Addressing the Address Books' (Interdependent) Privacy Issues
Kavous Salehzadeh Niksirat
34th USENIX Security Symposium (USENIX Security '25) · Day 3 · Privacy 3: Attacks
Kavous Salehzadeh Niksirat, from the Max Planck Institute for Security and Privacy, presented a critical examination of the often-overlooked privacy issues inherent in **digital address books (DAPs)**. Co-authored with colleagues from the University of Lausanne, University of Zurich, and Masaryk University, this research highlights how DAPs are a textbook example of **interdependent privacy**, a concept where one individual's privacy is significantly impacted by the actions of others. The talk delves into the pervasive practice of storing personally identifiable information (PII) about contacts, often without their knowledge or consent, and the subsequent syncing of this data with online services and third-party applications.
AI review
Legitimate academic privacy research on an underexplored surface — interdependent privacy in contact books is a real and underappreciated problem, and the empirical work (900+ respondents, actual Google Contacts data via API) gives it credibility. But this is solidly in the 'could have been a paper' category: no novel attack, no exploit, no systemic surprise that reframes how defenders should operate tomorrow.