NDSS 2026 Showcase: Digital Rights and Public Interest (Day 2)

Yesterday, I kicked off my showcase of the 2026 NDSS Symposium (hosted by the Internet Society) with Mad Science hacks—exploits involving lasers, fiber optics, and ghost planes. Today, for Day 2 of the showcase, we shift gears from the physical layer to the societal layer.

Today's theme, Digital Rights and Public Interest, covers platforms and protocols that billions of people rely on daily. These four papers reveal hidden mechanics of censorship, privacy leaks in our most popular apps, and how algorithms shape what we see:

1. Hey there! You are using WhatsApp: Enumerating 3 Billion Accounts

Gegenhuber et al. exploited a weakness in WhatsApp's rate-limiting to conduct a massive enumeration of the platform's 3 billion users. They discovered a loophole that allowed them to check the online status of 100 million people in a single hour. Crucially, they found that 50% of the phone numbers from the massive 2021 Facebook data leak are still active on WhatsApp today, leaving those users vulnerable to continued tracking and de-anonymization. Read the paper here

2. There is No War in Ba Sing Se: Geo-Specific AI Censorship

Lipphardt et al. reveal that Large Language Models (LLMs) are applying geo-specific censorship. In a global study of 15 models, they found that the exact same prompt might get a helpful answer in one country but be blocked in another due to local political sensitivities. The refusal rates varied by up to 60% across regions. The study also highlights soft moderation, where models provide evasive, non-committal answers to mask the fact that suppression is occurring. Read the paper here

3. Revealing The Secret Power: Twitter/X Visibility Penalties

Galeazzi et al. successfully reverse-engineered the Twitter/X recommendation algorithm to quantify how it treats external links. Their analysis proves that the platform systematically penalizes tweets containing links to outside websites, reducing their visibility by up to 800% (8x) compared to text-only posts. This confirms the walled garden theory: the algorithm aggressively buries content that attempts to lead users off the platform. Read the paper here

4. Mirage: Evading Censorship via Physical Mobility

Ratliff et al. introduce a clever new routing protocol designed to evade internet censorship. Instead of sending data through static cables or proxies that governments can easily block, Mirage uses the physical movement of user devices. Encrypted messages hop between phones as people walk or drive, effectively using physical mobility to ferry data across censorship boundaries where it can then be uploaded to the uncensored web. Read the paper here

This is just a glimpse of the work being presented later this month in San Diego. The intersection of technology and human rights is critical, and our understanding of these systems must evolve to protect users globally. Tomorrow, we will look at the defenders: Cybersecurity Operators and Infrastructure. You can find the full program at the NDSS website. Support open access security research by checking out the Internet Society.