Noah Apthorpe will present his FPO "Network Privacy and User Protection in the Internet of Things" on May 14, 2020 at 1pm via Zoom. Zoom link: [ https://princeton.zoom.us/j/97333893087 | https://princeton.zoom.us/j/97333893087 ] The members of his committee are as follows: Nick Feamster (Adviser); Readers: Jennifer Rexford and Marshini Chetty; Examiners: Ed Felten, Arvind Narayanan, and Nick Feamster. A copy of his thesis, is available upon request. Please email ngotsis@cs.princeton if you would like a copy of the thesis. Everyone is invited to attend his talk. Abstract follows below. The proliferation of specialized Internet-connected consumer products, often called Internet of things (IoT) devices, presents unprecedented challenges for preserving user privacy. Some of these products, such as WiFi thermostats, replace conventional nonnetworked appliances. Others introduce new technologies, such as voice assistants, into users’ daily lives. Many consumer IoT devices contain sensors that record users’ activities in their living spaces and transmit information about these behaviors on the Internet. Understanding the social and technical privacy implications of consumer IoT devices is essential to informing the design and regulation of these technologies to protect users from inappropriate data collection and use. This dissertation employs human-computer interaction methods, technical vulnerability auditing, and Internet trac analysis to study user experiences with consumer IoT devices and the privacy risks posed by these products. Interviews and surveys show that users face complex decisions when adopting consumer IoT devices, weighing convenience against privacy concerns and variable trust in device manufacturers. Consumer IoT devices also a↵ect users’ relationships, strengthening interpersonal connections while causing conflicts about device sharing and undesired surveillance. A new survey method based on the theory of contextual integrity enables further discovery of user privacy norms at scale and the comparison of privacy norms to IoT device behavior and privacy regulation. Network privacy audits of IoT children’s toys flagged by the New Jersey Attorney General’s Oce reveal many vulnerabilities, including personally identifiable information in crash reports, data retention after deletion requests, and a lack of encryption and authentication. These vulnerabilities violate manufacturer privacy policies and the U.S. Children’s Online Privacy Protection Act. Finally, metadata analysis shows that a passive network eavesdropper can infer private in-home activities from IoT Internet trac even when devices use end-toend transport layer encryption. This motivates the creation of a low-overhead trac shaping algorithm, “stochastic trac padding,” that prevents such an eavesdropper from distinguishing user activities from generated trac patterns. These contributions advance our understanding of IoT privacy challenges, support the need for strong privacy defaults in consumer IoT products, and enhance the ability of researchers, manufacturers, and regulators to protect users from IoT privacy risks.