Recent News (Short Selection)

> 2021

May 2021 Two articles presented at CHI2021:
-Y Feng, Y Yao, N Sadeh, A Design Space for Privacy Choices: Towards Meaningful Privacy Control in the Internet of Things Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems, May 2021
-Hana Habib, Yixin Zou, Yaxing Yao, Alessandro Acquisti, Lorrie Faith Cranor, Joel Reidenberg, Norman Sadeh, and Florian Schaub, Toggles, Dollar Signs, and Triangles: How to (In)Effectively Convey Privacy Choices with Icons and Link Texts, Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems, May 2021

Here’s a CyLab press release on our work organizing the design space of privacy choices and a press release on the adoption of our recommended logo and textual description for CCPA opt-out choices by the California Office of the Attorney General

April 2021 Two articles accepted for publication in PoPETS2021:
-S Zhang, Y Feng, L Bauer, LF Cranor, A Das, and N Sadeh, “Did you know this camera tracks your mood?”: Understanding Privacy Expectations and Preferences in the Age of Video Analytics Proceedings on Privacy Enhancing Technologies, 2, 1, Apr 2021
-Peter Story, Daniel Smullen, Yaxing Yao, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, and Florian Schaub, Awareness, Adoption, and Misconceptions of Web Privacy Tools. Proceedings on Privacy Enhancing Technologies Symposium (PoPETS 2021), 3, Jul 2021

January 2021: Our group just released Opt-Out Easy, a browser extension for Chrome and Firefox that uses machine learning to automatically identify opt-out choices buried deep in the text of privacy policies. This should increase awareness of available opt-out choices and enable people to more readily exercise these choices. Here’s the CyLab press release (including a short video). This research was also published at the 2020 Web Conference

> 2020

December 2020: The California Office of the Attorney General (“Cal AG”) just announced they would rely on icons and text we designed andd evaluated for the new California Consumer Privacy Act (CCPA). Here’s the CyLab’s press release summarizing the work we conducted to inform and refine the design. And here’s the official March 2021 press release from the Cal AG acknowledging our contribution. The icons and accompanying text can be downloaded from the Cal AGs site here

December 2020: released new version of our IoT Privacy Infrastructure and IoT Assistant app. The infrastructure enables people to publicize the presence of IoT data collection processes at different locations and the IoT Assistant app enables people to discover them. Check it out!

November 2020: Just announced two new options in our privacy engineering program Both options are designed for working professionals interested in getting privacy engineering training without having to leave their existing jobs

November 2020 The Decision Sciences Institute announced that our 1998 article on Modeling Supply Chain Dynamics: A Multiagent Approach is one of the 15 most cited papers in the 50 year history of its Decision Sciences Journal. This was joint work with my former PhD student Jay Swaminathan and my colleague Steve Smith At the time, people were relying on monolithic models that failed to capture the effects of information exchange policies or the competitive nature of the market places in which supply chain entities operate.

October 2020 Presenting our work on the Design of a Privacy Infrastructure for the Internet of Things at 2020 USENIX Privacy Engineering Practice and Respect Conference (PEPR’20).

August 2020 Peter Story presents our work on From Intent to Actions: Nudging Users Towards Secure Mobile Payments at the 2020 Symposium on Usable Privacy and Security (see CyLab press release here

July 2020: Our group presents three articles at the annual Federal Trade Commission’s Privacy Con conference (see also CyLab press release):
-Zhang, Feng, Das, Bauer, Cranor and Sadeh, Understanding People’s Privacy Attitudes Towards Video Analytics
-Habib, Zou, Jannu, Sridhar, Swoopes, Acquisti, Cranor, Sadeh, Schaub, An Empirical Analysis of Data Deletion and Opt-Out Choices on 150 Websites
-Habib, Pearman, Wang, Zou, Acquisti, Cranor, Sadeh, Schaub, ‘It’s a Scavenger Hunt’: Usability of Websites’ Opt-Out and Data Deletion Choices

July 2020“ Daniel Smullen presents our work on The Best of Both Worlds: Mitigating Accuracy and User Burden in Capturing People’s Mobile App Privacy Preferences the 20th Privacy Enhancing Technologies Symposium. Here’s the CyLab press release

June 2020: Apple iOS14 introduces mobile app privacy nutrition labels similar to those proposed in the CHI’2013 “Privacy as Part of the App Decision Making Process” paper I co-authored with Patrick Gage Kelley and Lorrie Cranor – Apple informed us a little before the announcement…

June 2020: Our paper on “Evaluating How Global Privacy Principles Answer Consumers’ Questions About Mobile App Privacy“ (Joel R. Reidenberg, Norman Sadeh, Thomas Norton, and Abhilasha Ravichander) will be discussed by Kevin Moriarty (FTC) at the 2020 Privacy Law Scholar Conference

May 2020: Online Privacy+Security Forum panel on IoT Privacy in the Age of CCPA and GDPR with Achim Klabunde (Advisor to the European Data Protection Supervisor) and Gabriela Zanfir-Fortuna (Senior Policy Counsel, Future of Privacy Forum)

April 2020: Vinay Kumar and Roger Iyengar remotely present our paper on , Finding a Choice in a Haystack: Automatic Extraction of Opt-Out Statements from Privacy Policy Text at the 2020 Web Conference.

March 2020: A few of the press articles on our IoT Privacy Infrastructure:
-CNET: This app lets you see IoT devices around you and what data they’re taking
-Engadget: Carnegie Mellon built an ‘opt-out’ system for nearby tracking devices
-Gizmodo: This App Tells You When Nearby Smart Devices Are Snooping on You
-VICE: What the Hell Is That Device, and Is It Spying on You? This App Might Have the Answer
-BoingBoing: New app helps you identify IoT devices around you, tells you what data they collect

February 2020:Our Privacy Infrastructure for the Internet of Things is now available. Use our IoT Portal to publicize the presence of IoT resources and their data practices, and use our IoT Assistant app to discover and control data collection around you (available both for iOS and Android phones. Check out our video and also CMU’s CyLab press release

February 2020: Our Societal Computing PhD program releases new faculty highlight videos

January 28, 2020: Come and join us as we celebrate Privacy Day at CMU


December 2019: Watch videos on our research in the Usable Privacy Policy Project

December 2019: Just graduated my PhD student, Bin Liu. His dissertation on “Can Machine Learning Help People Configure their Mobile App Privacy Settings?“ can be found here. Congrats, Bin!

November 2019: Abhilasha Ravichander is presenting our paper on “Question Answering for Privacy Policies: Combining Computational and Legal Perspectives“ at the 2019 Conference on Empirical Methods in Natural Language Processing (EMNLP 2019).

October 2019: Tom Norton is presenting our paper on “Evaluating How Global Privacy Principles Answer Consumers’ Questions About Mobile App Privacy“ at the 2019 European Privacy Law Scholars Conference in Amsterdam

October 2019: Joint IAPP/CMU Privacy Seminar on Privacy in the Age of Smartphones and the Internet of Things: Why It is Challenging & What We Can Do About It

September 2019: Apple’s new iOS13 operating system introduces background privacy nudges that are nearly identical to those we had piloted with great success in a study we published at CHI’2015 and had been advocating for ever since.

August 2019: Half-day tutorial at SOUPS 2019 with Helen Nissenbaun and Serge Egelman: Contextual Integrity: From Theory to Practice Collocated with Usenix 2019, Santa Clara, CA.

August 2019: Hana Habib presents our paper on An Empirical Analysis of Data Deletion and Opt-Out Choices on 150 Websites at SOUPS 2019

July 2019: Excited to receive $1.2M National Science Foundation award to work on Digital Assistants to automatically answer people’s privacy questions. This is joint work with Joel Reidenberg (CLIP/Fordham Law School), Shomir Wilson (Penn State, CIST), and Tom Norton (CLIP/Fordham Law School). See also CyLab press release

July 2019: PoPETS 2019 article detailing how we analyzed over 1 million Android apps for potential privacy compliance issues presented in Stockholm. See also CyLab press release discussing our MAPS mobile app privacy compliance tool.

June 2019: Honored to receive $100k award from Mozilla for our work on personalized privacy assistants.

May 2019: Expert Address at Hong Kong University: What if Computers Understood Privacy Policies? A Look at Advances in Natural Language Processing through the Lens of Privacy

May 2019: Presenting our Privacy Infrastructure for IoT and our work on Personalized Privacy Assistant at IAPP Global Privacy Summit in DC

April 2019: Quoted in recent Gizmodo piece on privacy risks associated with the widespread adoption of smart speakers

March 2019: Co-organizing AAAI Spring Symposium on Privacy-Enhancing AI and Language Technologies (PAL2019) at Stanford.

March 2019: Panelist, Cybersecurity Commercialization Founders and Funders Workshop Schwarz Center for Entrepreneurship, Tepper School of Business, Carnegie Mellon University

March 2019: CyLab article discusses our work on technology to automatically read privacy policies

Feb 1, 2019: Op-ed in the Hill: Congress: Make Privacy the Rule – Not the Exception

Feb 1, 2019 : Co-Organizing Privacy Day Celebration at CMU


November 29, 2018: Wombat Security Technologies: How We Got to a $225M Exit by Phishing our Customers, TiE Pittsburgh keynote, Schwartz Center for Entrepreneurship, Carnegie Mellon University

November 2018 Nice article in Trends about me (here’s the Google Translation from Dutch into English)

October 24, 2018: Panelist, Debating Ethics: Dignity and Respect in Data-Driven Life, 40th International Conference of Data Protection and Privacy Commissioners, European Parliament, Brussels. A CyLab Q&A, following the panel can be found here . You can watch a video of my initial remarks here or watch the full panel here , or you can read the conference report

August 2018: Awarded new $1.2M NSF grant for collaboration with Serge Egelman and Helen Nissenbaum to inform the development of privacy controls in mobile and IoT using contextual integrity

June 2018: Two articles at the Annual Privacy Forum in Barcelona:
-Story, Zimmeck, Sadeh, Which Apps have Privacy Policies?
-Schiffner, Berendt et al. Towards a Roadmap for Privacy Technologies and the General Data Protection Regulation: A transatlantic initiative

June 2018: Keynote at NSF Workshop on Security Assured Cyberinfrastructure in Pennsylvania (SAC-PA2), Pittsburgh, PA, June 2018

May 2018: Expert Address at Hong Kong University, “Artificial Intelligence, the Internet of Things and Privacy: Are We Doomed?”

May 15, 2018: Honored to receive the 2018 Pittsburgh Venture Capital Association (PVCA) Outstanding Entrepreneur award together with Joe Ferrara. PVCA’s awards recognize “remarkable entrepreneurs…for their extraordinary contributions to innovation and the region’s entrepreneurial vitality”. Here’s a list of earlier honorees

April 2018: Interviewed on local KDKA TV news channel about Facebook and the Cambridge Analytica fiasco

April 2018: Quoted in Wired article discussing the limitations of app permissions, including the way in which permission bundling forces users to make impossible decisions – as shown in our research.

March 29, 2018: Panelist at IAPP’s Inaugural Privacy Engineering Section Forum IAPP Global Summit, Washington DC. I’m on the panel titled: “The Regulators View: Engineering Mitigation Efforts”.

March 1, 2018: Check out article and video on our technology to automatically interpret statements found in privacy policies. The article is based on the new release of our website. Here’s also an article in Fast Company/Co-Design

March 1, 2018: After an amazing 10 years, Wombat Security Technologies, the CMU spinoff I co-founded with Jason Hong and Lorrie Cranor to commercialize results of our research on combating phishing attacks was acquired by Proofpoint for $225M. Here is the CMU press release. The original Proofpoint press release is here. This is also covered in news articles abroad (e.g., here’s a French article in Le Monde Informatique).

Feb. 28, 2018: Our research group presents two papers and several posters at the FTC’s annual Privacy Conference. I’ll be presenting our work on privacy assistants to help users keep up with the broad deployment of cameras and computer vision algorithms – see our article here

Jan 26, 2018: Co-Organizing Privacy Day Celebration at CMU. See also CyLab announcement here.

Jan 26, 2018: Announcing the release of new interactive website showcasing machine-generated annotations of a little over 7,000 privacy policies


December 2017: Just graduated my PhD student, Hazim Almuhimedi. His dissertation on “Helping Smartphone Users Manage their Privacy with Nudges“ can be found here. Congrats, Hazim!

November 2017: Keynote at workshop on Privacy Engineering Research and the GDPR: A Trans-Atlantic Initiative -Leuven, Belgium . Presentation Slides

November 2017: Wombat Security Technologies ranked 135th fastest growing company in North America in Deloitte’s 2017 Technology Fast 500. See Wombat’s press release including other recent accomplishments.

October 2017: Wombat Security Technologies is clear leader for 4th consecutive year in Gartner’s 2017 Magic Quadrant in Security Awareness Computer-Based Training

October 2017: Panelist at 3 Rivers Venture Fair (Pittsburgh) – Panel on Cybersecurity

October 2017: Panelist at Privacy + Security Forum (Washington, DC) – Panel titled “From Big Data, to Machine Learning, to AI

September 2017: Panelist at CyLab annual conference

August 2017: The Center for Democracy and Technology (CDT) relies on results from our Mobile App Privacy Compliance tool in a study conducted to provide follow-up comments to the FTC/NHTSA workshop on Connected Cars

August 2017: Our 2017 SOUPS article on Privacy Preferences and Expectations in an IoT World discussed on the CyLab website

July 2017: Anupam Das presents our article on Assisting Users in a World Full of Cameras: A Privacy-aware Infrastructure for Computer Vision Applications at workshop on the Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security IEEE Conference on Computer Vision and Pattern Recognition Workshops (CVPRW)

July 2017: Consider registering for our SOUPS tutorial We will cover new technologies, tools and findings coming out of our Usable Privacy Policy and Privacy Assistant projects.

June 2017: Best paper award at ACM MMSys Conference for our article on A Scalable and Privacy-Aware IoT Service for Live Video Analytics

May 2017: Invited Speaker at FTC Technology and Consumer Protection Workshop (ConPro’17) in San Jose (co-located with 38th IEEE Symposium on Security & Privacy Conference)

May 2017: MIT Technology Review article on our Privacy Assistant work – Personal AI Privacy Watchdog Could Help you Regain Control of Your Data

May 2017: I am the recipient of a Google faculty research award for my work on a privacy infrastructure for the Internet of Things.

April 2017: Panelist at CMU US-China Summit on Innovation and Entrepreneurship

April 2017: Our mobile app privacy compliance work featured on CyLab website

March 2017: IoT Security and Privacy: What Can We Learn from the Mobile App Stores? Expert address at Hong Kong University

February 2017: What If Computers Understood Privacy Policies? And, What If They Knew What We Care About? is the title of my Cylab Distinguished Seminar on February 20. Here’s a link to the video

February 2017: Just released first version of our Privacy Assistant in the Google Play store. For the time being, it’s only available for rooted Android phones. Hoping that over time we can make it available to everyone. The launch is also getting some nice press coverage, including The Verge, PC Magazine and the Boston Globe

February 2017: Christian Science Monitor mentions our research

January 2017: Co-organizing Privacy Day at CMU with Lorrie Cranor – See CyLab announcement and article in the Trib

Jan 2017: Project by Amanda Holt, Thomas Koike and Roykrong Sukkerd to help the visually impaired identify phishing emails. See also CyLab article here featured on CyLab webpage. The project was conducted in my Information Security and Privacy class this past Fall semester

January 2017: Sebastian Zimmeck to present our paper on Automated Analysis of Privacy Requirements for Mobile Apps at the FTC’s PrivacyCon conference

January 2017: As lead PI of our Usable Privacy Policy Project Frontier project, participated in panel on Conceiving and Running Center-Scale Frontier Projects at NSF’s Secure and Trustworthy Cyberspace (SaTC) Principal Investigators’ Meeting


November 2016: I’ll be giving the opening keynote at the AAAI Fall Symposium on Privacy and Language Technologies DC. Our Usable Privacy Policy Project will also be presenting four papers at the Symposium.

November 2016: CMU press release on our mobile app compliance tool and our work with the California AG

November 2016: Wombat Security Technologies ranked 144th fastest growing company in North America in Deloitte’s 2016 Technology Fast 500 and also fastest growing company in Pennsylvania for second year in a row

October 2016: The California AG’s Office has been piloting our Mobile App Privacy Compliance tool for the past several months. See recent press release from the Cal AG’s Office This is research funded under our Usable Privacy Policy Project and our Personalized Privacy Assistant project

October 2016: FTC Chairwoman Ramirez mentions our privacy assistant for the Internet of Things in interview with MIT Technology Review

October 2016: Gartner Group positions Wombat Security Technologies as Leader in its magic quadrant for cybersecurity training for 3rd consecutive year

September 2016: Our privacy work is featured in CIO Magazine

August 2016: FTC Chairwoman Edith Ramirez mentions our Personalized Privacy Assistant project in her keynote address at the Technology Policy Institute Aspen Forum

August 2016: Recent coverage in Ed Tech article focusing on security and privacy in IoT

July 2016: Our Personalized Privacy Assistant is featured on CMU’s home page and also in Tech Crunch, Science Daily, Quartz, TribLive, Campus Technology, etc.

June 2016: Our Usable Privacy Policy Project’s newsletter is now available

June 2016: Our article on Personalized Privacy Assistants for Mobile App Permissions, “Follow My Recommendations: A Personalized Assistant for Mobile App Permissions” received the IAPP SOUPS Privacy Award

June 2016: Kiplinger publishes an article on our Explore.UsablePrivacy.Org website

June 2016: Expert address at Hong Kong University on Privacy in the Age of IoT: New Technologies to Help Users and Regulators

May 2016: Three articles on our research have been accepted for presentation at the 12th USENIX Symposium on Usable Privacy and Security (SOUPS 2016)

  • Follow My Recommendations: A Personalized Assistant for Mobile App Permissions
    Bin Liu, Mads Schaarup Andersen, Florian Schaub, Hazim Almuhimedi, Shikun (Aerin) Zhang, Norman Sadeh, Yuvraj Agarwal, and Alessandro Acquisti, Carnegie Mellon University

  • How Short Is Too Short? Studying Privacy Notice Design for Wearables
    Joshua Gluck, Florian Schaub, Amy Friedman, Hana Habib, Norman Sadeh, Lorrie Faith Cranor, and Yuvraj Agarwal, Carnegie Mellon University
  • Expecting the Unexpected: Understanding Mismatched Privacy Expectations Online
    Ashwini Rao, Florian Schaub, Norman Sadeh, and Alessandro Acquisti, Carnegie Mellon University; Ruogu Kang, Facebook

April 2016: Our WWW2016 article titled “Crowdsourcing Annotations of Websites’ Privacy Policies: Can It Really Work?“ was nominated for the best paper award

March 11, 2016: We have released a new website showcasing a corpus of 23,000 privacy policy annotations. The site features color-coded navigation functionality that enables users to interactively explore privacy practice statements for nearly 200 different websites. This is research conducted under our Usable Privacy Policy project. See CyLab press release and also articles in Consumerist and LifeHacker

February 1, 2016: Participating in CyBurgh panel on Disruptive Technologies: What is Coming and What Should Be

January 28, 2016: Hosting Ed Felten, US Deputy Chief Technology Officer (White House), as part of 2016 Privacy Day event at CMU – more details available here (see also CMU press release)

January 14, 2016: Three papers on our research to be presented at the first FTC Privacy Conference – PrivacyCon – here’s also an IAPP summary of the event highlighting our presentations:


November 2015: Notice and Choice for IoT: Why We Need Personalized Privacy Assistants UC Irvine, Informatics Seminar speaker. See also our project’s website

November 2015: Wombat Security Technologies ranked 104th fastest growing company in North America in Deloitte’s 2015 Technology Fast 500 – and the fastest growing company in Pennsylvania

October 2015: Awarded a DARPA Brandeis grant to work on personalized privacy assistants for the Internet of Things and Big Data – work in collaboration with Alessandro Acquisti, Lujo Bauer, Lorrie Cranor and Anupam Datta at CMU and teams at UC Irvine and Honeywell.

October 2015: Wombat Security Technologies named a clear leader in 2015 Gartner Magic Quadrant for Security Awareness Computer-Based Training Vendors

September 2015: National Science Foundation grant on personalized privacy assistants for smartphone apps with a particular focus on user behavior – work in collaboration with Yuvraj Agarwal and Lorrie Cranor.

September 2015: I’m the lucky recipient of a Summer 2015 Google Research Award for my work on learning people’s mobile app privacy preferences

July 2015: Giving closing keynote at 2nd annual workshop on Privacy Personas and Segmentation at SOUPS 2015

July 2015: We have been selected to lead the development of novel privacy technologies for Google’s new Web of Things initiative – see CMU press release and a few other articles in the press (e.g., Pittsburgh Post Gazette , Campus Technology)

July 2015: Our research in privacy and our master’s program in privacy engineering are featured in The Link

July 2015: Invited to present our research findings to FTC Commissioner Julie Brill and her staff

July 2015: Invited to present our privacy work at event organized by the Future of Privacy Forum

May 2015: Jose M. del Alamo and I are co-chair of the 2015 International Workshop on Privacy Engineering (IWPE’15) (collocated with the 36th IEEE Symposium on Security and Privacy)

March 2015: Nice article in the Wall Street Journal on our mobile app privacy research. The full study will be presented at CHI’2015 next month. Here’s also the CMU press release. Around 50 news articles have been published in the past few days (including articles in the US, UK, Germany, France, India, Brazil, China, Vietnam, Netherlands and more). Here is the one in Wired and here’s a cool blog post in futurity that also talks about our work on personalized privacy assistants. See also project website here

January 28, 2015: FTC Commissioner Julie Brin will join us to celebrate Privacy Day at CMU – I will be participating in the panel on Privacy Research and Public Policy (here are also some photos and here’s a video the panel)

January 14, 2015: Sharing our experience at Wombat Security Technologies on “SBIR Success Panel“ at 2015 Government Cybersecurity SBIR Workshop in DC (copy of my presentation)

January 2015: My PhD student, Bin Liu, is awarded a Yahoo! InMind fellowship for work to develop a personalized privacy assistant for the InMind Project


December 2014: Our paper on on Mobile App Privacy Nudging has been accepted for publication at CHI2015 – H. Almuhimedi, F. Schaub, N. Sadeh, I. Adjerid, A. Acquisti, J. Gluck, L. Cranor and Y. Agrawal, Your Location has been Shared 5,398 Times! A Field Study on Mobile App Privacy Nudging

November 2014: An app developed over the summer at Microsoft by my PhD student, Justin Cranshaw, is featured on CMU’s homepage. The Microsoft Garage “Journeys & Notes” app connects people with similar commutes. Here’s the Microsoft announcement. Congrats Justin!

October 2014: Anupam Datta and I recently coordinated CMU’s response to the NITRD Request for Information on a National Privacy Research Strategy

October 2014: Our Ubicomp2012 and SOUPS 2014 work on modeling user privacy preferences is the basis for a cool new website grading mobile apps based on their privacy practices:
-J. Lin, B. Liu, N. Sadeh, and J.I. Hong, Modeling Users’ Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings , 2014 – SOUPS 2014
-J. Lin, S. Amini, J. Hong, N. Sadeh, J. Lindqvist, J. Zhang, Expectation and Purpose: Understanding Users’ Mental Models of Mobile App Privacy through Crowdsourcing – Ubicomp2012

October 2014: Gartner Group positions Wombat Security Technologies as “Leader” in its magic quadrant for cybersecurity training

August 2014: Partnering with Eric Nyberg and Alan Black to offer a new mobile app development course exploring applications of IBM Watson’s cognitive technology – see press release here (See also CMU Students Get to Work, Play with Computer Jeopardy! Champion Watson in Pittsburgh Tribune or IBM’s Watson is Going to College in Venture Beat)

August 2014: Fei Liu presents:
F. Liu, R. Ramanath, N. Sadeh, and N.A. Smith, A Step Towards Usable Privacy Policy: Automatic Alignment of Privacy Statements in Proc. of the 25th International Conference on Computational Linguistics, Dublin, August 2014.

July 2014: Graduating first cohort of students in our Master’s Program in Privacy Engineering

July 2014: Wombat Security Technologies closes $6.7M series B round of funding to accelerate growth (see Pittsburgh Business Times article)

July 2014: SOUPS 2014:

  • One of our two posters also wins the best poster award

June 2014: Co-organizing workshop on the Future of Privacy Notice and Choice at CMU

June 2014: Rohan Ramanath presents Unsupervised Alignment of Privacy Policies Using Hidden Markov Models in Proc. of the Annual Meeting of the Association for Computational Linguistics (ACL’14), Baltimore, MD, June 2014

May 2014: Expert address at Hong Kong University: Mobile App Privacy: How Bad Is It & What Can We Do About It?

April 2014: two papers at CHI2014 in Toronto

  • Y. Wang, P.G. Leon, A. Acquisti, L.F. Cranor, A. Forget, and N. Sadeh, A Field Trial of Privacy Nudges for Facebook , In Proceedings of the 32nd annual SIGCHI Conference on Human Factors in Computing Systems, CHI2014. April 2014

April 2014: WWW2014: Bin Liu presents our paper on Reconciling Mobile App Privacy and Usability on Smartphones: Could User Privacy Profiles Help?

April 2014: Justin Cranshaw successfully presents his dissertation proposal – see actual proposal here

February 2014: Mobile & Pervasive Computing Services Project Fair: 16 projects from my Mobile & Pervasive Computing Services course compete for top prize.

February 2014: Our Livehoods project listed among top 10 emerging technologies at Davos World Economic Forum (see CMU press release )

Jan 2014: Co-hosting White House Chief Privacy Officer, Nicole Wong, at CMU as part of Data Privacy Day – see also event webpage and an article in the Pittsburgh Post Gazette, a video of the keynote , and some photos


December 2013: Our WWW2014 article on Reconciling Mobile App Privacy and Usability on Smartphones: Could User Privacy Profiles Help? is now available as a Tech Report (CMU-CS-13-128/CMU-ISR-13-114)

December 2013: People at the FTC tell us that our mobile app privacy research influenced their decision to go after Brightest Flashlight. A settlement has now been reached – see the FTC consent order

November 2013: CyLab seminar: Mobile App Security and Privacy: An Overview of Recent Research Results and their Implications

October 2013: Our Usable Privacy Policy Project is featured on CMU’s homepage

October 2013: Jialiu Lin defends her dissertation on “Understanding and Capturing People’s Mobile App Privacy Preferences”. Congrats Jialiu!

September 2013: Shomir Wilson presents our joint paper on Privacy Manipulation and Acclimation in a Location Sharing Application at Ubicomp2013 in Zurich.

September 2013: Our new NSF Frontier project on Usable Privacy Policies is featured in IAPP’s Privacy Advisor

August 2013: First cohort of students enter our new Master’s Program in Privacy Engineering

August 2013: CMU press release about our new NSF Frontier project on Usable Privacy Policies and nice articles in the Pittsburgh Post Gazette and the Pittsburgh Business Times

August 2013: We’ve been awarded one of three large “Frontier” research projects under NSF’s Secure and Trustworthy Computing program – see NSF’s press release

August 2013: Paper at KDD2013:
B. Fu, J. Lin, Lei Li, C. Faloutsos, J. Hong, N. Sadeh. Why People Hate Your App – Making Sense of User Feedback in a Mobile App Store

July 2013: The Mobile Commerce Lab receives $180,000 research gift from Google under its “Privacy and Security Focused Program” for our work on “Smart privacy profiles for mobile apps”.

July 2013: Attending Dagstuhl Seminar on My Life Shared: Trust and Privacy in the Age of Ubiquitous Experience Sharing

May 2013: Expert address on Using Mobile Social Media to Understand the Dynamics of Cities, Hong Kong University

May 2013: Graduating Patrick Gage Kelley (co-advised with Lorrie Cranor): Congrats Patrick!

May 2013: Two papers at CHI’2013 in Paris:

April 2013: Awarded patent on User-Controllable Learning of Policies

March/April 2013: Our article on the shortage of privacy engineers is featured in IEEE Security and Privacy

Feb. 2013: Our group was just awarded a Google app engine grant for our work on Livehoods and our Twitter nudging research (see also Google blog). Thank you, Google!

Feb. 2013: CSCW2013 presentation by Hazim Almuhimedi of our joint paper Tweets Are Forever: A Large-Scale Quantitative Analysis of Deleted Tweets

January 28, 2013: Moderating Data Privacy Day Panel on Will the Mobile Web and Social Networking Mark the End of Privacy? see here too.

January 2013: CMU press release on our Mobile App Privacy work: Did Your Smartphone Flashlight Rat You Out? Crowdsourcing Privacy Concerns of Mobile Apps . A nice piece in The Red Tape Chronicles and one in the Pittsburgh Tribune Review


October 2012: Talk at TEDx Yale City 2.0 (here is the video)

October 2012: Participating in CyLab Panel Discussion on Cyber Crime and Security organized in conjunction with screening of CODE 2600 documentary film

October 2012: Launching a new inter-disciplinary master’s program to train future Privacy Engineers and Privacy Technology Managers.
See CMU press release and a nice article in the Pittsburgh Post Gazette

September 2012: Patrick Gage Kelley (COS PhD student) defends his dissertation on Designing Privacy Notices Supporting User Understanding and Control (Thesis Committee: Lorrie Cranor, Norman Sadeh, Alessandro Acquisti and Sunny Consolvo)

September 2012: Ubicomp2012 presentation of our paper on Expectation and Purpose: Understanding Users’ Mental Models of Mobile App Privacy through Crowdsourcing (authors: J. Lin, S. Amini, J. Hong, N. Sadeh, J. Lindqvist, J. Zhang)

August 2012: Jialiu Lin (CSD PhD student) presents her thesis proposal on Understanding and Capturing People’s Mobile App Privacy Preferences (Thesis Committee: Jason Hong, Norman Sadeh, Mahadev Satyanarayanan, Sunny Consolvo)

June 11, 2012: 2012 Personal Democracy Forum , Panel on “the SENSEable City”, New York

June 2012: Our Sixth International AAAI Conference on Weblogs and Social Media article on urban computing wins the best paper award – see also our livehoods website.

June 2012: The TAC-SCM competition our e-Supply Chain Management Lab launched with SICS in 2002 will be running its 10th edition in Valencia, Spain (see call for participation)

May 2012: Can We Reconcile Privacy and Usability? , Computer Science Seminar Series, HKUST.

May 2012: “Mobile Privacy: Technology and Human Considerations”, Expert Address, Hong Kong University

May 2012: Why Phish Should Not Be Treated as Spam article in Dr. Dobbs

May 2012: Our Livehoods project continues to garner media attention – e.g., see Pittsburgh Post Gazette article , CMU press release, CMU homepage , WTAE interview , Wall Street Journal blog and media coverage abroad (e.g. Heise Online , and Haaretz)

April 2012: Our Livehoods project featured in Atlantic Cities . See also MIT review article , Fast Company article or Wired’s blog

March 2012: “Smartphone Security and Privacy: What Should We Teach our Users and How?”, FISSEA 2012, NIST

March 2012: MIT CSAIL seminar: User-Controllable Privacy: An Oxymoron?slides

February 21, 2012: Further speculation about the implications of the US Supreme Court’s ruling in US v Jones, including some comments I made on 3rd party doctrine here. See also Wall Street Journal article on FBI turns off thousands of GPS devices after Court ruling

January 23, 2012 – US Supreme Court unanimously agrees with our view that placing a GPS device under someone’s vehicle constitutes a search & that doing so without a warrant violated the defendent’s privacy. At the same time, they do not address more fundamental issues relating to expectations of privacy – See Supreme Court’s Opinion here and CDT’s statement here.

January 2012 – Wombat Security Technologies featured on CMU’s homepage


December 2011 – Google Pittsburgh Seminar: ““From Today’s Android Permission System to Intelligent Security and Privacy Agents”. – see also our USEC2012 article on A Conundrum of Permissions: Installing Applications on an Android Smartphone

November 2011 – Panelist APWG’s Annual e-Crime conference, San Diego

November 2011: The Pittsburgh Post Gazette publishes my op-ed on warrantless GPS tracking – See also interview in CMU’s Piper

October – November 2011 – Joined CDT and EFF in amicus brief on warrantless GPS tracking filed with US Supreme Court (full amicus brief can be read here). See also ComputerWorld article and CMU home page coverage

October 2011 – Keynote at Pitney Bowes Mobile Day Symposium

September 2011 – Panelist at Qualcomm’s Contextual Awareness Symposium, San Diego

July 2011 – Wombat Security Technology, selected as Finalist for Tech 50 Startup of the Year award

July 2011 – “Mobile Location Privacy: Why it is Important & Challenging”, Invited lecture, Beihang University, Beijing.

June 2011 – Mobile Location Privacy: Forces at Play, Attitudes and Challenges, Expert Address, Hong Kong University

June 2011 – Wombat’s SBIR grants mentioned in the Wall Street Journal

May 2011 – Stepping down after three years as founding CEO of Wombat Security Technologies (see Wombat’s press release and also TEQ Magazine article )

April 2011 – EDUCAUSE webinar: Smartphone Privacy and Security: What Should We Teach Users?

March 2011 – Norman asks:’ Can Social Networking and Privacy be Reconciled?', CyLab Seminar

March 2011 – Michael Benisch (COS PhD student) defends his dissertation on Using Expressiveness to Improve the Efficiency of Social and Economic Mechanisms (Thesis Committee: Norman Sadeh, Tuomas Sandholm, Geoff Gordon, Craig Boutilier)

January 2011 – Norman on Data Privacy Day panel at CMU – see Pittsburgh Post Gazette article

January 2011 – Norman on “Privacy, Location and Social Networking” at Digital Privacy Forum (see also C-SPAN video)


October 2010 – Locaccino featured in MIT Technology Review: Locaccino Shows How Facebook Places Should Work

October 2010 – Wombat Security Technologies secures $750,000 contract from US Air Force for Micro-Game Platform for Cyber Security Awareness (see also Coverage in

September 2010 – Michael Benisch, COS Phd student co-advised by Profs. Norman Sadeh and Tuomas Sandholm awarded prestigious Siebel Scholarship

September 2010 – Norman talks to TEQ about his experience at CMU and the founding of Wombat Security Technologies

September 2010 – Wombat Security Technologies launches PhishGuru?- using mock phishing attacks to train people to protect themselves from real attacks.

July 2010 – NSF Awards $2.7M Grant for Multi-Disciplinary Privacy Research to Acquisti, Cranor and Sadeh – see also CyLab Press Release

July 2010 – Article by Collins, Ketter and Sadeh in Summer issue of AI Magazine reflects on lessons and accomplishments of the Supply Chain Trading Agent Competition (see CMU Tech Report)

June 2010 – Patrick Gage Kelley, COS PhD student co-advised by Profs. Cranor and Sadeh wins prestigious ACM Student Research Competition

May 2010 – Norman invited to speak at Mobile Social Networking Asia

May 2010 – Norman asks ‘What Will the App Store of the Future Look Like?’ in Expert Address at Hong Kong University

May 2010 – Pittsburgh Post-Gazette Startup Zipano sells privacy software to control who can find you

May 2010 – Wombat Security Technologies Releases New Phyllis Anti-Phishing Training game

March 2010 – Wall Street Journal – Locaccino mentioned in ‘As Location Sharing Services Grow, Privacy Concerns Do Too’

March 2010 – “User-Controllable Security and Privacy: Lessons from the Design and Deployment of a Family of Location Sharing Applications”, Google seminar series.

February 2010 – Focused Research Awards grant professors $2 million for study

February 2010 – The New York Times – Cranor, Sadeh and Acquisti receive Google award for privacy research


November 2009 – TechVibe radio interview on combating phishing

Nov. 2009 – NSF awards CMU’s Norman Sadeh and Columbia’s Steven Bellovin $1.2M to research new family of user-controllable policy learning technologies for cysber security

August 2009 – NSF awards $3M IGERT grant for doctoral program on Usable Security and Privacy

June 2009 – Expert Address in Hong Kong

May 2009 – User-Controllable Security and Privacy: Are the Expectations Realistic?

April 2009 – CMU Podcast on Locaccino

April 2009 – Wombat Security Technologies featured as Pennsylvania success story in NewPA

April 2009 – Wombat Security Technologies Awarded US Air Force SBIR grant

March 2009 – Where Are you Now? – Locaccino on Carnegie Mellon’s homepage

March 2009 – Wombat: The Latest CyLab Success Story – CyLab Chronicles

March 2009 – Locaccino: Track Location with Privacy, Steve Baker, The Numerati

March 2009 – Locaccino Enables the Watched to Watch the Watchers, CyBlog, Richard Power

March 2009 – The Mobile Net – Why to Worry About Privacy Regs – BusinessWeek Blogspotting, Stephen Baker

February 2009 – Now You Can Track Colleagues and Students on Your Laptop, Chronicle of Higher Education, Jeffrey R. Young

February 2009 – Locaccino Now Available as a Facebook App
See also CMU homepage article


December 2008 – Our Anti-Phishing Work featured in Scientific American

Fall 2008 – Q&A with Norman Sadeh – CyLab Chronicles

August 2008 – “Selective Access and Obfuscation of Enterprise Data”,
keynote, SAP Annual North American Academic Symposium, Palo Alto.

July 2008 – CMieux team wins 2008 Supply Chain Trading Competition Procurement Challenge at AAAI 2008

June 2008 – “Capturing and Understanding People’s Privacy Preferences in a Friend Finder Application”, Workshop on Opportunistic RF Localization for Next Generation Wireless Devices, Worcester Polytechnic Institute

June 2008 – “M-Commerce: Stripping e-Retailing to its Essence”, 2008 Internet Retailer Conference & Exhibition, June 2008

May 2008 – “Combating Phishing Attacks: A Never-ending Arms Race?”,
Expert Address, Hong Kong University, May 2008


*June 2007 – “Adaptive Supply Chain Trading”, invited speaker, SAP’s Inaugural North American Academic Symposium

*April 2007 – Norman speaks at ‘Location Meets Social Networking’ event organized by the Advisory Committee to the Congressional Internet Caucus (see also video)


*October 2006 – MyCampus project featured in mobile commerce article in Pittsburgh Post Gazette

*August 2006 – “Mobile and Pervasive Commerce: The New Frontier”, opening keynote, 8th International Conference on Electronic Commerce (ICEC-06), Fredericton, Canada.

*June 2006 – “Ambient Intelligence: The MyCampus Experience”, keynote speaker, 14th IT21 Conference (Theme: “U-Society”), Seoul, Korea, June 2006 – see Korea IT Times article

*May 2006 -“MyCampus: Research Overview”, guest speaker, NTT DoCoMo, Yokosuka Research Park, Japan, May 2006

*April 2006 – CMieux wins Exhibition Supply Chain Trading Competition event at CS50