Transcript Privacy, Availability, and Economics in the Polaris Mobile Social Network Christo Wilson, Troy Steinbauer, Gang Wang, Alessandra Sala, Haitao Zheng and Ben Y.

Privacy, Availability, and
Economics
in the Polaris
Mobile Social Network
Christo Wilson, Troy Steinbauer, Gang Wang,
Alessandra Sala, Haitao Zheng and Ben Y. Zhao
University of Califor nia, Santa Barbara
Today’s OSNs
:)
:)
Easy to Use
High Availability
Free
$$$
:(
Limited
Privacy
2
Privacy Issues
“Facebook Changes News Feed After Privacy Panic”
http://downloadsquad.switched.com/2006/09/08/facebook-changes-news-feed-after-privacy-panic/
“Facebook’s Beacon More Intrusive Than Previously
Thought”
http://www.pcworld.com/article/140182/facebooks_beacon_more_intrusive_than_previously_thought.html
“Facebook’s ‘Like This’ Button is Tracking You”
http://www.thinq.co.uk/2010/11/30/facebooks-button-tracking-you/
“Are Facebook Applications A Privacy Disaster in the
Making?”
http://www.techdirt.com/articles/20080123/15023050.shtml
“Facebook’s Plan to Automatically Share Your Data With
Sites You Never Signed Up For”
http://techcrunch.com/2010/03/26/facebooks-plan-to-automatically-share-your-data-with-sites-you-never-signed-up-for/
3
Users vs. OSN Providers
?
:(
>:(
:)
Person A
Undergrad @ UCSB
537 Friends
Interests: Partying!
Person B
PhD @UCSB
104 Friends
Interests: Graduating
$$$
Tension between users and providers
• Encryption prevents contextual targeting
• Facebook serves 23% of online ads*
Currently, users cannot win
*Source: comScore - http://www.comscore.com/Press_Events/Press_Releases/2010/11/U.S._Online_Display_Advertising_Market_Delivers_22_Percent_Increase_in_Impressions
4
Privacy Preserving OSNs
Tradeoffs between
privacy and cost
P2P OSNs
:)
:(
:)
:(
:)
:(
• Safebook, PeerSoN
• DHTs for persistent storage
Privacy is not “one-size-fits-all”
Cloud-based
OSNs
Users need
choices between privacy/cost
• Vis-à-Vis, Persona, Contrail
• User’s manage social data
Lockr: encryption for social links
5
Costly
For Users
:)
Privacy/Cost Tradeoffs
No Cost
to Users
:)
Research Proposals
Open Source OSNs
• P2P
• Diaspora
Polaris• Cloud Hosting
• Status.net
Today’s OSNs
No Privacy
from Providers
Ideal
Total Privacy
from Providers
6
Goals
Maintain positive aspects of current OSNs
• High availability
• Ease of use
• Monetary incentives for providers
Additional features
• Choices between providers
• Tradeoffs between privacy and cost
• Interoperability
7
Outline
Introduction
 High-Level Design
Polaris in Practice
Conclusions & Future Work
8
Introducing Polaris
2) Commoditized Providers
• Existing or homegrown
• Host social data
Polaris API
Polaris API
1) Smartphone Client
• Acts as OSN core
• Stores sensitive data
• Manages identity
Common APIs
9
Why Smartphones?
:)
:(
On Hand
More Connected
- Smartphone Availability
is questionable
thanmanagement
Notebooks
+Good enough for
tasks
Already Social
Use commoditized services for availability
:(
:(
!
!
10
Providers and APIs
Compatibility
• User to provider
• User to user
Privacy
• Data is partitioned
• Security microkernel
User choice
i
@
Free Hosting
Ad Supported
Full Encryption
Fee-Based
• Provider switching
• Encryption is optional
• Security as feature
11
Outline
Introduction
High-Level Design
 Polaris in Practice
Conclusions & Future Work
12
Polaris Basics
Polaris APIs use OpenID to identify users
• Smartphone is identity provider
• Server-side push messaging
Token based authentication
• Lightweight, secure version of OAuth
• Secures each relationship in Polaris
Example activities
• Provider sign-up
• Distributed access control
13
Provider Sign-up
Providers authenticate users via OpenID
Users control disclosure of personal info
?
“I just signed up
Confirmation
For
Twitter.”
Sign-up
Request
• Profile Info
• OpenID URL
“@Alice: Welcome
Resolve
OpenID
to
Twitter!”
Finalization
• Captcha
•• Auth
TermsTokens
of Service
• Required Info
14
Access Control
Users upload ACLs to providers
Update ACLs
• Token
for Bob
“I’m
at HotMobile
• Permissions for Bob
2011.”
“@Alice: How’s the
weather in AZ?”
Access Control
• Token for Bob
15
Outline
Introduction
High-Level Design
Polaris in Practice
 Conclusions & Future Work
16
Conclusion
Many small OSN providers today
• Specialize in different data
• Diverse monetization models
Offer an alternative to OSN centralization
• Piece together into a complete OSN
• Gives users choice
Propose Polaris
• APIs + Commoditized providers
• Smartphone acts a control center
17
Limitations and Ongoing Work
Energy consumption
Provider security
 Providers increase attack surface
 Auditing tools to assess security of providers
Availability/Scalability
 Availability vs. smartphone disconnections
 Scaling to handle news-feeds
Account recovery and migration
 Mobile devices get lost, stolen, broken
 Accounts get compromised
18
Questions?
19
Polaris Prototype
Prototype Implementation
• Android Client
• Ruby Providers
Typical OSN Features
• Status Updates
• Photos
• Geolocation Check-ins
20
Service Composition
Providers can talk to each other
Uses same APIs and ACLs as friendship
Access Control
• Token for Flickr
“Alice updated
her photos!”
Update ACLs
• Token for Flickr
• Permissions for Flickr
21
Network Scalability
Can smartphones handle Polaris’ traffic?
Individual social data items are small
News-feed scales according:
• # of friends
• Activity profile of friends
Simulate daily network traffic
• Driven by Facebook measurements
• Vary user activity
22
Simulated Downloads Per Day
Kilobytes per User per Day
100000
10000
Worst Case Scenario:
~68MB/day
1000
of users
PolarisMajority
data usage
is well within reason for
<1MB/day
today’s smartphones
10
100
99th Percentile
75th Percentile
50th Percentile
25th Percentile
1
0,1
0
1000
2000
3000
Number of Friends
4000
5000
23
Battery Life Testing
Can today’s smartphones power Polaris?
Simulate typical day of usage (18 hours)
• 3 T-Mobile G1 Android phones w/ 3G
• 3 Usage Profile
1. No use (control)
# of
Items
2. 50th percentile
Facebook
user Screen-On Time
Action
50% Facebook
99% user50%
99%
3. 99th percentile
Status Update
1
2
1 minute
Photo Uploads
1
1
1 minute
Receive Comments
1
22
1 minute
News Feed Reading
137
117K
46 min.
92 min.
24
Battery Usage Over Time
% of Battery Remaining
100
90
Average usage drains
additional ~10%
80
Even out-of-date smartphones can
~20%
Battery
News support
Feed Reading
a full day of
heavy
Polaris
usage
Worst
Case
Scenario
70
Loss
When
Idle
Heavy
usage
drains
>50%
Battery
Remaining
additional ~30%
Control
60
50th Percentile
99th Percentile
50
0
3
6
9
12
Time in Hours
15
18
25
Battery Usage by Component
% of Total Power Dissipated
100%
80%
60%
40%
Android OS
Android Sys
Cell Standby
Display
Phone Idle
20%
OSNs on smartphones are screen
0%
Control not network
50th
99th
limited
Percentile
Percentile
limited,
26
Security in Polaris
Network/Message Security
• APIs are SSL encrypted
• Auth. tokens prevent spoofing/spam
Account Recoverability
• Built-in encrypted backup feature
• APIs for account recovery after compromise
Provider Security
• Data distribution increases attack footprint
• How can user’s verify their providers?
27
Provider Security and Auditing
Create Sybils and use them to probe providers
Sybil
Users
Update ACLs
@
@
Create Sybils
@
Sybil
Providers
28