1 / 28

Privacy, Availability, and Economics in the Polaris Mobile S ocial Network

Privacy, Availability, and Economics in the Polaris Mobile S ocial Network. Christo W ilson , Troy S teinbauer , Gang W ang, A lessandra S ala , H aitao Z heng and Ben Y. Zhao University of California, Santa Barbara. Today’s OSNs. $$$. :). Easy to Use High Availability Free. :).

garson
Download Presentation

Privacy, Availability, and Economics in the Polaris Mobile S ocial Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy, Availability, and Economicsin the PolarisMobile Social Network Christo Wilson, Troy Steinbauer, Gang Wang, Alessandra Sala, HaitaoZheng and Ben Y. Zhao University of California, Santa Barbara

  2. Today’s OSNs $$$ :) Easy to Use High Availability Free :) Limited Privacy :(

  3. Privacy Issues • “Facebook Changes News Feed After Privacy Panic” • http://downloadsquad.switched.com/2006/09/08/facebook-changes-news-feed-after-privacy-panic/ • “Facebook’s Beacon More Intrusive Than Previously Thought” • http://www.pcworld.com/article/140182/facebooks_beacon_more_intrusive_than_previously_thought.html • “Facebook’s ‘Like This’ Button is Tracking You” • http://www.thinq.co.uk/2010/11/30/facebooks-button-tracking-you/ • “Are Facebook Applications A Privacy Disaster in the Making?” • http://www.techdirt.com/articles/20080123/15023050.shtml • “Facebook’s Plan to Automatically Share Your Data With Sites You Never Signed Up For” • http://techcrunch.com/2010/03/26/facebooks-plan-to-automatically-share-your-data-with-sites-you-never-signed-up-for/

  4. Users vs. OSN Providers • Tension between users and providers • Encryption prevents contextual targeting • Facebook serves 23% of online ads* • Currently, users cannot win $$$ >:( Person B PhD @UCSB 104 Friends Interests: Graduating Person A Undergrad @ UCSB 537 Friends Interests: Partying! :( :) ? *Source: comScore - http://www.comscore.com/Press_Events/Press_Releases/2010/11/U.S._Online_Display_Advertising_Market_Delivers_22_Percent_Increase_in_Impressions

  5. Privacy Preserving OSNs Tradeoffs between privacy and cost • P2P OSNs • Safebook, PeerSoN • DHTs for persistent storage • Cloud-based OSNs • Vis-à-Vis, Persona, Contrail • User’s manage social data • Lockr: encryption for social links :) :) :) :( :( :( Privacy is not “one-size-fits-all” Users need choices between privacy/cost

  6. Privacy/Cost Tradeoffs Costly For Users • Research Proposals • P2P • Cloud Hosting :) :) • Open Source OSNs • Diaspora • Status.net Polaris No Cost to Users Ideal Today’s OSNs Total Privacy from Providers No Privacy from Providers

  7. Goals • Maintain positive aspects of current OSNs • High availability • Ease of use • Monetary incentives for providers • Additional features • Choices between providers • Tradeoffs between privacy and cost • Interoperability

  8. Outline • Introduction • High-Level Design • Polaris in Practice • Conclusions & Future Work

  9. Introducing Polaris • 1) Smartphone Client • Acts as OSN core • Stores sensitive data • Manages identity • 2) Commoditized Providers • Existing or homegrown • Host social data Polaris API Polaris API Common APIs

  10. Why Smartphones? On Hand More Connected than Notebooks Already Social :) :( Use commoditized services for availability -Smartphone Availability is questionable + Good enough for management tasks ! :( :( !

  11. Providers and APIs • Compatibility • User to provider • User to user • Privacy • Data is partitioned • Security microkernel • User choice • Provider switching • Encryption is optional • Security as feature @ i Free Hosting Ad Supported Full Encryption Fee-Based

  12. Outline • Introduction • High-Level Design • Polaris in Practice • Conclusions & Future Work

  13. Polaris Basics • Polaris APIs use OpenID to identify users • Smartphone is identity provider • Server-side push messaging • Token based authentication • Lightweight, secure version of OAuth • Secures each relationship in Polaris • Example activities • Provider sign-up • Distributed access control

  14. Provider Sign-up • Providers authenticate users via OpenID • Users control disclosure of personal info ? “@Alice: Welcome to Twitter!” • Resolve OpenID • Captcha • Terms of Service • Required Info • Finalization • Auth Tokens • Sign-up Request • OpenID URL • Confirmation • Profile Info “I just signed up For Twitter.”

  15. Access Control • Users upload ACLs to providers “@Alice: How’s the weather in AZ?” • Access Control • Token for Bob • Update ACLs • Token for Bob • Permissions for Bob “I’m at HotMobile 2011.”

  16. Outline • Introduction • High-Level Design • Polaris in Practice • Conclusions & Future Work

  17. Conclusion • Many small OSN providers today • Specialize in different data • Diverse monetization models • Offer an alternative to OSN centralization • Piece together into a complete OSN • Gives users choice • Propose Polaris • APIs + Commoditized providers • Smartphone acts a control center

  18. Limitations and Ongoing Work • Energy consumption • Provider security • Providers increase attack surface • Auditing tools to assess security of providers • Availability/Scalability • Availability vs. smartphone disconnections • Scaling to handle news-feeds • Account recovery and migration • Mobile devices get lost, stolen, broken • Accounts get compromised

  19. Questions?

  20. Polaris Prototype • Prototype Implementation • Android Client • Ruby Providers • Typical OSN Features • Status Updates • Photos • Geolocation Check-ins

  21. Service Composition • Providers can talk to each other • Uses same APIs and ACLs as friendship “Alice updated herphotos!” • Access Control • Token for Flickr • Update ACLs • Token for Flickr • Permissions for Flickr

  22. Network Scalability • Can smartphones handle Polaris’ traffic? • Individual social data items are small • News-feed scales according: • # of friends • Activity profile of friends • Simulate daily network traffic • Driven by Facebook measurements • Vary user activity

  23. Simulated Downloads Per Day Worst Case Scenario: ~68MB/day Majority of users <1MB/day Polaris data usage is well within reason for today’s smartphones

  24. Battery Life Testing • Can today’s smartphones power Polaris? • Simulate typical day of usage (18 hours) • 3 T-Mobile G1 Android phones w/ 3G • 3 Usage Profile • No use (control) • 50th percentile Facebook user • 99th percentile Facebook user

  25. Battery Usage Over Time Average usagedrains additional ~10% Heavy usagedrains additional ~30% ~20% Battery Loss When Idle Worst Case Scenario >50% Battery Remaining News Feed Reading Even out-of-date smartphones can support a full day of heavy Polaris usage

  26. Battery Usage by Component OSNs on smartphones are screen limited, not network limited

  27. Security in Polaris • Network/Message Security • APIs are SSL encrypted • Auth. tokens prevent spoofing/spam • Account Recoverability • Built-in encrypted backup feature • APIs for account recovery after compromise • Provider Security • Data distribution increases attack footprint • How can user’s verify their providers?

  28. Provider Security and Auditing • Create Sybils and use them to probe providers Sybil Users @ @ @ Update ACLs Create Sybils Sybil Providers

More Related