How should DNS work for billions of IoT devices—and how do we ensure it does so securely and privately?

What does it take to re-identify 100,000 “anonymous” users? In our latest study, we show that anonymized human mobility data isn’t as safe as it seems. By leveraging subtle patterns in location density, movement structure, and temporal activity, we were able to reverse-engineer real trajectories of users at a national scale in Japan.

QR codes are pervasive in modern digital interactions, but despite their convenience, they pose significant privacy risks that are often underestimated. For instance, privacy issues escalate when scanned URLs trigger HTTP redirections involving QR URL shorteners and third-party domains, exposing user data to external entities. However, a comprehensive study of the privacy implications of QR code interactions concerning cookie exploitation and query strings remains lacking in the literature.

Wi-Fi is one of the most notable and prevalent wireless technologies today. Smartphones and other Wi-Fi-enabled devices find nearby networks using management frames known as probe-requests. In this paper, we infer the state of smartphones by passively monitoring their transmitted probe-requests.

WiFi-based crowdsensing is a major source of data in a variety of domains such as human-mobility, pollution-level estimation, and, opportunistic networks. MAC randomisation is a backbone for preserving user-privacy in WiFi, as devices change their identifiers (MAC addresses).

With growing privacy concerns over the last decade, two of the most notable wireless technologies – i.e., BLE and WiFi – are being more and more investigated in terms of privacy vulnerabilities.

NemFi is a record-and-replay emulator that captures traces representing real WiFi conditions, and later replay these traces to reproduce the same conditions.