Abstract
The widespread availability of wireless networking, such as Wi-Fi, has led to the pervasiveness of always connected mobile devices. These devices are provided with several sensors that allow the collection of large amounts of data, which pose a threat to personal privacy. It is well known that Wi-Fi connectivity information (e.g. BSSID) can be used for inferring user locations. This has caused the imposition of limitations to the access to such data in mobile devices. However, other sources of information about wireless connectivity are available, such as the Received Signal Strength Indicator (RSSI). In this work, we show that RSSI can be used to infer the presence of a user at common locations throughout time. This information can be correlated with other features, such as the hour of the day, to further learn semantic context about such locations with a prediction performance above 90%. Our analysis shows the privacy implications of inferring user locations through Wi-Fi RSSI, but also emphasizes the fingerprinting risk that results from the lack of protection when accessing RSSI measurements.

Abstract
Federated Learning (FL), a distributed learning mechanism where data is decentralized across multiple devices and periodic gradient updates are shared, is an alternative to centralized training that aims to address privacy issues arising from raw data sharing. Despite the expected privacy benefits, prior research showcases the potential privacy leakage derived from overfitting, exploited by passive attacks. However, limited attention has been given to understanding and defending against active threats that increase model leakage by interfering with the training process, instead of relying on overfitting. This work addresses this gap by introducing Active Attribute Inference (AAI*), a novel active attack that encodes sensitive attribute information by making any targeted training sample leave a distinguishable footprint on the gradient of maliciously modified neurons [8]. Results, using two real-world datasets, show that it is possible to successfully encode sensitive information incurring a small error in terms of neuron activation. More importantly, on a practical scenario, AAI. can improve upon a state-of-theart approach by achieving over 90% of restricted ROC AUC, therefore increasing model leakage. To defend against such active attacks, this work introduces several attack detection strategies tailored for different levels of the defender's knowledge. Including the novel White-box Attack Detection Mechanism (WADM*) that detects abnormal changes in weights distribution, and two black-box strategies based on the monitorization of model performance. Results show that the detection rate can be 100% on both datasets. Remarkably, WADM. reduces any attack to random guessing while preserving model utility, offering significant improvements over existing defenses, particularly when clients are non-IID. By proposing active attacks against well-generalized models and effective countermeasures, this research contributes to a better understanding of privacy in FL systems.

Abstract
The increasing number of connected and autonomous vehicles generates an even greater demand for efficient content delivery in vehicular networks. Estimating the popularity of content is an important task to proactively cache and distribute content throughout the networks to add value to users' experiences and reduce network congestion. This paper presents a novel approach for predicting popular content on vehicular networks based on a Federated Learning-Adversarial Autoencoder model and anonymised data. Unlike prior works that relied on users' raw features, our model protects user privacy through data anonymisation. This allows us to learn from the hidden patterns of content popularity and deliver popular content without compromising user privacy. Experiments showed that our approach exceeded traditional collaborative filtering and deep learning methods in terms of accuracy and robustness, even with sparse data.

Abstract
Quasi-identifiers (QIDs) are attributes in a dataset that are not directly unique identifiers of the users/entities themselves but can be used, often in conjunction with other datasets or information, to identify individuals and thus present a privacy risk in data sharing and analysis. Identifying QIDs is important in developing proper strategies for anonymization and data sanitization. This paper proposes QIDLEARNINGLIB, a Python library that offers a set of metrics and tools to measure the qualities of QIDs and identify them in data sets. It incorporates metrics from different domains-causality, privacy, data utility, and performance-to offer a holistic assessment of the properties of attributes in a given tabular dataset. Furthermore, QIDLEARNINGLIB offers visual analysis tools to present how these metrics shift over a dataset and implements an extensible framework that employs multiple optimization algorithms such as an evolutionary algorithm, simulated annealing, and greedy search using these metrics to identify a meaningful set of QIDs.

Abstract
Provides society information that may include news, reviews or technical notes that should be of interest to practitioners and researchers. © 2025 Elsevier B.V., All rights reserved.

Abstract
Joint Communication and Sensing (JCAS) systems are emerging as a core technology for next-generation wireless systems due to the potential to achieve higher spectral efficiency, energy savings, and new services beyond communications. This paper provides a review of the state-of-the-art in JCAS systems by focusing on obtrusive passive sensing capabilities and inherent security and privacy challenges that arise from the integration of communication and sensing. From this point of view, we discuss existing techniques for mitigating security and privacy issues, as well as important aspects for the designing of secure and privacy-aware JCAS systems. Additionally, we discuss future research directions by emphasizing on new enabling technologies and their integration on JCAS systems along with their role in privacy and security aspects. We also discuss the required modifications to existing systems and the design of new systems with privacy and security awareness, where the challenging trade-offs between security, privacy and performance of the JCAS system must be considered.