Program

Presentations: 20 minutes for full and 10 minutes for short papers; followed by approx. 3 minutes of Q&A.

• 09:00 — 09:10 Opening remarks
• 09:10 — 10:30 Session 1: Privacy policies (Session Chair: Panos Papadimitratos)
  • Impact Analysis of Organizational Structure of Group Companies on Privacy Policies [short]
    Keika Mori (Deloitte Tohmatsu Cyber LLC), Yuta Takata (Deloitte Tohmatsu Cyber LLC), Daiki Ito (Deloitte Tohmatsu Cyber LLC), Masaki Kamizono (Deloitte Tohmatsu Cyber LLC) and Tatsuya Mori (Waseda University / NICT / RIKEN AIP)
  • From Privacy Policies to Privacy Threats: A Case Study in Policy-Based Threat Modeling
    Yana Dimova (KU Leuven), Mrunmayee Kode (KU Leuven), Shirin Kalantari (KU Leuven), Kim Wuyts (KU Leuven), Wouter Joosen (KU Leuven) and Jan Tobias Muehlberg (Université libre de Bruxelles)
  • Trends in Privacy Dialog Design after the GDPR: The Impact of Industry and Government Actions
    Logan Warberg (Carnegie Mellon University), Vincent Lefrere (Institut Mines-Télécom, Business School), Cristobal Cheyre (Cornell University) and Alessandro Acquisti (Carnegie Mellon University)
  • Legitimate Interest is the New Consent – Large-Scale Measurement and Legal Compliance of IAB Europe TCF Paywalls [short]
    Victor Morel (Chalmers), Cristiana Santos (Utrecht University), Viktor Fredholm (Chalmers) and Adam Thunberg (Chalmers)
• 10:30 — 11:00 Coffee break
• 11:00 — 12:00 Session 2: Ads, payments and sharing privacy (Session Chair: Natasha Fernandes)
  • Zef: Low-latency, Scalable, Private Payments
    Mathieu Baudet (Linera), Alberto Sonnino (Mysten Labs and University College London), Mahimna Kelkar (Cornell University) and George Danezis (Mysten Labs and University College London)
  • Analysis of Google Ads Settings Over Time: Updated, Individualized, Accurate, and Filtered [short]
    Nathan Reitinger (University of Maryland), Bruce Wen (University of Chicago), Michelle Mazurek (University of Maryland) and Blase Ur (University of Chicago)
  • Bazaar: Anonymous Resource Sharing [short]
    Christoph Coijanovic (KIT), Daniel Schadt (KIT), Christiane Weis (NEC Laboratories Europe) and Thorsten Strufe (KIT)
• 12:00 — 13:30 Lunch break
• 13:30 — 14:30 Session 3: Mobile and IoT privacy (Session Chair: Blase Ur)
  • Extending Browser Extension Fingerprinting to Mobile Devices [short]
    Brian Hyeongseok Kim (University of Southern California), Shujaat Mirza (New York University) and Christina Pöpper (New York University Abu Dhabi)
  • Comparing Privacy Labels of Applications in Android and iOS
    Rishabh Khandelwal (University of Wisconsin Madison), Asmit Nayak (University of Wisconsin-Madison), Paul Chung (University of Wisconsin Madison) and Kassem Fawaz (University of Wisconsin-Madison)
  • The HandyTech’s Coming Between 1 and 4: Privacy Opportunities and Challenges for the IoT Handyperson [short]
    Denise Anthony (University of Michigan), Carl A. Gunter (University of Illinois at Urbana-Champaign), Weijia He (Dartmouth College), Mounib Khanafer (American University of Kuwait), Susan Landau (Tufts University), Ravindra Mangar (Dartmouth College) and Nathan Reitinger (University of Maryland)
• 14:30 — 15:00 Coffee break
• 15:00 — 16:30 Session 4: Web and learning privacy (Session Chair: Tobias Pulls)
  • UA-Radar: Exploring the Impact of User Agents on the Web
    Jean Luc Intumwayase (Univ. Lille, CNRS, Inria), Imane Fouad (Univ. Lille, CNRS, Inria), Pierre Laperdrix (CNRS, Univ Lille, Inria) and Romain Rouvoy (Univ. Lille, CNRS, Inria)
  • A First Look at Generating Website Fingerprinting Attacks via Neural Architecture Search [short]
    Prabhjot Singh (University of Waterloo), Shreya Arun Naik (University of Waterloo), Navid Malekghaini (University of Waterloo), Diogo Barradas (University of Waterloo) and Noura Limam (University of Waterloo)
  • Client-specific Property Inference against Secure Aggregation in Federated Learning
    Raouf Kerkouche (CISPA Helmholtz Center for Information Security), Gergely Ács (Department of Networked Systems and Services, CrySyS Lab, BME) and Mario Fritz (CISPA Helmholtz Center for Information Security)
  • Unveiling the Impact of User-Agent Reduction and Client Hints: A Measurement Study
    Asuman Senol (COSIC, KU Leuven) and Gunes Acar (Radboud University)
• 16:30 — 16:45 Short break
• 16:45 — 17:45 Session 5: Traffic and information flow analysis (Session Chair: Gergely Ács)
  • Maybenot: A Framework for Traffic Analysis Defenses
    Tobias Pulls (Karlstad University) and Ethan Witwer (University of Minnesota)
  • TIGER: Tor Traffic Generator for Realistic Experiments [short]
    Daniela Lopes (INESC / Instituto Superior Técnico - Universidade de Lisboa), Daniel Castro (INESC / Instituto Superior Técnico - Universidade de Lisboa), Diogo Barradas (University of Waterloo) and Nuno Santos (INESC / Instituto Superior Técnico - Universidade de Lisboa)
  • A Quantitative Information Flow Analysis of the Topics API [short]
    Mário S. Alvim (Universidade Federal de Minas Gerais), Natasha Fernandes (Macquarie University), Annabelle McIver (Macquarie University) and Gabriel H. Nunes (Macquarie University)
• 17:45 — 17:50 Closing remarks