Results

The results can also be found on the PETS 2026 proceedings.

2026.1

Title Artifact URL
Gaze3P: Gaze-Based Prediction of Perceived Privacy Artifact: Available
Ad Personalization and Transparency in Mobile Ecosystems: A Comparative Analysis of Google’s and Apple’s EU App Stores Artifact: Available, Functional, Reproduced
dX-Privacy for Text and the Curse of Dimensionality Artifact: Available, Functional
Location-Enhanced Information Flow for Home Automations Artifact: Available, Functional, Reproduced
PriVA-C: Defending Voice Assistants from Fingerprinting Attacks Artifact: Available
Bot Among Us: Exploring User Awareness and Privacy Concerns About Chatbots in Group Chats Artifact: Available, Functional, Reproduced
SPRINT: Scalable Secure & Differentially Private Inference for Transformers Artifact: Available, Functional
Ephemeral Network-Layer Fingerprinting Defenses Artifact: Available, Functional, Reproduced
Evaluating connection migration based QUIC censorship circumvention Artifact: Available, Functional, Reproduced
Privacy Attacks on Matrix Profiles based on Reconstruction Techniques Artifact: Available, Functional, Reproduced
Making Sense of Private Advertising: A Principled Approach to a Complex Ecosystem Artifact: Available, Functional, Reproduced
Personal Data Flows and Privacy Policy Traceability in Third-party LLM Apps in the GPT Ecosystem Artifact: Available, Functional, Reproduced
Sanitization or Deception? Rethinking Privacy Protection in Large Language Models Artifact: Available
Word-level Annotation of GDPR Transparency Compliance in Privacy Policies using Large Language Models Artifact: Available
ReporTor: Facilitating User Reporting of Issues Encountered in Naturalistic Web Browsing via Tor Browser Artifact: Available, Functional
Securing Private Federated Learning in a Malicious Setting: A Scalable TEE-Based Approach with Client Auditing Artifact: Available
How Experts Personalize Privacy & Security Advice for At-Risk Users Artifact: Available

2026.2

Title Artifact URL
Breaking BAD? Better Call SAUL! -- Breaking and Fixing Bloom Filters with Added Diffusion Artifact: Available
Frequency Estimation of Correlated Multi-attribute Data under Local Differential Privacy Artifact: Available, Functional, Reproduced
Preserving Target Distributions With Differentially Private Count Mechanisms Artifact: Available, Functional, Reproduced
Analyzing Societal Awareness and Perception of Digital Fingerprinting and Fingerprinting Countermeasures Artifact: Available, Functional
Privacy Bias in LLMs: A Contextual Integrity-based Auditing Metric Artifact: Available, Functional, Reproduced
Clicking into Exposure: Uncovering Privacy Risks of Google Click Identifier in YouTube Ads Artifact: Available, Functional, Reproduced
CoinJoin ecosystem insights for Wasabi 1.x, Wasabi 2.x and Whirlpool coordinator-based privacy mixers Artifact: Available, Functional, Reproduced
Secure Change-Point Detection for Time Series under Homomorphic Encryption Artifact: Available, Functional, Reproduced
Exercising the CCPA Opt-out Right on Android: Legally Mandated but Practically Challenging Artifact: Available, Functional
AI-in-the-Loop: Privacy Preserving Real-Time Scam Detection and Conversational Scambaiting by Leveraging LLMs and Federated Learning Artifact: Available
Cryptographically-Secured Domain Validation Artifact: Available, Functional, Reproduced
Obscura: Enabling Ephemeral Proxies for Traffic Encapsulation in WebRTC Media Streams Against Cost-Effective Censors Artifact: Available, Functional
Are we collaborative yet? A Usability Perspective on Mixnet Latency for Real-Time Applications Artifact: Available, Functional
What-App? App usage detection using encrypted LTE/5G traffic Artifact: Available, Functional
CURE: Privacy-Preserving Split Learning Done Right Artifact: Available, Functional
Analysis and Attacks on the Reputation System of Nym Artifact: Available, Functional, Reproduced
SentinelTouch: A Lightweight Privacy-Preserving Biometric-Fingerprinting Authentication and Identification System Based on Neural Networks and Homomorphic Encryption Artifact: Available, Functional, Reproduced
Humanitarian Aid Distribution with Privacy-Preserving Assessment Capabilities Artifact: Available, Functional, Reproduced
Gryphes: Hybrid Proofs for Modular SNARKs with Applications to zkRollups Artifact: Available, Functional, Reproduced
Pantomime: Motion Data Anonymization Using Foundation Motion Models Artifact: Available
Privacy by Voice: Designing Usable Privacy Notices for the Voice Interface Artifact: Available
tigro: Trust Infrastructure for Grassroots Organizing via Grounded Digital Annotations Artifact: Available
Multi-Party Private Join Artifact: Available, Functional, Reproduced
Privacy vs. Profit: The Impact of Google's Manifest Version 3 (MV3) Update on Ad Blocker Effectiveness Artifact: Available, Functional, Reproduced
“I Just Press Allow”: Understanding Privacy Practices of New Internet Users in Urban India Artifact: Available
Website fingerprinting on Nym: Attacks and Defenses Artifact: Available, Functional, Reproduced
HyperVerITAS: Verifying Image Transformations at Scale on Boolean Hypercubes Artifact: Available, Functional
SoK: Can Fully Homomorphic Encryption Support General AI Computation? A Functional and Cost Analysis Artifact: Available, Functional

2026.3

Title Artifact URL
Dodge: A Client-Side Framework for Application-Layer Video Fingerprinting Defenses Artifact: Available
Weight Initialization based on Gradient Similarity for Versatile Machine Unlearning Artifact: Available
Chatbot Confessions: Large-Scale Analysis of Private Data Disclosure in Shared AI Chatbot Conversations Artifact: Available, Functional
AudAgent: Automated Auditing of Privacy Policy Compliance in AI Agents Artifact: Available, Functional
Understanding Privacy and Quality Tradeoffs in Synthetic Network Data Artifact: Available
An Improved Entropy Measure for Web Browser Fingerprinting Risk Artifact: Available, Functional, Reproduced
Quantifying Classifier Utility under Local Differential Privacy Artifact: Available, Functional, Reproduced
Redefining Website Fingerprinting Attacks with Multi-Agent LLMs Artifact: Available
Pseudonymity at Risk: Linkage Attacks on Blockchain Users with Off-Chain Cues Artifact: Available
Privacy in Theory, Bugs in Practice: Grey-Box Auditing of Differential Privacy Libraries Artifact: Available, Functional, Reproduced
PROVGEN: A Privacy-Preserving Approach for Outcome Validation in Genomic Research Artifact: Available, Functional
DP-Hype: Distributed Differentially Private Hyperparameter Search Artifact: Available, Functional, Reproduced
CensorLess: Cost-Efficient Censorship Circumvention Through Serverless Cloud Functions Artifact: Available, Functional
Dynamic Probabilistic Noise Injection for Membership Inference Defense Artifact: Available, Functional, Reproduced
Access Granted, Privacy Lost: Formalizing & Quantifying the Hidden Anonymity Risks of Exclusive-Use Systems Artifact: Available, Functional, Reproduced
OAuthHub: Mitigating OAuth Data Overaccess through a Local Data Hub Artifact: Available, Functional
Banned Books: Analysis of Censorship on Amazon.com Artifact: Available
Practical Semi-Open Chat Groups for Secure Messaging Applications Artifact: Available, Functional, Reproduced
zkRevoke: Configurable Untraceability for Verifiable Credentials using ZKPs Artifact: Available, Functional, Reproduced
EXADPrinter: Semi-Exhaustive Permissionless Device Fingerprinting Within the Android Ecosystem Artifact: Available, Functional
The Masks We (Think We) Wear: Privacy Threats of Browser-Extension Wallets in the Web3 Ecosystem Artifact: Available, Functional, Reproduced
TraCS: Trajectory Collection in Continuous Space under Local Differential Privacy Artifact: Available, Functional
Revisiting the LiRA Membership Inference Attack Under Realistic Assumptions Artifact: Available, Functional, Reproduced

2026.4

Title Artifact URL
Cultivating a Tech-Safety Mindset using Game-Based Learning for Defending against Technology-Facilitated Abuse Artifact: Available
PQKryvos: Post-Quantum Secure E-Voting With Flexible Ballot Formats and Public Tally-Hiding Artifact: Available, Functional, Reproduced
The Empire Strikes Back (at Your Privacy): An Archaeology of Tracking on Government Websites Artifact: Available, Functional
SoK: Verifiable Integrity Claims for Privacy-Preserving Federated Learning Artifact: Available
``Because I didn't touch these and even don't know why I should to change these'': Why App Developers Do (Not) Update Apple's Privacy Labels Artifact: Available
No Privacy for Privates: How Military Communities Experience and Perceive the Privacy Risks of Military-Marketed Mobile Apps Artifact: Available
CoP: Coordinated Perturbation for Controlled Disclosure Under Local Differential Privacy Artifact: Available, Functional
Troll Patrol: Anonymous User Reporting of Bridge Censorship Artifact: Available, Functional, Reproduced
More Space, Less Privacy? Measuring the Effectiveness of IP-based Website Fingerprinting in IPv6 Artifact: Available, Functional, Reproduced
P-Box: Preventing Unwanted Data Flows using Permission Sandboxes on Android Artifact: Available, Functional, Reproduced
LendLocked: Privacy & Transparency for Digital Library Lending Artifact: Available, Functional, Reproduced
Zero-Knowledge Proofs of Generalized Regular Expression Matching for Anonymized Email Verification Artifact: Available
EvaluatAR: A Cross-Device Evaluation Framework for Rapid Prototyping of Bystander PETs in AR Artifact: Available, Functional
Di5Guise: 5G Privacy with vSIM Artifact: Available
Training TFHE-Based Neural Networks with Approximated Floating-Point Arithmetic Artifact: Available, Functional
RingOA: Fast Oblivious Access for Large-Scale Privacy-Preserving Structured Data Analysis Artifact: Available, Functional
Waterfall: A Capsule-Based Framework for Evaluating Traffic Watermarking in Anonymity Systems Artifact: Available
When Drones Meet Privately: Secure Coordination with 𝑡-PSI Artifact: Available, Functional, Reproduced
Measuring Legislature-Aligned Privacy Risks in Synthetic Graphs Artifact: Available, Functional, Reproduced
Impact of Graph Structure on Membership-Inference Risk for Graph Neural Networks Artifact: Available, Functional, Reproduced
Maude-HCs: Model Checking the Undetectability-Performance Tradeoffs of Hidden Communication Systems Artifact: Available, Functional, Reproduced
Overcoming Language Barriers: Multilingual Analysis of the 2023 Swiss Privacy Law's Impact Artifact: Available
The Role of Online Forums in Developer Understanding of Privacy Law - A Reddit Case Study Artifact: Available
CAnonize: a Compact Anonymous Survey Protocol Artifact: Available, Functional, Reproduced
Designing Reflective Thinking-Based Contextual Privacy Policy for Mobile Applications Artifact: Available
Disclosure Divergence: Measuring Privacy Policy and Data Safety Misalignment at Scale Artifact: Available, Functional, Reproduced
Breaking and (Partially) Fixing Onion Routing with Fragmentation Artifact: Available, Functional, Reproduced
From Syntactic Matching to Taint Tracking and Back: A Comparative Study of Web Tracking Detection Techniques Artifact: Available, Functional, Reproduced
POPPY: Scalable and Secure Spectral Centrality for Distributed Graphs via Homomorphic Encryption Artifact: Available, Functional, Reproduced
Beyond the Output: Inference Attacks on Private Set Union and Multi-Key Private Matching Artifact: Available, Functional, Reproduced
Enabling Personal Dataflow Sovereignty via Bolt-on Data Escrow Artifact: Available
When Tables Leak: Attacking String Memorization in LLM-Based Tabular Data Generation Artifact: Available
On the Suitability of LLM-Driven Agents for Dark Pattern Audits Artifact: Available, Functional
SoK: Offline Finding Protocols for Lightweight Location Tracking Artifact: Available
Where to Intervene? Benchmarking Fairness-Aware Learning on Differentially Private Synthetic Tabular Data Artifact: Available, Functional, Reproduced
FHEON: A Configurable Framework for Developing Privacy-Preserving Encrypted Neural Networks Artifact: Available, Functional, Reproduced
CODoH: Privacy-Preserving Caching for Oblivious DNS over HTTPS Artifact: Available, Functional
WebSP-Eval: Evaluating Web Agents on Website Security and Privacy Tasks Artifact: Available, Functional
Priv360: Application-Oriented QoE-Optimized Client-Side Protection for 360-Viewer Identification Artifact: Available
Poison to Detect: Detection of Targeted Overfitting in Federated Learning Artifact: Available
FinP: Fairness-in-Privacy in Federated Learning by Addressing Disparities in Privacy Risk Artifact: Available, Functional, Reproduced
Revisiting Assumptions for Membership Inference on Summary Statistics Artifact: Available, Functional, Reproduced