- Sponsor:
- sigsac
It is our great pleasure to welcome you to the 21st Workshop on Privacy in the Electronic Society (WPES'22). This is the twenty-first edition of WPES, a workshop intended to attract submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of electronic privacy, experimental studies of fielded systems, as well as perspectives of other communities such as law and business. To facilitate attendance to a global audience in times of the ongoing public health challenges, the workshop will take place both in person and online. Two types of papers will be presented: full papers, which are no more than 12 pages in the ACM double-column format, excluding the bibliography and well-marked appendix, and short papers, which are up to 4 pages for results that are preliminary or that simply require few pages to describe.
The call for papers attracted 59 submissions (43 as full papers and 16 as short papers) from Austria, Belgium, Canada, France, Germany, Israel, Netherlands, Sweden, Turkey, and United States. Authors of 28 full paper submissions would like their submissions to be considered for short papers as well. Those submissions were evaluated by a program committee consisting of 51 researchers whose backgrounds include a diverse array of topics related to privacy. Each paper was reviewed by at least 3 members of the program committee, and the average number of reviews for each paper is 3.75. Papers were evaluated based on their importance, novelty, and technical quality. After the rigorous review process, 12 submissions were accepted as full papers (acceptance rate: 20.3%) and additionally 8 submissions were accepted as short papers.
Proceeding Downloads
Classification of Encrypted IoT Traffic despite Padding and Shaping
It is well-known that when IoT traffic is unencrypted it is possible to identify the active devices based on their TCP/IP headers. And when traffic is encrypted, packet-sizes and timings can still be used to do so. To defend against such fingerprinting, ...
Splitting Hairs and Network Traces: Improved Attacks Against Traffic Splitting as a Website Fingerprinting Defense
The widespread use of encryption and anonymization technologies---e.g., HTTPS, VPNs, Tor, and iCloud Private Relay---makes network attackers likely to resort to traffic analysis to learn of client activity. For web traffic, such analysis of encrypted ...
Padding-only Defenses Add Delay in Tor
Website fingerprinting is an attack that uses size and timing characteristics of encrypted downloads to identify targeted websites. Since this can defeat the privacy goals of anonymity networks such as Tor, many algorithms to defend against this attack ...
Sauteed Onions: Transparent Associations from Domain Names to Onion Addresses
Onion addresses offer valuable features such as lookup and routing security, self-authenticated connections, and censorship resistance. Therefore, many websites are also available as onionsites in Tor. The way registered domains and onion addresses are ...
Fisher Information as a Utility Metric for Frequency Estimation under Local Differential Privacy
Local Differential Privacy (LDP) is the de facto standard technique to ensure privacy for users whose data is collected by a data aggregator they do not necessarily trust. This necessarily involves a tradeoff between user privacy and aggregator utility, ...
PRSONA: Private Reputation Supporting Ongoing Network Avatars
As an increasing amount of social activity moves online, online communities have become important outlets for their members to interact and communicate with one another. At times, these communities may identify opportunities where providing their ...
Data Protection Law and Multi-Party Computation: Applications to Information Exchange between Law Enforcement Agencies
Pushes for increased power of Law Enforcement (LE) for data retention and centralized storage result in legal challenges with data protection law and courts-and possible violations of the right to privacy. This is motivated by a desire for better ...
Secure Maximum Weight Matching Approximation on General Graphs
Privacy-preserving protocols for matchings on general graphs can be used for applications such as online dating, bartering, or kidney donor exchange. In addition, they can act as a building block for more complex protocols. While privacy-preserving ...
Is Your Policy Compliant?: A Deep Learning-based Empirical Study of Privacy Policies' Compliance with GDPR
Since the General Data Protection Regulation (GDPR) came into force in May 2018, companies have worked on their data practices to comply with the requirements of GDPR. In particular, since the privacy policy is the essential communication channel for ...
Darwin's Theory of Censorship: Analysing the Evolution of Censored Topics with Dynamic Topic Models
We present a statistical analysis of changes in the Internet censorship policy of the government of India from 2016 to 2020. Using longitudinal observations of censorship collected by the ICLab censorship measurement project, together with historical ...
A Study of Users' Privacy Preferences for Data Sharing on Symptoms-Tracking/Health App
Symptoms-tracking applications allow crowdsensing of health and location related data from individuals to track the spread and outbreaks of infectious diseases. During the COVID-19 pandemic, for the first time in history, these apps were widely adopted ...
UnSplit: Data-Oblivious Model Inversion, Model Stealing, and Label Inference Attacks against Split Learning
Training deep neural networks often forces users to work in a distributed or outsourced setting, accompanied with privacy concerns. Split learning aims to address this concern by distributing the model among a client and a server. The scheme supposedly ...
SplitGuard: Detecting and Mitigating Training-Hijacking Attacks in Split Learning
Distributed deep learning frameworks such as split learning provide great benefits with regards to the computational cost of training deep neural networks and the privacy-aware utilization of the collective data of a group of data-holders. Split ...
Adversarial Detection of Censorship Measurements
The arms race between Internet freedom technologists and censoring regimes has catalyzed the deployment of more sophisticated censoring techniques and directed significant research emphasis toward the development of automated tools for censorship ...
Fingerprinting and Personal Information Leakage from Touchscreen Interactions
The study aims to understand and quantify the privacy threat landscape of touch-based biometrics. Touch interactions from mobile devices are ubiquitous and do not require additional permissions to collect. Two privacy threats were examined - user ...
Privacy and Security Evaluation of Mobile Payment Applications Through User-Generated Reviews
Mobile payment applications are crucial to ensure seamless day-to-day digital transactions. However, users' perceived privacy- and security-related concerns are continually rising. Users express such thoughts, complaints, and suggestions through app ...
Casing the Vault: Security Analysis of Vault Applications
Vault applications are a class of mobile apps used to store and hide users' sensitive files (e.g., photos, documents, and even another app) on the phone. In this paper, we perform an empirical analysis of popular vault apps under the scenarios of unjust ...
Tracking the Evolution of Cookie-based Tracking on Facebook
We analyze in depth and longitudinally how Facebook's cookie-based tracking behavior and its communication about tracking have evolved from 2015 to 2022. More stringent (enforcement of) regulation appears to have been effective at causing a reduction in ...
All Eyes On Me: Inside Third Party Trackers' Exfiltration of PHI from Healthcare Providers' Online Systems
In the United States, sensitive health information is protected under the Health Insurance Portability and Accountability Act (HIPAA). This act limits the disclosure of Protected Health Information (PHI) without the patient's consent or knowledge. ...
Your Consent Is Worth 75 Euros A Year - Measurement and Lawfulness of Cookie Paywalls
Most websites offer their content for free, though this gratuity often comes with a counterpart: personal data is collected to finance these websites by resorting, mostly, to tracking and thus targeted advertising. Cookie walls and paywalls, used to ...
Index Terms
- Proceedings of the 21st Workshop on Privacy in the Electronic Society