All times on this page are UTC (Reykjavik, Dakar). Find the original schedule here,
Other timezones can be found here: UTC, UTC+1, UTC+2, UTC+3, UTC+4, UTC+5, UTC+6, UTC+7, UTC+8, UTC+9, UTC+10, UTC+11, UTC+12, UTC-1, UTC-2, UTC-3, UTC-4, UTC-5, UTC-6, UTC-7, UTC-8, UTC-9, UTC-10, UTC-11, UTC-12
Conference Schedule
14:00
Breakfast (provided)
Room: TI Atrium, seating outdoors and in Caribou, TI-160Breakfast (provided)
Room: TI Atrium, seating outdoors and in Caribou, TI-160 15:00-15:3018:00
Lunch (provided)
Room: TI Atrium, seating outdoors and in Caribou TI-16023:00
Games
Room: TI lawn outside0:00 (July 21)
Opening Reception (refreshments and food trucks)
Room: TI Atrium, ENG and TI greenspaces13:30
Breakfast (provided)
Room: ENG greenspace (TI Atrium as contingency), seating outdoors and in Caribou14:30
Opening Remarks
Room: TI Atrium15:00
Keynote: Privacy and Ads on the Emerging Agentic Web
Franziska Roesner Room: Moose, ENA201 15:00-16:00 Abstract: Over the last two or more decades, a key privacy issue on the web has been the collection and use of data in the context of targeted advertising. Members of the computer security and privacy research community (and adjacent communities) have done substantial work over that time to characterize (and improve) this ecosystem and its risks, including: assessing the privacy implications of online tracking and ad targeting, studying problematic (e.g., manipulative or adversarial) ad content and ad targeting, and exploring privacy-preserving ad mechanisms. In this talk, I will first overview research findings and ecosystem developments around privacy and the online advertising ecosystem up until now. Then, I will look to the future in this era of generative AI, considering how tracking and advertising may manifest in the emerging “agentic web” — in which users interact substantially with AI agents, and agents interact directly with other web content — and how the landscape of privacy and related risks may evolve. Bio: Franziska (Franzi) Roesner is the Brett Helsel Professor in the Paul G. Allen School of Computer Science & Engineering at the University of Washington, where she co-directs the Security and Privacy Research Lab. Her research focuses broadly on computer security and privacy for end users of existing and emerging technologies. Her work has studied topics including online tracking and advertising, security and privacy for marginalized and/or vulnerable user groups, security and privacy in emerging augmented reality (AR) and IoT platforms, and online trust and safety. She is the recipient of a Google Security and Privacy Research Award and a Google Research Scholar Award, a Consumer Reports Digital Lab Fellowship, an MIT Technology Review "Innovators Under 35" Award, an Emerging Leader Alumni Award from the University of Texas at Austin, and an NSF CAREER Award. She has received paper awards or runners-up at the USENIX Security Symposium, the IEEE Symposium on Security & Privacy, the Internet Measurement Conference, the WebConf, the Annual Privacy Forum, and the CHI Conference on Human Factors in Computing Systems; as well as Test of Time Awards at NSDI, the IEEE Symposium on Security & Privacy, and USENIX Security. She currently serves on the USENIX Security steering committee. She received her PhD from the University of Washington in 2014 and her BS from UT Austin in 2008.16:00
Break
Room: TI Atrium, seating outdoors and in Caribou, TI-16016:30
Best Student Paper Session
Room: Moose, ENA201 16:30-18:00 Evaluating connection migration based QUIC censorship circumvention No Privacy for Privates: How Military Communities Experience and Perceive the Privacy Risks of Military-Marketed Mobile Apps Cryptographically-Secured Domain Validation EXADPrinter: Semi-Exhaustive Permissionless Device Fingerprinting Within the Android Ecosystem SoK: Offline Finding Protocols for Lightweight Location Tracking18:00
Lunch (provided)
Room: TI Atrium, seating outdoors and in Caribou TI-16019:30
Session 1A: Cryptographic Tools for Privacy 1
Room: Alpaca, TI-140 19:30-21:00 When Drones Meet Privately: Secure Coordination with 𝑡-PSI When Threshold Meets Anamorphic Signatures: What is Possible and What is Not! CAnonize: a Compact Anonymous Survey Protocol Practical Semi-Open Chat Groups for Secure Messaging Applications Privacy Pass is Anamorphic: Practical Consequences and Attacks in the Black-box ModelSession 1B: Traffic Analysis
Room: Beaver, TI-110 19:30-21:00 Website fingerprinting on Nym: Attacks and Defenses Ephemeral Network-Layer Fingerprinting Defenses Dodge: A Client-Side Framework for Application-Layer Video Fingerprinting Defenses What-App? App usage detection using encrypted LTE/5G traffic More Space, Less Privacy? Measuring the Effectiveness of IP-based Website Fingerprinting in IPv6 PriVA-C: Defending Voice Assistants from Fingerprinting AttacksSession 1C: User Privacy Expectations and Norms 1
Room: Caribou, TI-160 19:30-21:00 Bot Among Us: Exploring User Awareness and Privacy Concerns About Chatbots in Group Chats Are Bite-Size Data Safety Details a Healthy Diet for Android Telehealth App Users? Impacts of Privacy Nutrition Labels on Users' Privacy Perceptions “I don’t think it needs to be political”: Privacy Experiences and Concerns of FemHealth App Users in the United States “I Just Press Allow”: Understanding Privacy Practices of New Internet Users in Urban India "Alexa, Do Not Say That in Front of my Boss!" A Cross-Cultural Comparison of User and AI Preferences for Privacy-Aware Smart Speaker Interactions Across ContextsSession 1D: Web Privacy
Room: Moose, ENA201 19:30-21:00 The Empire Strikes Back (at Your Privacy): An Archaeology of Tracking on Government Websites OAuthHub: Mitigating OAuth Data Overaccess through a Local Data Hub The Masks We (Think We) Wear: Privacy Threats of Browser-Extension Wallets in the Web3 Ecosystem From Syntactic Matching to Taint Tracking and Back: A Comparative Study of Web Tracking Detection Techniques Clicking into Exposure: Uncovering Privacy Risks of Google Click Identifier in YouTube Ads21:00
Break
Room: TI Atrium, seating outdoors and in Caribou TI-16021:30
Session 2D: Information Leakage
Room: Moose, ENA201 21:30-23:00 Making Sense of Private Advertising: A Principled Approach to a Complex Ecosystem Sensor Privacy as a Spectrum: Quantifying Privacy in Edge and Multimodal Systems through Games Measuring Legislature-Aligned Privacy Risks in Synthetic Graphs Pseudonymity at Risk: Linkage Attacks on Blockchain Users with Off-Chain Cues Privacy Attacks on Matrix Profiles based on Reconstruction Techniques SilhouetteTell: Practical Video Identification Leveraging Blurred Recordings of Video SubtitlesSession 2B: Federated Learning
Room: Beaver, TI-110 21:30-23:00 AI-in-the-Loop: Privacy Preserving Real-Time Scam Detection and Conversational Scambaiting by Leveraging LLMs and Federated Learning Secure and Privacy-Preserving Vertical Federated Learning SoK: Verifiable Integrity Claims for Privacy-Preserving Federated Learning Poison to Detect: Detection of Targeted Overfitting in Federated Learning FinP: Fairness-in-Privacy in Federated Learning by Addressing Disparities in Privacy RiskSession 2C: Censorship
Room: Caribou, TI-160 21:30-23:00 Obscura: Enabling Ephemeral Proxies for Traffic Encapsulation in WebRTC Media Streams Against Cost-Effective Censors CensorLess: Cost-Efficient Censorship Circumvention Through Serverless Cloud Functions Banned Books: Analysis of Censorship on Amazon.com Troll Patrol: Anonymous User Reporting of Bridge Censorship Precarious But Active: A Look At Privacy Behaviors in Chinese Transformative Fandom on a Censored and Surveilled InternetSession 2A: Policy, Regulation, Compliance
Room: Alpaca, TI-140 21:30-23:00 A Year Under the DSA: Ad Transparency’s Uneven Landscape Exercising the CCPA Opt-out Right on Android: Legally Mandated but Practically Challenging The TCF doesn’t really A(A)ID – Automatic Privacy Analysis and Legal Compliance of TCF-based Android Applications Overcoming Language Barriers: Multilingual Analysis of the 2023 Swiss Privacy Law's Impact The Role of Online Forums in Developer Understanding of Privacy Law - A Reddit Case Study23:00
Mini Break
23:10
Calgary surprise
23:20
Future PETS Directions
Room: Moose/ENA Atrium (immediately outside Moose)23:40
Mini Rump Session
Room: Moose, ENA2010:00 (July 22)
Optional led excursions (on your own). See registration desk on Monday and Tuesday for signup options
14:00
Breakfast (provided)
Room: TI Atrium, seating outdoors and in Caribou TI-16015:00
Keynote: Autocratic AI: The Frontier AI Trilemma and the Case for a Privacy-Preserving Freedom Stack
John Scott Railton Room: Moose, ENA201 15:00-16:00 Abstract: The 2011 Arab Spring caught autocrats by surprise. Then, they evolved. Today, they’ve co-opted social media and internet infrastructure to surveil and repress civil society. Now, the activists, journalists and dissidents we work with are already pervasively using AI. And autocrats are seeking to respond. They are preparing to exploit AI hyperscalers’ reliance on state-regulated resources, from chips and electricity to land use and market access, as well as dependency on sovereign wealth funds. From the 2026 Anthropic order by the US Commerce Department, leading to frontier models being taken down, to China’s comprehensive AI frameworks, government pressure on the AI sector is growing fast in democracies and autocracies alike. Big companies face a frontier AI trilemma, and must choose only two of the following: global market access, very broad safety compliance, or serving inference without state censorship or monitoring. Today, the conditions that some states attach to 'safety' compliance and market access increasingly appear as a pretext for censorship and monitoring, which precludes unrestricted inference. Combined with competitive pressure, I believe this will push companies to sacrifice unrestricted inference, and embrace broad state demands, framed as comprehensive 'safety frameworks' that subtly conflate legitimate harm reduction with political censorship and monitoring. Such frameworks will offer all autocrats and democracies a tempting fast-track to censorship and surveillance. Unlike traditional censorship methods and blocking, these will be subtle, personalized steering, and resistant to systematic observation and evidence-driven accountability. And the surveillance, unlike mercenary spyware, won’t leave traces on devices. To counter this, we must build a freedom stack requiring precisely the technologies that this community specializes in: a friendly and resilient ecosystem of private, secure inference with minimal-trust architectures and technical guarantees that operators cannot inspect or filter prompts. Its layers include open-weight and open-source models running in trusted execution environments (TEEs) or on user-controlled devices, seamless migration paths for existing AI users, great user experiences, and rigorous research and testing of models for political censorship and security risks. We must push back on the dynamics, however well-intentioned, that concentrate all AI capability in entities vulnerable to state coercion. Bio: John Scott-Railton is an expert on spyware, phishing, and information operations. As Senior Researcher at the Citizen Lab he leads the Targeted Threats team, collaborating with at-risk individuals and partners around the world to expose abuses. For more than fifteen years he has worked on collaborative investigations tracking and exposing digital attacks targeting people because of who they are, what they do, or what they say. He has testified to lawmakers in the U.S., Italy, Poland and the European parliament on the threats posed by spyware proliferation to national security and human rights. He was the Founding Editor of the Security Planner, now operated by Consumer Reports, which provides personalized expert security advice. He has also worked on ensuring connectivity in conflicts, including ensuring the free and secure flow of information during wartime. For example, he co-founded the Voices Projects, which helped bypass internet shutdowns in Egypt and Libya. He is a past fellow at Google Ideas / Jigsaw at Alphabet where he worked on products like the Phishing Quiz.16:00
Break
16:30
Session 3D: Language Models 1
Room: Moose, ENA201 16:30-18:00 Privacy Bias in Language Models: A Contextual Integrity-based Auditing Metric When Tables Leak: Attacking String Memorization in LLM-Based Tabular Data Generation Operationalizing the Motivated Intruder: A Codebook-Guided Inference Framework for Semantic Input Privacy in LLMs LLMs Leak Training Data Beyond Verbatim Memorization via Membership DecodingSession 3B: Homomorphic Encryption
Room: Beaver, TI-110 16:30-18:00 Pirouette: Query Efficient Single-Server PIR Secure Change-Point Detection for Time Series under Homomorphic Encryption POPPY: Scalable and Secure Spectral Centrality for Distributed Graphs via Homomorphic Encryption Training TFHE-Based Neural Networks with Approximated Floating-Point ArithmeticSession 3C: Human-centered Privacy
Room: Caribou, TI-160 16:30-18:00 ReporTor: Facilitating User Reporting of Issues Encountered in Naturalistic Web Browsing via the Tor Browser How Experts Personalize Privacy & Security Advice for At-Risk Users Cultivating a Tech-Safety Mindset using Game-Based Learning for Defending against Technology-Facilitated Abuse Location-Enhanced Information Flow for Home Automations "Because I didn't touch these and even don't know why I should to change these": Why App Developers Do (Not) Update Apple's Privacy LabelsSession 3A: Anonymous Communications
Room: Alpaca, TI-140 16:30-18:00 CoinJoin ecosystem insights for Wasabi 1.x, Wasabi 2.x and Whirlpool coordinator-based privacy mixers Access Granted, Privacy Lost: Formalizing & Quantifying the Hidden Anonymity Risks of Exclusive-Use Systems Waterfall: A Capsule-Based Framework for Evaluating Traffic Watermarking in Anonymity Systems Breaking and (Partially) Fixing Onion Routing with Fragmentation CODoH: Privacy-Preserving Caching for Oblivious DNS over HTTPS Maude-HCS: Model Checking the Undetectability-Performance Tradeoffs in Hidden Communication Systems18:00
Lunch (provided)
Room: TI Atrium, seating outdoors and in Caribou TI-16019:30
Session 4D: Differential Privacy 1
Room: Moose, ENA201 19:30-21:00 Dropout-Robust Mechanisms for Differentially Private and Fully Decentralized Mean Estimation Frequency Estimation of Correlated Multi-attribute Data under Local Differential Privacy Understanding Privacy and Quality Tradeoffs in Synthetic Network Data SoK: Metric Differential Privacy in Theory and Practice CoP-LDP: Coordinated Perturbation for Minimal Disclosure Under Local Differential PrivacySession 4B: Mobile Apps
Room: Beaver, TI-110 19:30-21:00 Ad Personalization and Transparency in Mobile Ecosystems: A Comparative Analysis of Google’s and Apple’s EU App Stores P-Box: Preventing Unwanted Data Flows using Permission Sandboxes on Android Dead Domains, Living Data: A Privacy Risk Analysis of Domain Lifecycle in Android Apps Panoptes: Detecting Out-of-Sight Privacy Exposure in Android Enabling Personal Dataflow Sovereignty via Bolt-on Data EscrowSession 4C: Privacy Policies
Room: Caribou, TI-160 19:30-21:00 Word-level Annotation of GDPR Transparency Compliance in Privacy Policies using Large Language Models Understanding How University Guidelines Address Privacy and Security Issues of Generative AI in Academic Settings Designing Reflective Thinking-Based Contextual Privacy Policy for Mobile Applications Disclosure Divergence: Measuring Privacy Policy and Data Safety Misalignment at Scale From Lines of Code to Lines of Policy? Exploring Software Developers’ Perceptions of Their Privacy Policy–Related ActivitiesSession 4A: Privacy-Preserving Computation
Room: Alpaca, TI-140 19:30-21:00 Multi-Party Private Join SEED: Streamlined End-to-End Data Processing in Cloud Environments Breaking BAD? Better Call SAUL! -- Breaking and Fixing Bloom Filters with Added Diffusion RingOA: Fast Oblivious Access for Large-Scale Privacy-Preserving Structured Data Analysis21:00
Break
Room: TI Atrium, seating outdoors and in Caribou TI-16021:10
Networking Session
Room: Caribou, TI-160
21:10
BoFs
Room: Beaver (split into 3 rooms) and around TI Including DuckDuckGo breakout.22:10
Bus to PETS Gala (TELUS Spark Science Centre)
Room: Loop in front of TI First bus leaves at 22:10 and last bus leaves at 23:1023:10
Poster Session (Atrium, TELUS Spark Science Centre)
0:30 (July 23)
Banquet Dinner (TELUS Spark Science Centre)
3:00 (July 23)
Bus back to University
14:00
Breakfast (provided)
Room: TI Atrium, seating outdoors and in Caribou TI-16015:00
Keynote: Managing complexity
Fredrik Strömberg Room: Moose, ENA201 15:00-16:00 Abstract: What is strategy, innovation, and cybersecurity? What is trust and trustworthiness? What design principles are useful for managing complexity - in computer systems, organizations, and life? I have tried to answer these questions for almost two decades, driven by insatiable curiosity and at times unhealthy perfectionism. This talk is about the journey so far, more and less successful attempts at supporting and doing research, the principles that guide me and my companies, and the meaning of "good enough". Bio: Fredrik Strömberg is co-CEO at Mullvad VPN and Head of Research at the Amagicom group, consisting of Mullvad VPN, Tillitis and Glasklar Teknik. His main interest for the past decade has been the design and construction of more trustworthy computer systems. Together with colleagues and collaborators he has worked on the open-source projects System Transparency, Sigsum, Tillitis TKey, Tillitis HSM as well as open-source silicon and other open-source software and hardware-related internal research projects. Together with his friend Daniel Berntsson he founded Amagicom AB and Mullvad VPN, 17 years ago. His interests in computer security, strategy and creativity started a decade before that, in no small part thanks to his surroundings. Today he's a proud fourth-generation business owner and third-generation inventor. Mullvad was founded with the vision of making mass surveillance and online censorship ineffective, using entrepreneurship as a method for direct political action. Fredrik and Daniel has consistently refused outside investment in order to retain long term strategic flexibility, and re-invest much of Mullvad's profits in research and open-source software and hardware projects.16:00
Break
Room: TI Atrium, seating outdoors and in Caribou TI-16016:30
Session 5D: User Privacy Expectations and Norms 2
Room: Moose, ENA201 16:30-18:00 Privacy by Voice: Designing Usable Privacy Notices for the Voice Interface Contextual Intent: Activists’ Privacy Considerations for Collaborative Technology in Social Movement Groups "The city isn't uploading me to TikTok": Exploring Privacy Attitudes towards Data Collection in Urban Public Spaces More Modalities, More Problems: Examining User Understanding of The Meta Quest Permissions Framework User Perceptions and Attitudes Toward Untraceability in Messaging PlatformsSession 5B: PETs in the Physical World
Room: Beaver, TI-110 16:30-18:00 EvaluatAR: A Cross-Device Evaluation Framework for Rapid Prototyping of Bystander PETs in AR The PET Paradox: How Amazon Instrumentalises PETs in Sidewalk to Entrench Its Infrastructural Power SoK: Mapping the Privacy Landscape of Geolocation Ecosystems Between a Rock and a Hard Place: Examining Public Understanding and Perceptions of Data Practices in Smart Cities Humanitarian Aid Distribution with Privacy-Preserving Assessment CapabilitiesSession 5C: Membership Inference Attacks
Room: Caribou, TI-160 16:30-18:00 Impact of Graph Structure on Membership-Inference Risk for Graph Neural Networks Revisiting Assumptions for Membership Inference on Summary Statistics Revisiting the LiRA Membership Inference Attack Under Realistic Assumptions Unveiling Graph Copycats: Inference Attacks with Student Models Weight initialization based on gradient similarity for versatile machine unlearningSession 5A: Zero Knowledge Proofs
Room: Alpaca, TI-140 16:30-18:00 zkRevoke: Configurable Untraceability for Verifiable Credentials using ZKPs Zero-Knowledge Proofs of Generalized Regular Expression Matching for Anonymized Email Verification PQKryvos: Post-Quantum Secure E-Voting With Flexible Ballot Formats and Public Tally-Hiding HyperVerITAS: Verifying Image Transformations at Scale on Boolean Hypercubes Gryphes: Hybrid Proofs for Modular SNARKs with Applications to zkRollups18:00
Lunch (provided)
Room: TI Atrium, seating outdoors and in Caribou TI-16019:30
Session 6D: Privacy-Preserving Machine Learning
Room: Moose, ENA201 19:30-21:00 VeriDP: Verifiable Differentially Private Training DP-Hype: Distributed Differentially Private Hyperparameter Search Argmax and XGBoost Training over Fully Homomorphic Encryption SPRINT: Scalable Secure & Differentially Private Inference for Transformers CURE: Privacy-Preserving Split Learning Done RightSession 6B: Differential Privacy 2
Room: Beaver, TI-110 19:30-21:00 Preserving Target Distributions With Differentially Private Count Mechanisms dX-Privacy for Text and the Curse of Dimensionality Privacy in Theory, Bugs in Practice: Grey-Box Auditing of Differential Privacy Libraries Where to Intervene? Benchmarking Fairness-Aware Learning on Differentially Private Synthetic Tabular Data “We Need a Standard”:Toward an Expert–Informed Privacy Label for Differential PrivacySession 6C: Anonymity: Defenses
Room: Caribou, TI-160 19:30-21:00 Precision Leads Recalling You! Improved Location Privacy for Shared Mobility Services SoK: Multi-Perspective-Video-Anonymization Di5Guise: 5G Privacy with vSIM Priv360: Application-Oriented QoE-Optimized Client-Side Protection for 360-Viewer Identification Pantomime: Motion Data Anonymization Using Foundation Motion Models21:00
Break
Room: TI Atrium, seating outdoors and in Caribou TI-16021:30
Session 7D: Cryptographic Tools for Privacy 2
Room: Moose, ENA201 21:30-23:00 Beyond the Output: Inference Attacks on Private Set Union and Multi-Key Private Matching tigro: Trust Infrastructure for Grassroots Organizing via Grounded Digital Annotations Oblivis: A Framework for Delegated and Efficient Oblivious Transfer LendLocked: Privacy & Transparency for Digital Library Lending ROTL: Faster Lookup Table EvaluationSession 7B: User Privacy Expectations and Norms 3
Room: Beaver, TI-110 21:30-23:00 Toward Adaptive Privacy-Enhancing Training: A Longitudinal Study of How Personality Shapes Responsiveness to Information Security Awareness Training “Users are worried, but we are confused”: Exploring the Privacy, Security, and Safety Perspectives and Practices of FemHealth App Product Team Members Are we collaborative yet? A Usability Perspective on Mixnet Latency for Real-Time Applications Toward Transparent IoT Purchases: Understanding User Preferences for Privacy and Security Properties of IoT Devices Analyzing Societal Awareness and Perception of Digital Fingerprinting and Fingerprinting CountermeasuresSession 7C: Language Models 2
Room: Caribou, TI-160 21:30-23:00 Personalizing Agent Privacy Decisions via Logical Entailment Personal Data Flows and Privacy Policy Traceability in Third-party GPT Integrations WebSP-Eval: Evaluating Web Agents on Website Security and Privacy Tasks Redefining Website Fingerprinting Attacks with Multi-Agent LLMs23:00
Closing Remarks, Awards, Walk to celebration
Room: TI Atrium23:30
Closing Celebration (Rump session 2, games)
Room: The Banquet – University District14:30
Breakfast (provided)
Room: TI Atrium, seating outdoors and in Caribou, TI-16015:00
Welcome! (coffee and chat)
15:30
Opening Remarks
15:45
Keynote: When Everyone's a Target: Rethinking Threat Models in the Age of Ambient, Inherited, and AI-Enhanced Surveillance
Rebekah Brown, The Citizen Lab 15:45–17:00 Abstract:Traditional threat modeling starts with asking "who is the target, who is the adversary, and what are they after?" For high-risk groups such as journalists, activists, and dissidents, the answers have historically been state actors with advanced capabilities who are interested in the target's communications, location, and social circles. But the volume and types of data now available, along with shifts in who controls this information, have changed many of these assumptions.
The Mosaic Theory, where individual data points combine to reveal sensitive patterns no single piece would expose, has been operationalized at scale. Contextual data collected through everyday technology use is now fed into machine learning systems capable of inferring information never explicitly disclosed by an individual, enabling not only targeted attacks, but digital stalking, doxxing, and impersonation. Fully automated profiling systems now exist that autonomously scrape, collect, and analyze raw user data using coordinated agents, eliminating the need for background knowledge or profiling expertise. As a result, threat models can no longer be limited to high-value targets or explicitly sensitive data. They must account for how ordinary digital traces can be transformed into actionable intelligence about almost anyone.
This talk draws on Citizen Lab research into targeted attacks and ad-tech surveillance and new work on stalkerware, alongside emerging research on AI-enabled profiling, to address how researchers and technologists should prioritize between high-sophistication targeted threats and lower-sophistication, mass-availability threats, including AI tools now accessible to any abuser or state actor.
Bio:
Rebekah Brown is a senior researcher at the Citizen Lab focussing on targeted threats against civil society. She has over 20 years of experience in threat intelligence and analysis. Before joining the Citizen Lab, Rebekah worked at Apple, where she focused on complex threat models and helped design and implement features for individuals at increased risk for stalking, harassment, and abuse.