinghua University), Xin Yi (Tsinghua University), Hewu Li (Tsinghua University) Disclosure Divergence: Measuring Privacy Policy and Data Safety Misalignment at Scale Mst Eshita Khatun (Louisiana State University), Lamine Noureddine (Louisiana State University), Sideeq Bello (Louisiana State University), Aisha Ali-Gombe (Louisiana State University) From Lines of Code to Lines of Policy? Exploring Software Developers’ Perceptions of Their Privacy Policy–Related Activities Ria Prianka Saha (Technical University of Darmstadt), Daniel Stäcker (Technical University of Darmstadt), Jonas Stromberg (Fraunhofer IGD), Steven Lamarr Reynolds (Fraunhofer IGD), Kilian Demuth (Technical University of Darmstadt - PEASEC), Frank Nelles (Technical University of Darmstadt - PEASEC), Christian Reuter (Technical University of Darmstadt - PEASEC), Jörn Kohlhammer (Fraunhofer IGD), Alexander Benlian (Technical University of Darmstadt)

Session 4A: Privacy-Preserving Computation

Chair: Wouter Lueks Room: Alpaca, TI-140 13:30-15:00 Multi-Party Private Join Anja Lehmann (Hasso-Plattner-Institute, University of Potsdam), Christian Mouchet (Hasso-Plattner-Institute, University of Potsdam), Andrey Sidorenko (Hasso-Plattner-Institute, University of Potsdam) SEED: Streamlined End-to-End Data Processing in Cloud Environments Omar Jarkas (The University of Queensland), Ryan Ko (The University of Queensland), Naipeng Dong (The University of Queensland), MD Redowan Mahmud (Curtin University) Breaking BAD? Better Call SAUL! -- Breaking and Fixing Bloom Filters with Added Diffusion Frederik Armknecht (University of Mannheim), Jochen Schäfer (University of Mannheim) RingOA: Fast Oblivious Access for Large-Scale Privacy-Preserving Structured Data Analysis Tomoki Uchiyama (Waseda University), Kana Shimizu (Waseda University)

15:00

Break

Room: TI Atrium, seating outdoors and in Caribou TI-160

15:10

Networking Session

Room: Caribou, TI-160 Chair: Autumn Toney Details: Think of this session as a human peering exchange point: a place where attendees can establish new connections and strengthen existing ones. Community Connectors will help attendees find others with shared interests, complementary experiences, or knowledge they are seeking. Whether you are attending PETS for the first time, looking to expand your network, interested in helping others make connections, or simply hoping to meet a few new people, this session is for you. Read more details or contact the organizer with questions.

15:10

BoFs

Room: Beaver (split into 3 rooms) and around TI Chair: Self-organized on site Including DuckDuckGo breakout.

16:10

Bus to PETS Gala (TELUS Spark Science Centre)

Room: Loop in front of TI First bus leaves at 16:10 and last bus leaves at 17:10

17:00

Poster Session and Reception (Atrium, TELUS Spark Science Centre)

18:30

Banquet Dinner (TELUS Spark Science Centre)

21:00

Bus back to University

8:00

Breakfast (provided)

Room: TI Atrium, seating outdoors and in Caribou TI-160

9:00

Keynote: Managing complexity

Fredrik Strömberg Chair: Rob Jansen Room: Moose, ENA201 9:00-10:00 Abstract: What is strategy, innovation, and cybersecurity? What is trust and trustworthiness? What design principles are useful for managing complexity - in computer systems, organizations, and life? I have tried to answer these questions for almost two decades, driven by insatiable curiosity and at times unhealthy perfectionism. This talk is about the journey so far, more and less successful attempts at supporting and doing research, the principles that guide me and my companies, and the meaning of "good enough". Bio: Fredrik Strömberg is co-CEO at Mullvad VPN and Head of Research at the Amagicom group, consisting of Mullvad VPN, Tillitis and Glasklar Teknik. His main interest for the past decade has been the design and construction of more trustworthy computer systems. Together with colleagues and collaborators he has worked on the open-source projects System Transparency, Sigsum, Tillitis TKey, Tillitis HSM as well as open-source silicon and other open-source software and hardware-related internal research projects. Together with his friend Daniel Berntsson he founded Amagicom AB and Mullvad VPN, 17 years ago. His interests in computer security, strategy and creativity started a decade before that, in no small part thanks to his surroundings. Today he's a proud fourth-generation business owner and third-generation inventor. Mullvad was founded with the vision of making mass surveillance and online censorship ineffective, using entrepreneurship as a method for direct political action. Fredrik and Daniel has consistently refused outside investment in order to retain long term strategic flexibility, and re-invest much of Mullvad's profits in research and open-source software and hardware projects.

10:00

Break

Room: TI Atrium, seating outdoors and in Caribou TI-160

10:30

Session 5D: User Privacy Expectations and Norms 2

Chair: Yan Shvartzshnaider Room: Moose, ENA201 10:30-12:00 Privacy by Voice: Designing Usable Privacy Notices for the Voice Interface Aafaq Sabir (North Carolina State University), Abhinaya S.B. (North Carolina State University), Dilawer Ahmed (North Carolina State University), Anupam Das (North Carolina State University) Contextual Intent: Activists’ Privacy Considerations for Collaborative Technology in Social Movement Groups Alexandria LeClerc (Oregon State University), Glencora Borradaile (Oregon State University), Kelsy Kretschmer (Oregon State University) "The city isn't uploading me to TikTok": Exploring Privacy Attitudes towards Data Collection in Urban Public Spaces Julian Todt (Karlsruhe Institute of Technology), Emiram Kablo (Paderborn University), Felix Morsbach (Karlsruhe Institute of Technology), Patricia Arias Cabarcos (European Commission, Joint Research Centre (JRC)), Thorsten Strufe (Karlsruhe Institute of Technology) More Modalities, More Problems: Examining User Understanding of The Meta Quest Permissions Framework Sarah Radway (Harvard University), Matthew Soto (Tufts University), Suvi Lama (University of Southern Mississippi), Carson Powers (Tufts University), Daniel Votipka (Tufts University) User Perceptions and Attitudes Toward Untraceability in Messaging Platforms Carla Florencia Griggio (Department of Computer Science, Aalborg University), Boel Nelson (Department of Computer Science, University of Copenhagen), Zefan Sramek (IIS Lab, The University of Tokyo), Aslan Askarov (Department of Computer Science, Aarhus University)

Session 5B: PETs in the Physical World

Chair: Miti Mazmudar Room: Beaver, TI-110 10:30-12:00 EvaluatAR: A Cross-Device Evaluation Framework for Rapid Prototyping of Bystander PETs in AR Syed Ibrahim Mustafa Shah Bukhari (Virginia Tech), Matthew Corbett (Army Cyber Institute at West Point), Bo Ji (Virginia Tech), Brendan David-John (Virginia Tech) The PET Paradox: How Amazon Instrumentalises PETs in Sidewalk to Entrench Its Infrastructural Power Thijmen van Gend (Dutch Organisation for Applied Scientific Research (TNO) & Delft University of Technology), Donald Jay Bertulfo (Delft University of Technology), Seda Gürses (Delft University of Technology) SoK: Mapping the Privacy Landscape of Geolocation Ecosystems Augustin Laouar (École Normale Supérieure de Lyon), Paul Lachat (INRIA), Loïc Desgeorges (Université Claude Bernard Lyon 1), Mathieu Cunche (INRIA), Vincent Roca (INRIA), Pascale Vicat-Blanc (INRIA), Francesco Bronzino (École Normale Supérieure de Lyon / Institut universitaire de France) Between a Rock and a Hard Place: Examining Public Understanding and Perceptions of Data Practices in Smart Cities Wejdan Alsarih (University of Bristol), Inah Omoronyia (University of Bristol), Kopo Marvin Ramokapane (University of Bristol) Humanitarian Aid Distribution with Privacy-Preserving Assessment Capabilities Christian Knabenhans (EPFL), Lucy Qin (Georgetown), Justinas Sukaitis (ICRC), Vincent Graf Narbel (ICRC), Carmela Troncoso (MPI-SP,EPFL)

Session 5C: Membership Inference Attacks

Chair: Jochen Schäfer Room: Caribou, TI-160 10:30-12:00 Impact of Graph Structure on Membership-Inference Risk for Graph Neural Networks Megha Khosla (Delft University of Technology) Revisiting Assumptions for Membership Inference on Summary Statistics Pascal Berrang (University of Birmingham), Mark Ryan (University of Birmingham), Kiera Wooldridge (University of Birmingham) Revisiting the LiRA Membership Inference Attack Under Realistic Assumptions Najeeb Jebreel (Universitat Rovira i Virgili), Mona Khalil (Universitat Rovira i Virgili), David Sánchez (Universitat Rovira i Virgili), Josep Domingo-Ferrer (Universitat Rovira i Virgili) Unveiling Graph Copycats: Inference Attacks with Student Models Paul Agbaje (University Of Texas At Arlington), Afia Anjum (University Of Texas At Arlington), Arkajyoti Mitra (University Of Texas At Arlington), Habeeb Olufowobi (University Of Texas At Arlington) Weight initialization based on gradient similarity for versatile machine unlearning Doun Lee (Kookmin University), Jongyun Shin (Kookmin University), Jinwoo Bae (Kookmin University), Hyunjoon Cho (Kookmin University), Jangho Kim (Kookmin University)

Session 5A: Zero Knowledge Proofs

Chair: Rei Safavi-Naini Room: Alpaca, TI-140 10:30-12:00 zkRevoke: Configurable Untraceability for Verifiable Credentials using ZKPs praveensankar manimaran (University of Oslo, Norway), Mayank Raikwar (University of Oslo, Norway), Thiago Garrett (University of Oslo, Norway), Arlindo F. da Conceição (Federal University of São Paulo, Brazil), Leander Jehl (University of Stavanger, Norway), Roman Vitenberg (University of Oslo, Norway) Zero-Knowledge Proofs of Generalized Regular Expression Matching for Anonymized Email Verification Shreyas Londhe (ZK Email), Aayush Gupta (ZK Email), Sora Suegami (Ethereum Foundation), Yogesh Shahi (ZK Email), Rute Figueiredo (ZK Email), Parisa Hassanizadeh (IPPT PAN), Shahriar Ebrahimi (Alan Turing Institute) PQKryvos: Post-Quantum Secure E-Voting With Flexible Ballot Formats and Public Tally-Hiding Nicolas Huber (University of Stuttgart), Ralf Küsters (University of Stuttgart), Pascal Reisert (University of Stuttgart) HyperVerITAS: Verifying Image Transformations at Scale on Boolean Hypercubes Garrett Greiner (University of Utah), Toshi Mowery (University of Utah), Pratik Soni (University of Utah) Gryphes: Hybrid Proofs for Modular SNARKs with Applications to zkRollups Jiajun Xin (The Hong Kong University of Science and Technology), Samuel Cheung On Tin (The Hong Kong University of Science and Technology), Christodoulos Pappas (The Hong Kong University of Science and Technology), Yongjin Huang (OKG), Dimitrios Papadopoulos (The Hong Kong University of Science and Technology)

12:00

Lunch (provided)

Room: TI Atrium, seating outdoors and in Caribou TI-160

13:30

Session 6D: Privacy-Preserving Machine Learning

Chair: Simon Oya Room: Moose, ENA201 13:30-15:00 VeriDP: Verifiable Differentially Private Training Behzad Abdolmaleki (University of Sheffield), Amir R. Asadi (University of Cambridge), Vahid R. Asadi (University of Waterloo), Stefan Köpsell (Barkhausen Institut), Bhavish Mohee (University of Sheffield), Nahid Roustaeifar (University of Sheffield), Maryam Zarezadeh (Barkhausen Institut) DP-Hype: Distributed Differentially Private Hyperparameter Search Johannes Liebenow (University of Lübeck), Thorsten Peinemann (University of Lübeck), Esfandiar Mohammadi (University of Lübeck) Argmax and XGBoost Training over Fully Homomorphic Encryption Ramy Masalha (IBM Research and University of Haifa), Adi Akavia (University of Haifa), Allon Adir (IBM Research), Ehud Aharoni (IBM Research), Eyal Kushnir (IBM Research) SPRINT: Scalable Secure & Differentially Private Inference for Transformers Francesco Capano (SAP SE), Jonas Boehler (SAP SE), Benjamin Weggenmann (Technische Hochschule Würzburg Schweinfurt) CURE: Privacy-Preserving Split Learning Done Right Halil Ibrahim Kanpak (Koç University), Aqsa Shabbir (Bilkent University), Esra Genç (Bilkent University), Alptekin Küpçü (Koç University), Sinem Sav (Bilkent University)

Session 6B: Differential Privacy 2

Chair: Laura Edelson Room: Beaver, TI-110 13:30-15:00 Preserving Target Distributions With Differentially Private Count Mechanisms Nitin Kohli (UC Berkeley), Paul Laskowski (UC Berkeley) dX-Privacy for Text and the Curse of Dimensionality Hassan Asghar (Macquarie University), Robin Carpentier (Macquarie University), Benjamin Zi Hao Zhao (Macquarie University), Dali Kaafar (Macquarie University) Privacy in Theory, Bugs in Practice: Grey-Box Auditing of Differential Privacy Libraries Tudor Cebere (Inria, Université de Montpellier), David Erb (Technical University of Munich, Oblivious), Damien Desfontaines (Hiding Nemo), Aurélien Bellet (Inria, Université de Montpellier), Jack Fitzsimons (Oblivious) Where to Intervene? Benchmarking Fairness-Aware Learning on Differentially Private Synthetic Tabular Data Vinícius Gabriel Angelozzi (Centre Inria de l'Université Grenoble Alpes), Héber Hwang Arcolezi (ÉTS Montréal) “We Need a Standard”:Toward an Expert–Informed Privacy Label for Differential Privacy Onyinye Dibia (University of Vermont), Mengyi Lu (University of Vermont), Prianka Bhattacharjee (University of Vermont), Joseph P Near (University of Vermont), Yuanyuan Feng (University of Vermont)

Session 6C: Anonymity: Defenses

Chair: Carmela Troncoso Room: Caribou, TI-160 13:30-15:00 Precision Leads Recalling You! Improved Location Privacy for Shared Mobility Services Debasree Das (University of Bamberg), Daniela Nicklas (University of Bamberg) SoK: Multi-Perspective-Video-Anonymization Islam Amar (Karlsruhe Institute of Technology), Omar Moured (Karlsruhe Institute of Technology), Simon Hanisch (Technical University Dresden), Thorsten Strufe (Karlsruhe Institute of Technology) Di5Guise: 5G Privacy with vSIM Shirin Ebadi (University of Colorado Boulder), Zach Moolman (University of Colorado Boulder), Tamara Lehman (University of Colorado Boulder), Eric Keller (University of Colorado Boulder) Priv360: Application-Oriented QoE-Optimized Client-Side Protection for 360-Viewer Identification Sheyda Mirzakhani (Linköping University), Niklas Carlsson (Linköping University) Pantomime: Motion Data Anonymization Using Foundation Motion Models Simon Hanisch (Technical University Dresden), Julian Todt (Karlsruhe Institute of Technology), Thorsten Strufe (Karlsruhe Institute of Technology)

15:00

Break

Room: TI Atrium, seating outdoors and in Caribou TI-160

15:30

Session 7D: Cryptographic Tools for Privacy 2

Chair: Lilika Markatou Room: Moose, ENA201 15:30-17:00 Beyond the Output: Inference Attacks on Private Set Union and Multi-Key Private Matching Andrea Raguso (ETH Zurich), Francesca Falzon (ETH Zurich), Tianxin Tang (University of Glasgow), Kenneth G. Paterson (ETH Zurich) tigro: Trust Infrastructure for Grassroots Organizing via Grounded Digital Annotations Leah Namisa Rosenbloom (Northeastern University), Seny Kamara (Brown University and MongoDB Research), Zachary Espiritu (MongoDB Research), Tarik Moataz (MongoDB Research), Amine Bahi (École Normale Supérieure), John Wilkinson (Brown University) Oblivis: A Framework for Delegated and Efficient Oblivious Transfer Aydin Abadi (Newcastle University), Yvo Desmedt (The University of Texas at Dallas) LendLocked: Privacy & Transparency for Digital Library Lending Boya Wang (MPI-SP and EPFL), Peter Hall (NYU), Sunoo Park (NYU) ROTL: Faster Lookup Table Evaluation Xiaoyang Hou (Zhejiang University), Jian Liu (Zhejiang University), Jingyu Li (Zhejiang University), Jiawen Zhang (Zhejiang University), Kui Ren (Zhejiang University), Chun Chen (Zhejiang University)

Session 7B: User Privacy Expectations and Norms 3

Chair: Serge Egelman Room: Beaver, TI-110 15:30-17:00 Toward Adaptive Privacy-Enhancing Training: A Longitudinal Study of How Personality Shapes Responsiveness to Information Security Awareness Training Ofir Cohen (Ben-Gurion University of the Negev), Asaf Shabtai (Ben-Gurion University of the Negev), Rami Puzis (Ben-Gurion University of the Negev) “Users are worried, but we are confused”: Exploring the Privacy, Security, and Safety Perspectives and Practices of FemHealth App Product Team Members Chenkai Ma (King's College London), Shijing He (King's College London), Ina Kaleva (King's College London), Alisa Frik (International Computer Science Institute), Jose Such (INGENIO (CSIC-Universitat Politècnica de València)), Ruba Abu-Salma (King's College London) Are we collaborative yet? A Usability Perspective on Mixnet Latency for Real-Time Applications Killian Davitt (King's College London), Dan Ristea (UCL), Steve. J Murdoch (UCL) Toward Transparent IoT Purchases: Understanding User Preferences for Privacy and Security Properties of IoT Devices Lindrit Kqiku (University of Göttingen), Delphine Reinhardt (University of Göttingen) Analyzing Societal Awareness and Perception of Digital Fingerprinting and Fingerprinting Countermeasures Pascal Schramm (Technical University of Munich), Emmanuel Syrmoudis (Technical University of Munich), Alexandros Markou (Technical University of Munich), Jens Grossklags (Technical University of Munich)

Session 7C: Language Models 2

Chair: Alisha Ukani Room: Caribou, TI-160 15:30-17:00 Personalizing Agent Privacy Decisions via Logical Entailment James Flemings (University of Southern California), Ren Yi (Google), Octavian Suciu (Google), Kassem Fawaz (University of Wisconsin--Madison), Murali Annavaram (University of Southern California), Marco Gruteser (Google) Personal Data Flows and Privacy Policy Traceability in Third-party GPT Integrations Juan Carlos Carrillo (VRAIN, Universitat Politècnica de València), Jose Luis Martin Navarro (Aalto University & VRAIN, Universitat Politècnica de València), Rongjun Ma (Aalto University), Jose Such (King’s College London & VRAIN, Universitat Politècnica de València) WebSP-Eval: Evaluating Web Agents on Website Security and Privacy Tasks Guruprasad Viswanathan Ramesh (University of Wisconsin-Madison), Asmit Nayak (University of Wisconsin-Madison), Basieem Siddique (University of Wisconsin-Madison), Kassem Fawaz (University of Wisconsin-Madison) Redefining Website Fingerprinting Attacks with Multi-Agent LLMs Chuxu Song (Rutgers University), Dheekshith Dev Manohar Mekala (Rutgers University), Hao Wang (Rutgers University), Richard P. Martin (Rutgers University)

17:00

Closing Remarks, Awards, Walk to celebration

Room: TI Atrium

17:30

Closing Celebration (Rump session 2, games)

Room: The Banquet – University District Rump session: Informal lightning talks about any topic. Any attendee can present. Sign up with Roger Dingledine or Wouter Lueks.

8:30

Breakfast (provided)

Room: TI Atrium, seating outdoors and in Caribou, TI-160

9:00

Welcome! (coffee and chat)

9:30

Opening Remarks

9:45

Keynote: When Everyone's a Target: Rethinking Threat Models in the Age of Ambient, Inherited, and AI-Enhanced Surveillance

Rebekah Brown, The Citizen Lab Chair: 9:45–11:00 Abstract:
Traditional threat modeling starts with asking "who is the target, who is the adversary, and what are they after?" For high-risk groups such as journalists, activists, and dissidents, the answers have historically been state actors with advanced capabilities who are interested in the target's communications, location, and social circles. But the volume and types of data now available, along with shifts in who controls this information, have changed many of these assumptions.

The Mosaic Theory, where individual data points combine to reveal sensitive patterns no single piece would expose, has been operationalized at scale. Contextual data collected through everyday technology use is now fed into machine learning systems capable of inferring information never explicitly disclosed by an individual, enabling not only targeted attacks, but digital stalking, doxxing, and impersonation. Fully automated profiling systems now exist that autonomously scrape, collect, and analyze raw user data using coordinated agents, eliminating the need for background knowledge or profiling expertise. As a result, threat models can no longer be limited to high-value targets or explicitly sensitive data. They must account for how ordinary digital traces can be transformed into actionable intelligence about almost anyone.

This talk draws on Citizen Lab research into targeted attacks and ad-tech surveillance and new work on stalkerware, alongside emerging research on AI-enabled profiling, to address how researchers and technologists should prioritize between high-sophistication targeted threats and lower-sophistication, mass-availability threats, including AI tools now accessible to any abuser or state actor.
Bio:
Rebekah Brown is a senior researcher at the Citizen Lab focussing on targeted threats against civil society. She has over 20 years of experience in threat intelligence and analysis. Before joining the Citizen Lab, Rebekah worked at Apple, where she focused on complex threat models and helped design and implement features for individuals at increased risk for stalking, harassment, and abuse.

11:00

Coffee break

11:30

Session A

11:30–12:30 From PETs to PLTs (from Privacy Enhancing Technologies to Purpose Limiting Technologies) Carmela Troncoso (mpi-sp) Privacy in Practice: Reflections on a Semester Long Course Project Alishah Chator (Baruch College) and Julie Ha (Boston University)

12:30

Lunch Break

Room: TI Atrium, seating outdoors and in Caribou, TI-160

14:00

Session B

14:00–15:00 Should Opt-Out Depend on Where You Live? Comparing Mobile Privacy Choices Across Jurisdictions Sujin Han (KAIST) and Insu Yun (KAIST) Transmissions of Hashed Personally Identifiable Information to Third Parties Across Websites Tin Le (University of Calgary), Joel Reardon (University of Calgary), Serge Egelman (ICSI / UC Berkeley) and Narseo Vallina-Rodriguez (IMDEA Networks Institute)

15:00

Traditional Hot PETS Ice Cream Break

15:30

Session C

15:30-17:00 Get your Hands off my Hand: Privacy and Bionic Limbs Kwesi Afari Darfoor (University of Alberta), Patrick M. Pilarski (University of Alberta) and Bailey Kacsmar (University of Alberta) Understanding and addressing censorship in university networks Seungju Lee (Princeton University), Leon Schuermann (Princeton University), and Constantine Doumanidis (Princeton University) Breaking the web is good for privacy Saiid El Hajj Chehade (EPFL)

17:00

Voting for best talk

17:10

Awards and Closing Remarks

7:45

Breakfast (provided)

Room: TI Atrium, seating outdoors and in Caribou, TI-160

8:30

PETS Hike

8:30-17:00 Room: Loop in front of TI Please see the hike page for full details. You must register at the welcome desk to participate; spaces are limited. Note: bus departure time is at 8:30 am sharp. We will arrive at Banff around 10am. We will board the return buses at 3:30pm, and the bus returns to TI for 5pm.