arxiv: 2605.02886 · v1 · submitted 2026-05-04 · 💻 cs.OS

Recognition: unknown

CityOS: Privacy Architecture for Urban Sensing

Giorgio Cavicchioli , Mark Chen , Navid Salami Pargoo , Shuren Xia , Xiaotian Zhou , Roxana Geambasu , Jason Nieh , Jorge Ortiz

Authors on Pith no claims yet

Pith reviewed 2026-05-08 01:32 UTC · model grok-4.3

classification 💻 cs.OS

keywords urban sensingprivacy architectureoperating systemdifferential privacyedge computingsmart citiessensor data accessdata aggregation

0 comments

The pith

CityOS mediates urban sensor data access through a three-tier privacy API for untrusted applications.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper introduces CityOS as an operating system designed to manage how applications interact with urban sensing infrastructure such as cameras and environmental sensors. It addresses the lack of consistent privacy governance by using a three-tier API that allows increasing spatial scope of data use while applying stronger privacy measures at each level. The first tier keeps raw data local for real-time sensing, the second provides differentially private statistics for a single location, and the third enables citywide analysis with per-user privacy budgets enforced on devices. This approach runs applications in secure edge containers and broadcasts privacy loss information to promote transparency, allowing practical applications like traffic monitoring and safety alerts while aiming to protect individual privacy in public spaces.

Core claim

We present CityOS, an operating system for urban sensing that mediates application access to sensor data through a three-tier API inspired by structured, privacy-conscious web interfaces. The tiers expand the spatial scope of data access while imposing progressively stronger privacy constraints: On-Scene supports real-time sensing with raw data confined to the local context; Single-Locality Aggregation enables differentially private longitudinal statistics at a fixed location; and Cross-Locality Aggregation supports citywide analytics via aggregation across locations, with user devices enforcing per-user privacy budgets. CityOS runs as an edge runtime that executes untrusted applications in

What carries the argument

The three-tier API that progressively expands data access scope while strengthening privacy constraints, enforced by an edge runtime using ephemeral containers.

If this is right

Real-time sensing applications can operate with raw data kept local to the scene.
Longitudinal statistics at individual locations can be released under differential privacy guarantees.
Citywide analytics become feasible through cross-location aggregation while respecting individual privacy budgets enforced locally.
Applications run safely in ephemeral edge containers without persistent access to raw sensor streams.
Transparency is maintained by broadcasting differential privacy loss to users and operators.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Such an architecture could allow cities to expand sensor deployments with reduced fear of privacy violations.
Developers might create more innovative urban apps by relying on the standardized privacy tiers rather than custom solutions.
Integration with personal devices for budget enforcement suggests a hybrid model where users control their data contributions across the city network.

Load-bearing premise

Untrusted applications can be safely executed in ephemeral edge containers while reliably enforcing the three-tier privacy policies and differential privacy budgets without introducing new vulnerabilities or unacceptable performance costs in real-world urban deployments.

What would settle it

A demonstration that a malicious application running in the edge container can extract or leak raw sensor data beyond the allowed tier, or that the system cannot maintain acceptable performance under city-scale load, would disprove the architecture's viability.

Figures

Figures reproduced from arXiv: 2605.02886 by Giorgio Cavicchioli, Jason Nieh, Jorge Ortiz, Mark Chen, Navid Salami Pargoo, Roxana Geambasu, Shuren Xia, Xiaotian Zhou.

**Figure 1.** Figure 1: Deployment model. sensing and computation occur at many distributed locations (e.g., intersections, parking lots, transit stops, or retail spaces) view at source ↗

**Figure 2.** Figure 2: (a) CityOS architecture; (b), (c) running-example applications. view at source ↗

**Figure 3.** Figure 3: Detailed design. (a) API 1 (On-Scene) architecture. (b) API 2 (Single-Locality Aggregation) architecture. API 3 (Cross-Locality Aggregation) is illustrated in view at source ↗

**Figure 4.** Figure 4: API 3: Cross-Locality Aggregation. Key concepts: device-mediated federated measurement, on-device IDP enforcement, and node-user coordination for context-aware participation. per-TC budgets that bound total privacy loss per individual. Device-side privacy accounting. Shorter TCs better align with our limited-tracking principle and allow more frequent releases, while longer TCs provide a more meaningful pr… view at source ↗

**Figure 5.** Figure 5: CityOS application workflows. (a) Pedestrian safety (API 1). (b) Parking app (API 1+API 2). Methodology details (hardware configuration, dataset preprocessing, noise parameters) are in §D. 6.1 API 1 On-Scene API 1’s main knob is maxEC, the ephemeral context’s lifetime. Shorter ECs reduce what a nearby sniffer can recover from any one location, but they also increase container-rotation overhead. We therefo… view at source ↗

**Figure 6.** Figure 6: Evaluation of CityOS APIs. (a) API 1 sniffing-attack effectiveness under time-scoped, localized outputs. (b) API 2 empirical sensitivity study. (c) API 2 DP counting accuracy (trusted vs. untrusted). (d) API 3 subway origin-destination (OD) accuracy vs. per-device budget. 0.0 0.5 1.0 1.5 2.0 Noise level (× feature std) 0.0 0.2 0.4 0.6 0.8 1.0 Score Accuracy F1 (macro) (a) Phase 1 IMU activity classificatio… view at source ↗

**Figure 7.** Figure 7: API 3 self-identification evaluation. (a)–(c) Accuracy of our two-stage self-identification pipeline. (d) Impact of identification errors on subway OD. plication from §5. We answer the first question here and the second in the subsequent section. We use the Hangzhou Metro smart-card dataset (29.2 M trips by 4.97 M riders across 80 stations over 25 days). Each entry event is stored on-device, and each exit … view at source ↗

**Figure 8.** Figure 8: API 1 performance overhead vs. maxEC on a desktop 5060 Ti and an edge Jetson AGX Orin. (a) Percentage of input frames dropped during container rotation. (b) Effective throughput in frames per second. The 5060 Ti reaches near-zero drops and 30 FPS by maxEC≥10 s; the Jetson plateaus near ∼17% drop / ∼25 FPS due to its slower GPU. Each data point runs for 5×maxEC to ensure at least five rotation cycles. D.1 A… view at source ↗

read the original abstract

Cities are rapidly deploying sensing infrastructure -- cameras, environmental sensors, and connected kiosks -- that continuously observe public spaces, yet they lack a system architecture governing how applications access, aggregate, and retain this data, creating privacy risks and preventing consistent policy enforcement. We present CityOS, an operating system for urban sensing that mediates application access to sensor data through a three-tier API inspired by structured, privacy-conscious web interfaces. The tiers expand the spatial scope of data access while imposing progressively stronger privacy constraints: On-Scene supports real-time sensing with raw data confined to the local context; Single-Locality Aggregation enables differentially private longitudinal statistics at a fixed location; and Cross-Locality Aggregation supports citywide analytics via aggregation across locations, with user devices enforcing per-user privacy budgets. CityOS runs as an edge runtime that executes untrusted applications in ephemeral containers, enforcing these policies and providing transparency via broadcasts of differential privacy loss. We implement CityOS and applications across all tiers -- including pedestrian safety alerts, real-time and forecast parking availability, traffic dashboards, and subway trajectory measurement -- and show that it supports practical streetscape applications while enforcing strong privacy.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

CityOS lays out a three-tier privacy API for urban sensors with edge enforcement and DP broadcasts, but the paper gives no measurements or security checks to show the runtime actually works.

read the letter

CityOS is a system design that defines three tiers for sensor access in cities: raw data stays local for on-scene apps, differentially private stats at one location, and broader aggregates across sites with per-user budgets enforced on devices. The runtime runs apps in short-lived containers and tells users when privacy loss is broadcast. That combination is the new piece; prior work on web or mobile privacy does not map directly to this street-level setup with citywide scope and edge containers.

Referee Report

3 major / 2 minor

Summary. The paper presents CityOS, an operating system for urban sensing that mediates application access to sensor data via a three-tier API: On-Scene (real-time raw data confined locally), Single-Locality Aggregation (differentially private longitudinal statistics at fixed locations), and Cross-Locality Aggregation (citywide analytics with per-user DP budgets enforced on devices). It describes an edge runtime executing untrusted apps in ephemeral containers, with policy enforcement and broadcasts of DP loss, and claims to implement example applications including pedestrian safety alerts, parking availability, traffic dashboards, and subway trajectory measurement that demonstrate practical support for streetscape apps while enforcing strong privacy.

Significance. If the enforcement and isolation claims are substantiated, CityOS would offer a novel structured architecture for privacy-preserving urban sensing, filling a gap in consistent policy enforcement for public infrastructure data and enabling safer aggregation across scales.

major comments (3)

Abstract: The central claim that CityOS 'supports practical streetscape applications while enforcing strong privacy' rests on implementation descriptions, yet the manuscript supplies no quantitative results, performance metrics, accuracy/error analysis for the DP mechanisms, or measured privacy loss in the example applications.
Edge runtime and container model: The architecture asserts that ephemeral containers isolate untrusted applications to prevent access to raw sensor data outside declared tiers or exceed per-user DP budgets, but provides no formal isolation argument, threat model, adversarial analysis, or verification results on side-channel or API-bypass risks.
Cross-Locality Aggregation tier: The claim that user devices enforce per-user privacy budgets for citywide queries lacks details on budget tracking, composition across queries, or how the runtime prevents budget exhaustion or leakage in the presence of untrusted apps.

minor comments (2)

The manuscript would benefit from explicit section headings or a dedicated evaluation section to separate architecture description from any empirical claims.
Notation for the three tiers and DP parameters could be standardized with a table or diagram for clarity.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for their constructive comments on our manuscript. We provide point-by-point responses to the major comments below and outline the revisions we plan to make.

read point-by-point responses

Referee: Abstract: The central claim that CityOS 'supports practical streetscape applications while enforcing strong privacy' rests on implementation descriptions, yet the manuscript supplies no quantitative results, performance metrics, accuracy/error analysis for the DP mechanisms, or measured privacy loss in the example applications.

Authors: We agree that the manuscript's evaluation is primarily based on implementation descriptions and example applications rather than quantitative metrics. The current version demonstrates the architecture through working prototypes but does not include performance benchmarks, DP accuracy analyses, or measured privacy losses. We will revise the abstract to more accurately reflect the scope of the evaluation and add a new section discussing the limitations of the current evaluation, including plans for future quantitative assessments. This addresses the concern without overstating the current results. revision: partial
Referee: Edge runtime and container model: The architecture asserts that ephemeral containers isolate untrusted applications to prevent access to raw sensor data outside declared tiers or exceed per-user DP budgets, but provides no formal isolation argument, threat model, adversarial analysis, or verification results on side-channel or API-bypass risks.

Authors: The paper relies on standard ephemeral container isolation provided by the underlying OS for separating untrusted apps from raw data and enforcing policies. However, we acknowledge the absence of a formal threat model or adversarial analysis in the manuscript. We will add a threat model section that specifies the assumptions (e.g., trusted runtime and hardware, untrusted applications) and discuss potential risks such as side-channel attacks, along with mitigation strategies employed. While a full formal verification is beyond the scope of this work, this addition will clarify the security claims. revision: yes
Referee: Cross-Locality Aggregation tier: The claim that user devices enforce per-user privacy budgets for citywide queries lacks details on budget tracking, composition across queries, or how the runtime prevents budget exhaustion or leakage in the presence of untrusted apps.

Authors: We will provide additional details in the revised manuscript on the budget tracking mechanism, which uses a per-user privacy budget ledger maintained by the trusted edge runtime. Composition is handled via the standard sequential composition property of differential privacy, with the runtime checking the remaining budget before executing any cross-locality query. To prevent leakage or exhaustion by untrusted apps, the enforcement occurs in the trusted component before any data is released to the app container. We will include a diagram and pseudocode to illustrate this process. revision: yes

Circularity Check

0 steps flagged

No circularity: system design paper with no derivations or self-referential reductions.

full rationale

The paper describes a three-tier API architecture for privacy in urban sensing, implemented via edge containers and differential privacy broadcasts. No equations, fitted parameters, predictions, or derivation chains exist that could reduce to inputs by construction. Claims rest on design choices and implementation examples rather than any self-defined or self-cited logical loop. This is a standard self-contained systems paper with no load-bearing self-citations or ansatzes that create circularity.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The design rests on standard assumptions about differential privacy providing usable guarantees and container isolation being sufficient for policy enforcement; no free parameters, new entities, or ad-hoc axioms are introduced beyond domain-standard ones.

axioms (2)

domain assumption Differential privacy mechanisms can be composed and enforced across tiers while preserving utility for the described analytics applications
Invoked for the Single-Locality and Cross-Locality Aggregation tiers.
domain assumption Ephemeral containers on edge devices can isolate untrusted code sufficiently to prevent policy bypass
Central to the runtime enforcement claim.

pith-pipeline@v0.9.0 · 5519 in / 1381 out tokens · 68903 ms · 2026-05-08T01:32:31.569120+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

90 extracted references · 33 canonical work pages

[1]

2025.System architecture for the 5G System (5GS); Stage 2

3GPP. 2025.System architecture for the 5G System (5GS); Stage 2. Tech- nical Specification (TS) TS 23.501 v18.9.0. 3rd Generation Partnership Project (3GPP).https://www.3gpp.org/ftp/Specs/archive/23_series/23. 501/Release 18, §5.30 (Non-Public Networks)

2025
[2]

Paarijaat Aditya, Rijurekha Sen, Seong Joon Oh, Rodrigo Benenson, Bobby Bhattacharjee, Peter Druschel, Tongtong Wu, Mario Fritz, and Bernt Schiele. 2016. I-Pic: A Platform for Privacy-Compliant Image Capture. InProc. 14th ACM International Conference on Mobile Systems, Applications, and Services (MobiSys)

2016
[3]

Nir Aharon, Roy Orfaig, and Ben-Zion Bobrovsky. 2022. BoT- SORT: Robust Associations Multi-Pedestrian Tracking.arXiv preprint arXiv:2206.14651(2022)

work page arXiv 2022
[4]

Apple. 2021. App Tracking Transparency (ATT).https://developer. apple.com/documentation/apptrackingtransparency

2021
[5]

Apple. 2021. iCloud Private Relay Overview.https://www.apple.com/ icloud/docs/iCloud_Private_Relay_Overview_Dec2021.pdf

2021
[6]

Apple. 2023. Apple announces powerful new privacy and security fea- tures.https://www.apple.com/newsroom/2023/06/apple-announces- powerful-new-privacy-and-security-features/

2023
[7]

Ashwin Ashok, Viet Nguyen, Marco Gruteser, Narayan Mandayam, Wenjia Yuan, and Kristin Dana. 2014. Do Not Share! Invisible Light Beacons for Signaling Preferences to Privacy-Respecting Cameras. In Proc. 1st ACM MobiCom Workshop on Visible Light Communication Systems (VLCS). 39–44. doi:10.1145/2643164.2643168

work page doi:10.1145/2643164.2643168 2014
[8]

Pete Beckman, Rajesh Sankaran, Charlie Catlett, Nicola Ferrier, Robert Jacob, and Michael Papka. 2016. Waggle: An Open Sensor Platform for Edge Computing. InProc. IEEE SENSORS. doi:10.1109/ICSENS.2016. 7808975

work page doi:10.1109/icsens.2016 2016
[9]

Skye Berghel, Philip Bohannon, Damien Desfontaines, Charles Estes, Sam Haney, Luke Hartman, Michael Hay, Ashwin Machanava- jjhala, Tom Magerlein, Gerome Miklau, Amritha Pai, William Sex- ton, and Ruchit Shrestha. 2022. Tumult Analytics: A Robust, Easy- to-Use, Scalable, and Expressive Framework for Differential Privacy. arXiv:2212.04133 [cs]

work page arXiv 2022
[10]

Keni Bernardin and Rainer Stiefelhagen. 2008. Evaluating Multiple Object Tracking Performance: The CLEAR MOT Metrics.EURASIP Journal on Image and Video Processing2008 (2008), 1–10. doi:10.1155/ 2008/246309

2008
[11]

Cheng Bo, Guobin Shen, Jie Liu, Xiang-Yang Li, YongGuang Zhang, and Feng Zhao. 2014. Privacy.Tag: Privacy Concern Expressed and Respected. InProc. 12th ACM Conference on Embedded Network Sensor Systems (SenSys). 163–176. doi:10.1145/2668332.2668339

work page doi:10.1145/2668332.2668339 2014
[12]

Burke, Deborah Estrin, Mark Hansen, Andrew Parker, Nithya Ramanathan, Sasank Reddy, and Mani B

Jeffrey A. Burke, Deborah Estrin, Mark Hansen, Andrew Parker, Nithya Ramanathan, Sasank Reddy, and Mani B. Srivastava. 2006. Partici- patory Sensing. InWorkshop on World-Sensor-Web (WSW) at ACM SenSys

2006
[13]

Frank Cangialosi, Neil Agarwal, Venkat Arun, Junchen Jiang, Srinivas Narayana, Anand Sarwate, and Ravi Netravali. 2022. Privid: Practical, Privacy-Preserving Video Analytics Queries. In19th USENIX Sym- posium on Networked Systems Design and Implementation (NSDI 22). 209–228

2022
[14]

Charlie Catlett, Pete Beckman, Rajesh Sankaran, and Kathleen K. Galvin. 2017. Array of Things: A Scientific Research Instrument in the Public Way. InProc. International Workshop on Science of Smart City Operations and Platforms Engineering (SCOPE). doi:10.1145/3063386. 3063771

work page doi:10.1145/3063386 2017
[15]

Giorgio Cavicchioli, Mark Chen, and Pierre Tholoniat. 2025. Private Data Service Library.https://github.com/columbia/pdslib/

2025
[16]

Uğur Çetintemel, Daniel Abadi, Yanif Ahmad, Hari Balakrishnan, Mag- dalena Balazinska, Mitch Cherniack, Jeong-Hyon Hwang, Samuel Mad- den, Anurag Maskey, Alexander Rasin, et al. 2016. The Aurora and Borealis Stream Processing Engines. InData Stream Management. Springer, 337–361

2016
[17]

Hubert Chan, Elaine Shi, and Dawn Song

T.-H. Hubert Chan, Elaine Shi, and Dawn Song. 2011. Private and Continual Release of Statistics.ACM Transactions on Information and System Security14, 3 (2011), 26:1–26:24. doi:10.1145/2043621.2043626

work page doi:10.1145/2043621.2043626 2011
[18]

Stephen Dawson-Haggerty, Xiaofan Jiang, Gilman Tolle, Jorge Ortiz, and David E. Culler. 2010. sMAP: A Simple Measurement and Actuation Profile for Physical Information. InProc. ACM Conference on Embedded Networked Sensor Systems (SenSys). 197–210. doi:10.1145/1869983. 1870003

work page doi:10.1145/1869983 2010
[19]

Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith. 2006. Calibrating Noise to Sensitivity in Private Data Analysis. InTheory of Cryptography (Lecture Notes in Computer Science), Shai Halevi and Tal Rabin (Eds.). Springer, Berlin, Heidelberg, 265–284. doi:10.1007/ 11681878_14

2006
[20]

Cynthia Dwork and Aaron Roth. 2014. The Algorithmic Foundations of Differential Privacy.Foundations and Trends in Theoretical Computer Science9, 3–4 (2014), 211–487. doi:10.1561/0400000042

work page doi:10.1561/0400000042 2014
[21]

2020.Cyber Security for Consumer Internet of Things: Baseline Requirements (EN 303 645)

ETSI. 2020.Cyber Security for Consumer Internet of Things: Baseline Requirements (EN 303 645). Technical Report. European Telecommu- nications Standards Institute.https://www.etsi.org/deliver/etsi_en/ 303600_303699/303645/

2020
[22]

2024.Multi-access Edge Computing (MEC); Framework and Ref- erence Architecture (GS MEC 003 v3.2.1)

ETSI. 2024.Multi-access Edge Computing (MEC); Framework and Ref- erence Architecture (GS MEC 003 v3.2.1). Technical Report. European Telecommunications Standards Institute.https://www.etsi.org/deliver/ etsi_gs/MEC/001_099/003/

2024
[23]

2024.NGSI-LD API (GS CIM 009)

ETSI. 2024.NGSI-LD API (GS CIM 009). Technical Report. European Telecommunications Standards Institute.https://www.etsi.org/deliver/ etsi_gs/CIM/001_099/009/

2024
[24]

European Parliament and Council. 2016. General Data Protection Regulation (GDPR) – Regulation (EU) 2016/679.https://eur-lex.europa. eu/eli/reg/2016/679/oj/eng

2016
[25]

Megas, Karen Scarfone, and Matthew Smith

Michael Fagan, Katerina N. Megas, Karen Scarfone, and Matthew Smith. 2020.IoT Device Cybersecurity Capability Core Baseline. Technical Report NISTIR 8259A. National Institute of Standards and Technology. doi:10.6028/NIST.IR.8259A

work page doi:10.6028/nist.ir.8259a 2020
[26]

Hendrik Fichtenberger, Monika Henzinger, and Jalaj Upadhyay. 2023. Constant Matters: Fine-grained Error Bound on Differentially Private Continual Observation. InProceedings of the 40th International Confer- ence on Machine Learning. PMLR, 10072–10092.https://proceedings. mlr.press/v202/fichtenberger23a.html

2023
[27]

FIWARE Foundation. 2016. FIWARE: An Open Platform for Future Internet Applications and Smart Cities.https://www.fiware.org/

2016
[28]

Ganz Security. 2024. Smart Cities Today Using Tomorrow’s Security Technology. Industry report.https://www.ganzsecurity.com/blog/ smart-cities-today-using-tomorrows-security-technology

2024
[29]

Gothamist. 2026. NYC Wegmans is Storing Biometric Data on Shoppers’ Eyes, Voices and Faces.Gothamist(2026). https://gothamist.com/news/nyc-wegmans-is-storing-biometric- data-on-shoppers-eyes-voices-and-faces

2026
[30]

Nicolas Grislain, Paul Roussel, and Victoria de Sainte Agathe. 2024. Qrlew: Rewriting SQL into differentially private SQL.arXiv preprint arXiv:2401.06273(2024)

work page arXiv 2024
[31]

Morley Mao, Feng Qian, and Zhi- Li Zhang

Ahmad Hassan, Arvind Narayanan, Anlan Zhang, Wei Ye, Ruiyang Zhu, Shuowei Jin, Jason Carpenter, Z. Morley Mao, Feng Qian, and Zhi- Li Zhang. 2022. Vivisecting Mobility Management in 5G Cellular Net- works. InProc. ACM SIGCOMM. 86–100. doi:10.1145/3544216.3544217

work page doi:10.1145/3544216.3544217 2022
[32]

Katherine Hausladen, Oliver Wang, Sophie Eng, Jocelyn Wang, Francisca Wijaya, Matthew May, and Sebastian Zimmeck. 2025. Websites’ Global Privacy Control Compliance at Scale and over Time. https://www.usenix.org/conference/usenixsecurity25/presentation/ hausladen. In34th USENIX Security Symposium (USENIX Security 2025). USENIX Association, Seattle, WA, 5837–5856

2025
[33]

Michael Hay, Vibhor Rastogi, Gerome Miklau, and Dan Suciu. 2010. Boosting the Accuracy of Differentially Private Histograms Through Consistency.Proceedings of the VLDB Endowment3, 1 (2010), 1021– 14

2010
[34]

doi:10.14778/1920841.1920970

work page doi:10.14778/1920841.1920970
[35]

Bret Hull, Vladimir Bychkovsky, Yang Zhang, Kevin Chen, Michel Goraczko, Allen Miu, Eugene Shih, Hari Balakrishnan, and Samuel Madden. 2006. CarTel: A Distributed Mobile Sensor Computing Sys- tem. InProc. ACM Conference on Embedded Networked Sensor Systems (SenSys). 125–138. doi:10.1145/1182807.1182821

work page doi:10.1145/1182807.1182821 2006
[36]

2020.IUDX Platform Architecture

India Urban Data Exchange. 2020.IUDX Platform Architecture. Tech- nical Report. Indian Institute of Science and Ministry of Housing and Urban Affairs.https://iudx.org.in/

2020
[37]

Martin, Nedim Goren, and Charif Mahmoudi

Michaela Iorga, Larry Feldman, Robert Barton, Michael J. Martin, Nedim Goren, and Charif Mahmoudi. 2018.Fog Computing Conceptual Model. Technical Report SP 500-325. National Institute of Standards and Technology.https://nvlpubs.nist.gov/nistpubs/SpecialPublications/ NIST.SP.500-325.pdf

2018
[38]

Moeslund

Morten Bornø Jensen, Andreas Møgelmose, and Thomas B. Moeslund
[39]

In IEEE 23rd International Conference on Intelligent Transportation Systems (ITSC)

Presenting the Multi-view Traffic Intersection Dataset (MTID): A Detailed Traffic Dataset at a Four-Way Signalized Intersection. In IEEE 23rd International Conference on Intelligent Transportation Systems (ITSC). 1–6. doi:10.1109/ITSC45102.2020.9294582

work page doi:10.1109/itsc45102.2020.9294582 2020
[40]

Seungmyeong Jeong, Seongyun Kim, and Jaeho Kim. 2020. City Data Hub: Implementation of Standard-Based Smart City Data Platform for Interoperability.Sensors20, 23 (2020), 7000. doi:10.3390/s20237000

work page doi:10.3390/s20237000 2020
[41]

Ryan Johnston. 2020. Digital privacy concerns will follow Side- walk Labs to next venture, says former consultant.StateScoop (2020).https://statescoop.com/ann-cavoukian-waterfront-toronto- digital-privacy-concerns-sidewalk-labs/

2020
[42]

Ava Kofman. 2018. Are New York’s Free LinkNYC Internet Kiosks Tracking Your Movements? The Intercept.https://theintercept.com/ 2018/09/08/linknyc-free-wifi-kiosks/

2018
[43]

Bastian Könings, Sebastian Thoma, Florian Schaub, and Michael We- ber. 2014. PriPref Broadcaster: Enabling Users to Broadcast Privacy Preferences in Their Physical Proximity. InProc. 13th International Conference on Mobile and Ubiquitous Multimedia (MUM). 133–142. doi:10.1145/2677972.2677978

work page doi:10.1145/2677972.2677978 2014
[44]

Harold W Kuhn. 1955. The Hungarian method for the assignment problem.Naval research logistics quarterly2, 1-2 (1955), 83–97. doi:10. 1002/nav.3800020109

1955
[45]

Hansi Liu, Abrar Alali, Mohamed Ibrahim, Bryan Bo Cao, Nicholas Meegan, Hongyu Li, Marco Gruteser, Shubham Jain, Kristin Dana, Ashwin Ashok, Bin Cheng, and Hongsheng Lu. 2022. Vi-Fi: Associating Moving Subjects across Vision and Wireless Sensors. In2022 21st ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN). 208–219. do...

work page doi:10.1109/ipsn54338.2022.00024 2022
[46]

Leixian Liu. 2019. A Passenger Flow Data Set Collected in the Metro System of Hangzhou, China. doi:10.5281/zenodo.3145404

work page doi:10.5281/zenodo.3145404 2019
[47]

Pablo Alvarez Lopez, Michael Behrisch, Laura Bieker-Walz, Jakob Erdmann, Yun-Pang Flötteröd, Robert Hilbrich, Leonhard Lücken, Johannes Rummel, Peter Wagner, and Evamarie Wießner. 2018. Mi- croscopic Traffic Simulation using SUMO. InProc. IEEE International Conference on Intelligent Transportation Systems (ITSC). 2575–2582. doi:10.1109/ITSC.2018.8569938

work page doi:10.1109/itsc.2018.8569938 2018
[48]

Robert MacDavid, Carmelo Cascone, Pingping Lin, Badhrinath Pad- manabhan, Ajay Thakur, Larry Peterson, Jennifer Rexford, and Oguz Sunay. 2021. A P4-based 5G User Plane Function. InProc. ACM SOSR. 162–168. doi:10.1145/3482898.3483358

work page doi:10.1145/3482898.3483358 2021
[49]

Simon McCormack and Daniel Schwarz. 2023. LinkNYC is a Pri- vacy Disaster. Here’s Why. New York Civil Liberties Union (NYCLU) Commentary.https://www.nyclu.org/commentary/linknyc-privacy- disaster-heres-whyAccessed February 2026

2023
[50]

Nathaniel Meyersohn. 2026. Wegmans is Scanning Your Face at Some Stores. It’s Not the Only Company.CNN Business (2026).https://www.cnn.com/2026/01/12/business/wegmans-facial- recognition-technology

2026
[51]

Anton Milan, Laura Leal-Taixé, Ian Reid, Stefan Roth, and Konrad Schindler. 2016. MOT16: A Benchmark for Multi-Object Tracking. arXiv preprint arXiv:1603.00831(2016)

work page Pith review arXiv 2016
[52]

Moss and Carson Qing

Mitchell L. Moss and Carson Qing. 2012.The Dynamic Popula- tion of Manhattan. Technical Report. Rudin Center for Transporta- tion Policy and Management, NYU Wagner School of Public Ser- vice.https://wagner.nyu.edu/impact/research/publications/dynamic- population-manhattan

2012
[53]

Mozilla. 2022. Over a decade of anti-tracking work at Mozilla. https://blog.mozilla.org/en/privacy-security/mozilla-anti-tracking- milestones-timeline/

2022
[54]

Rohan Murty, Geoffrey Mainland, Ian Rose, Atanu Roy Chowdhury, Abhimanyu Gosain, Josh Bers, and Matt Welsh. 2008. CitySense: An Urban-Scale Wireless Sensor Network and Testbed. InProc. IEEE International Conference on Technologies for Homeland Security. 583–

2008
[55]

doi:10.1109/THS.2008.4534518

work page doi:10.1109/ths.2008.4534518 2008
[56]

Charlie Mydlarz, Mohit Sharma, Yitzchak Lockerman, Ben Steers, Claudio Silva, and Juan Pablo Bello. 2019. The Life of a New York City Noise Sensor Network.Sensors19, 6 (2019), 1415. doi:10.3390/s19061415

work page doi:10.3390/s19061415 2019
[57]

2020.NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Man- agement, Version 1.0

National Institute of Standards and Technology. 2020.NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Man- agement, Version 1.0. Technical Report. National Institute of Standards and Technology.https://www.nist.gov/privacy-framework

2020
[58]

New York City Council. 2021. Biometric Identifier Information Law.https://codelibrary.amlegal.com/codes/newyorkcity/latest/ NYCadmin/0-0-0-131285

2021
[59]

NYC Department of Transportation. 2023. Bicycle Counts. NYC Open Data.https://data.cityofnewyork.us/Transportation/Bicycle- Counts/uczf-rk3cWilliamsburg Bridge Bike Path, 15-minute Eco- Counter data

2023
[60]

2024.Cycling in the City: Bicycling in New York City

NYC Department of Transportation. 2024.Cycling in the City: Bicycling in New York City. Technical Report.https://www.nyc.gov/html/dot/ html/bicyclists/bikestats.shtml

2024
[61]

2024.New York City Bridge Traffic Volumes

NYC Department of Transportation. 2024.New York City Bridge Traffic Volumes. Technical Report.https://data.cityofnewyork.us/ Transportation/Traffic-Volume-Counts/btm5-ppia

2024
[62]

2020.Functional Architecture (TS-0001)

oneM2M. 2020.Functional Architecture (TS-0001). Technical Re- port. oneM2M Partners Type 1.https://www.onem2m.org/technical/ published-specifications

2020
[63]

Open Geospatial Consortium. 2016. SensorThings API Part 1: Sensing. https://www.ogc.org/standards/sensorthings

2016
[64]

Organisation for Economic Co-operation and Development. 1980. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. Technical Report. OECD, Paris.https:// legalinstruments.oecd.org/public/doc/114/114.en.pdfAdopted 23 Sep- tember 1980; revised 2013

1980
[65]

Rajasekhara Babu, et al

Sharnil Pandya, Gautam Srivastava, Rutvij Jhaveri, M. Rajasekhara Babu, et al. 2023. Federated Learning for Smart Cities: A Comprehen- sive Survey.Sustainable Energy Technologies and Assessments55 (2023), 102987. doi:10.1016/j.seta.2022.102987

work page doi:10.1016/j.seta.2022.102987 2023
[66]

2023.Private 5G: A Sys- tems Approach

Larry Peterson, Oguz Sunay, and Bruce Davie. 2023.Private 5G: A Sys- tems Approach. Systems Approach LLC.https://5g.systemsapproach. org/cloud.htmlChapter 6: Managed Cloud Service

2023
[67]

Correlated noise mechanisms for differentially private learning, 2025

Krishna Pillutla, Jalaj Upadhyay, Christopher A. Choquette-Choo, Kr- ishnamurthy Dvijotham, Arun Ganesh, Monika Henzinger, Jonathan Katz, Ryan McKenna, H. Brendan McMahan, Keith Rush, Thomas Steinke, and Abhradeep Thakurta. 2025. Correlated Noise Mecha- nisms for Differentially Private Learning. arXiv:2506.08201 [cs.LG] doi:10.48550/arXiv.2506.08201

work page doi:10.48550/arxiv.2506.08201 2025
[68]

Attila Reiss. 2012. PAMAP2 Physical Activity Monitoring. UCI Ma- chine Learning Repository. doi:10.24432/C5NW2H

work page doi:10.24432/c5nw2h 2012
[69]

Silva, Josep Ll

Daniel Rivas, Francesc Guim, Jordà Polo, Pubudu M. Silva, Josep Ll. Berral, and David Carrera. 2022. Towards Automatic Model Special- ization for Edge Video Analytics.Future Generation Computer Systems 134 (2022), 399–413. doi:10.1016/j.future.2022.03.039 15

work page doi:10.1016/j.future.2022.03.039 2022
[70]

Ignacio Rodriguez, Huan Cong Nguyen, Niels T. K. Jørgensen, Troels B. Sørensen, Jan Elling, Matthias B. Gentsch, and Preben Mogensen. 2013. Path Loss Validation for Urban Micro Cell Scenarios at 3.5 GHz Com- pared to 1.9 GHz. InProc. IEEE GLOBECOM. 3942–3947. doi:10.1109/ GLOCOM.2013.6831689

work page arXiv 2013
[71]

Luis Sánchez, Luis Muñoz, José Antonio Galache, Pablo Sotres, Juan Ramón Santana, Verónica Gutiérrez, Rajiv Ramdhany, Alex Gluhak, Srdjan Krco, Evangelos Theodoridis, and Dennis Pfisterer
[72]

Computer Networks61 (2014), 217–238

SmartSantander: IoT Experimentation over a Smart City Testbed. Computer Networks61 (2014), 217–238. doi:10.1016/j.comnet.2013.12. 020

work page doi:10.1016/j.comnet.2013.12 2014
[73]

Schneider

Todd W. Schneider. 2016. A Tale of Twenty-Two Million Citi Bike Rides: Analyzing the NYC Bike Share System. Blog post.https://toddwschneider.com/posts/a-tale-of-twenty-two- million-citi-bikes-analyzing-the-nyc-bike-share-system/

2016
[74]

Daniel J. Solove. 2013. Privacy Self-Management and the Consent Dilemma.Harvard Law Review126, 7 (2013), 1880–1903

2013
[75]

State of California. 2020. California Consumer Privacy Act (CCPA).https://www.oag.ca.gov/sites/all/files/agweb/pdfs/privacy/ oal-sub-final-text-of-regs.pdf

2020
[76]

State of Connecticut. 2022. Connecticut Data Privacy Act (CT- DPA).https://portal.ct.gov/ag/sections/privacy/the-connecticut-data- privacy-act

2022
[77]

State of New Jersey. 2024. New Jersey Data Protection Act (NJDPA).https://www.cyber.nj.gov/guidance-and-best-practices/ identity-theft-privacy/data-privacy/nj-data-privacy-prevention-act

2024
[78]

Greg Sterling. 2017. Mobile-location data turns out-of-home billboards into ‘digital channel’.https://martech.org/mobile-location-data-turn- home-billboards-digital-channel/

2017
[79]

Pierre Tholoniat, Kelly Kostopoulou, Peter McNeely, Prabhpreet Singh Sodhi, Anirudh Varanasi, Benjamin Case, Asaf Cidon, Roxana Geam- basu, and Mathias Lécuyer. 2024. Cookie Monster: Efficient On-device Budgeting for Differentially-Private Ad-Measurement Systems. InPro- ceedings of the ACM SIGOPS 30th Symposium on Operating Systems Principles (SOSP ’24). ...

work page doi:10.1145/3694715.3695965 2024
[80]

Ultralytics. 2026. YOLO26.https://github.com/ultralytics/ultralytics. YOLO26n variant

2026

Showing first 80 references.