doi:10.1016/j.knosys.2026.115893engMehavilla, LorenaGarcía, JoséAlesanco, ÁlvaroUnveiling user activities on instant messaging platforms: A study of activity fingerprinting through traffic analysis and machine learning techniquesART-2026-148928Encrypted instant messaging (IM) traffic conceals message content but still exposes communication patterns that can reveal user behaviour. This paper presents a unified framework for inferring user activities across multiple IM platforms by analysing encrypted traffic using machine learning techniques. The proposed approach integrates empirical traffic characterisation, transaction-centric segmentation, and lightweight classifiers to detect user actions, such as sending or receiving text and multimedia messages, in real time. Using Zeek as the core analysis engine, the framework performs packet inspection, transaction segmentation, connection classification, and feature extraction. The framework was evaluated on traffic from nine major IM platforms (Discord, Facebook Messenger, Instagram, Snapchat, Microsoft Teams, Telegram, WeChat, WhatsApp, and X), achieving F1 scores ranging from 0.62 for X up to 0.98 for WhatsApp. Unlike prior studies limited to single applications or synthetic datasets, our work employs realistic, user-driven traffic and explicitly distinguishes message type and direction, improving comparison and cross-platform generalization. Beyond methodological advancements, this study exposes privacy risks inherent in encrypted communication and outlines ethical safeguards and countermeasures to mitigate activity fingerprinting. The findings demonstrate that accurate, real-time inference of encrypted messaging activities is feasible under responsible, consent-based conditions, offering valuable insights for network forensics and privacy-aware communication design.2026http://zaguan.unizar.es/record/17044410.1016/j.knosys.2026.115893http://zaguan.unizar.es/record/170444oai:zaguan.unizar.es:170444info:eu-repo/grantAgreement/ES/DGA/T31-20Rinfo:eu-repo/grantAgreement/ES/MICIU/PID2022-136476OB-I00KNOWLEDGE-BASED SYSTEMS 342 (2026), 115893 [17 pp.]byhttps://creativecommons.org/licenses/by/4.0/deed.esinfo:eu-repo/semantics/openAccess