Our taxonomy is built by inspecting 53 news reports and 25 research papers that cover different privacy threats associated with IoT sensitive data. The taxonomy contains three distinct IoT sensitive data categories and eight subcategories as shown in the table below.

We manually examined research papers published in the last five years on major security and privacy venues (namely, IEEE S&P, USENIX Security, CCS, NDSS, PETS, HCI, IMC, ISSTA, etc. ), and found those focusing on IoT privacy research. Below is an overview of the paper distribution.

[24] Mohannad Alhanahnah, Clay Stevens, and Hamid Bagheri. Scalable analysis of interaction threats in iot systems. In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, pages 272–285, 2020.

[25] Omar Alrawi, Chaz Lever, Manos Antonakakis, and Fabian Monrose. Sok: Security evaluation of home- based iot deployments. In 2019 IEEE Symposium on Se- curity and Privacy (SP), pages 1362–1380. IEEE, 2019.

[28] Noah Apthorpe, Danny Yuxing Huang, Dillon Reisman, Arvind Narayanan, and Nick Feamster. Keeping the smart home private with smart (er) iot traffic shaping. Proceedings on Privacy Enhancing Technologies, 2019.

[30] Leonardo Babun, Z Berkay Celik, Patrick McDaniel, and A Selcuk Uluagac. Real-time analysis of privacy-(un) aware iot applications. Proceedings on Privacy Enhancing Technologies, 2021.

[40] Guillaume Celosia and Mathieu Cunche. Discontinued privacy: Personal data leaks in apple bluetooth-low- energy continuity protocols. Proceedings on Privacy Enhancing Technologies, 2020:26–46, 2020.

[42] Haotian Chi, Qiang Zeng, Xiaojiang Du, and Lannan Luo. Pfirewall: Semantics-aware customizable data flow control for smart home privacy protection. 2021.

[43] Richard Chow. The last mile for iot privacy. IEEE Security & Privacy, 15(6):73–76, 2017.

[44] Camille Cobb, Sruti Bhagavatula, Kalil Anderson Garrett, Alison Hoffman, Varun Rao, and Lujo Bauer. “i would have to evaluate their objections”: Privacy tensions between smart home device owners and incidental users. Proceedings on Privacy Enhancing Technologies, 2021(4):54–75, 2021.

[46] ClaudiaDiaz,LukaszOlejnik,GunesAcar,andClaude Casteluccia. The leaking battery: a privacy analysis of the html5 battery status api. Lecture notes in computer science, 9481:254–263, 2015.

[50] Daniel J Dubois, Roman Kolcun, Anna Maria Man- dalari, Muhammad Talha Paracha, David Choffnes, and Hamed Haddadi. When speakers are all ears: Characterizing misactivations of iot smart speakers. Proceedings on Privacy Enhancing Technologies, 2020(4):255–276, 2020.

[52] Pardis Emami-Naeini, Yuvraj Agarwal, Lorrie Faith Cranor, and Hanan Hibshi. Ask the experts: What should be on an iot privacy and security label? arXiv preprint arXiv:2002.04631, 2020.

[53] Pardis Emami-Naeini, Henry Dixon, Yuvraj Agarwal, and Lorrie Faith Cranor. Exploring how privacy and security factor into iot device purchase behavior. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, pages 1–12, 2019.

[56] Julie Haney, Yasemin Acar, and Susanne Furman. " it’s the company, the government, you and i": User perceptions of responsibility for smart home privacy and security. In 30th USENIX Security Symposium (USENIX Security 21), 2021.

[60] Wajih Ul Hassan, Saad Hussain, and Adam Bates. Analysis of privacy protections in fitness tracking social networks-or-you can run, but can you hide? In 27th USENIX Security Symposium (USENIX Security 18), pages 497–512, 2018.

[62] Danny Yuxing Huang, Noah Apthorpe, Gunes Acar, Frank Li, and Nick Feamster. Iot inspector: Crowd- sourcing labeled network traffic from smart home de- vices at scale. arXiv preprint arXiv:1909.09848, 2019.

[70] Deepak Kumar, Kelly Shen, Benton Case, Deepali Garg, Galina Alperovich, Dmitry Kuznetsov, Rajarshi Gupta, and Zakir Durumeric. All things considered: an analysis of iot devices on home networks. In 28th USENIX Security Symposium (USENIX Security 19), pages 1169–1185, 2019.

[75] Nathan Malkin, Joe Deatrick, Allen Tong, Primal Wijesekera, Serge Egelman, and David Wagner. Privacy attitudes of smart speaker users. Proceedings on Privacy Enhancing Technologies, 2019(4), 2019.

[76] Sunil Manandhar, Kevin Moran, Kaushal Kafle, Ruhao Tang, Denys Poshyvanyk, and Adwait Nadkarni. Towards a natural perspective of smart homes for practical security and safety analyses.

[77] Anna Maria Mandalari, Daniel J Dubois, Roman Kolcun, Muhammad Talha Paracha, Hamed Haddadi, and David Choffnes. Blocking without breaking: Identification and mitigation of non-essential iot traffic. Proceedings on Privacy Enhancing Technologies, 2021.

[78] Shrirang Mare, Franziska Roesner, and Tadayoshi Kohno. Smart devices in airbnbs: Considering privacy and security for both guests and hosts. Proceedings on Privacy Enhancing Technologies, 2020(2):436–458, 2020.

[79] Abraham Mhaidli, Manikandan Kandadai Venkatesh, Yixin Zou, and Florian Schaub. Listen only when spoken to: Interpersonal communication cues as smart speaker privacy controls. Proceedings on Privacy Enhancing Technologies, 2020(2):251–270, 2020.

[80] Yuantian Miao, Xue Minhui, Chao Chen, Lei Pan, Jun Zhang, Benjamin Zi Hao Zhao, Dali Kaafar, and Yang Xiang. The audio auditor: user-level membership infer- ence in internet of things voice services. Proceedings on Privacy Enhancing Technologies, 2021:209–228, 2021.

[83] Hooman Mohajeri Moghaddam, Gunes Acar, Ben Burgess, Arunesh Mathur, Danny Yuxing Huang, Nick Feamster, Edward W Felten, Prateek Mittal, and Arvind Narayanan. Watching you watch: The tracking ecosystem of over-the-top tv streaming devices. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pages 131–147, 2019.

[89] TJ OConnor, Reham Mohamed, Markus Miettinen, William Enck, Bradley Reaves, and Ahmad-Reza Sadeghi. Homesnitch: behavior transparency and control for smart home iot devices. In Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, pages 128–138, 2019.

[92] Mert D Pesé, Xiaoying Pu, and Kang G Shin. Spy: Car steering reveals your trip route! Proceedings on Pri- vacy Enhancing Technologies, 2020(2):155–174, 2020.

[97] Jingjing Ren, Daniel J. Dubois, David Choffnes, Anna Maria Mandalari, Roman Kolcun, and Hamed Haddadi. Information exposure for consumer iot devices: A multidimensional, network-informed measurement approach. In Proc. of the Internet Measurement Conference (IMC), 2019.

[102] Vijay Sivaraman, Hassan Habibi Gharakheili, Clinton Fernandes, Narelle Clark, and Tanya Karliychuk. Smart iot devices in the home: Security and privacy implications. IEEE Technology and Society Magazine, 37(2):71–79, 2018.

[110] Janus Varmarken, Hieu Le, Anastasia Shuba, Athina Markopoulou, and Zubair Shafiq. The tv is smart and full of trackers: Measuring smart tv advertising and tracking. Proceedings on Privacy Enhancing Technologies, 2020(2), 2020.

[119] Lingjing Yu, Bo Luo, Jun Ma, Zhaoyu Zhou, and Qingyun Liu. You are what you broadcast: Identification of mobile and iot devices from (public) wifi. In 29th USENIX Security Symposium (USENIX Security 20), pages 55–72, 2020.

[121] Serena Zheng, Noah Apthorpe, Marshini Chetty, and Nick Feamster. User perceptions of smart home iot privacy. Proceedings of the ACM on Human-Computer Interaction, 2(CSCW):1–20, 2018.