We evaluate ways of sharing the data from our MobileMiner Android application ethically, including using OpenPDS

1. Towards a Mobile Social Data
Commons
Giles Greenway, Tobias Blanke, Mark Cote, (KCL) Leonard Mack
& Tom Heath (ODI)
Department of Digital Humanities
@KingsBSD
http://big-social-data.net/

2. A “mobile-data commons”?
• Most of us leave behind a data-trail
created by our mobile devices.
• Usually, it returns to us as targeted
adverts (See Private Eye's
“Malgorithms”...)
• How aware of this are mobile device
users?
• How else might this data be used?
• Can we build a “mobile data
commons”?

3. MobileMiner: App Data
• Android allows development without specific hardware or licenses.
• Cannot depend on mobile devices being rooted. (Normal users don't
have access to apps' SQLite databases.)
• Encouraging users to root devices can leave them vulnerable to malware.
(http://tinyurl.com/weidmandroid)
• Be conservative in what data we collect, to enable sharing.
• Can probe network sockets by polling /proc/<pid>/net/tcp. -Not
always reliable, but gives information about TCP ports, e.g. http on 80,
https on 443.
• Poll the Android network traffic API. -More (not totally) reliable, but
yields no other information.
• Record when apps send notifications to the user.

4. MobileMiner: Other Data.
• None of the content that apps transmit is
available.
• Can reason about data apps might transmit,
given their purpose and the permissions they
request. (e.g. location, wireless networks,
sensors...)
• Cannot detect when these permissions are used.
• Collect some of this data ourselves, in order to
reason about what apps are capable of.
• OpenCellId allows cell tower locations to be a de-
focussed proxy for user locations.
(http://opencellid.org/)

5. Storing Data: CKAN
• http://www.ckan.org
• App communicates via a custom
plugin.
• Users are identified only by a
randomly chosen ID, not associated
with an email address or any other
personal details.
• Access to the data granted on an
individual basis.
• Could be granted on the basis of roles
and institutions via the Shibboleth
plugin.
• Is this a social-data commons?

6. MobileMiner: Giving the Data Back,
●
App was installed on 20 Android
smartphones given to Young
Rewired State Volunteers.
(http://www.yrs.io/)
●
The app copies its SQLite
database to mass-storage where it
can be queried using other apps
or moved off-device.
●
The entire CKAN instance was
containerized and shared with the
YRS volunteers at a “datathon” .
Machine-learning tools provided
via Ipython Notebook / Jupyter.

7. MobileMiner: Analysing Data.
• Raw data is aggregated by a series
of Celery tasks to produced
derivate tables in the CKAN
instance.
• Aggregate daily app usage.
• Cluster trails of cell towers by k-
means with lat, long and their rates
of change forming the feature
vectors.

8. Is MobileMiner invasive? ODI Risk Assement
• The socket and network data are the “most novel
data” classes, but are unlikely to betray identity.
• App choice can still reveal information about
users. (KCL has its own timetable app. There are
Muslim call-to-prayer-apps.)
• Only connected cell-towers are recorded, so
triangulation is impossible. Resolution at least >
100m.
• Wireless networks, are more problematic, could
pin-point home addresses. Hash these in a future
release.
• Avoid collecting demographic information.

9. Other Attempts at a “Data Commons”
●
http://www.ubiquitouscommons.org/
●
Demo code exists:
https://github.com/xdxdVSxdxd/UbiquitousCommons-Plugin
●
Collects activity of common web-apps.
●
Stores data on a block-chain. (https://www.ethereum.org/)
●
Works as a Chrome browser plug-in.
●
Firefox for Android is the only pluggable mobile browser.
●
Use of the block-chain network is paid for by validating the
transactions of others. Is this feasible for the volume of data?
“Ubiquitous Commons”

10. Other Attempts at a “Data Commons”
●
http://www.nervousnet.ethz.ch/
●
Cross-platform peer-to-peer data collection
and sharing.
●
“Quantified self” type data...
●
Code exists: https://github.com/nervousnet
●
Live trial at CCC Congress 2014:
http://tinyurl.com/nervousnet-ccc2014
“Nervous Net”

11. An existing solution? -openPDS.
●
http://openpds.media.mit.edu/
●
Each user has their own instance of the
Personal Data Store (PDS) web
application.
●
Users authorize apps to write to their own
PDS via a registry server.
●
Mobile app gathers data using the Funf
framework.
●
The app transmits data to the user's PDS.
●
Third parties can request answers to pre-
defined questions about the data framed as
Celery tasks.
●
Docker container for the servers:
github.com/kingsBSD/odopds-dev

12. Using the Funf framework.
●
http://funf.org/
●
Many Funf “probes” are available, many
far more invasive than anything
collected by MobileMiner.
●
Trivial to re-write MobileMiner's data
collection as a set of custom Funf
probes.
●
Funf pipeline is completely specified by
a JSON string referred to in
AndroidManifest.xml.
●
Fund/openPDS integration is provided.
●
Re-implement tables derived from raw
data as PDS “questions”.

13. Securing openPDS.
●
“A

14. file

15. containing

16. each

17. such

18. question

19. is

20. submitted

21. to

22. the

23. personal

24. data

25. store...”

26. -openPDS

27. developer

28. docs.
●
Who

29. is

30. the

31. gate-keeper

32. for

33. submitting

34. questions?

35. Is

36. it

37. feasible

38. to

39. automate

40. the

41. detection

42. of

43. malicious

44. code?
●
“openPDS/SafeAnswers

45. however

46. still

47. face

48. a

49. number

50. of

51. challenges...

52. ...the

53. automatic

54. or

55. semi-automatic

56. validation

57. of

58. the

59. processing

60. done

61. by

62. a

63. PDS

64. module...”

65. http://journals.plos.org/plosone/article?id=10.1371/journal.pone.0098790
●
Python

66. is

67. very

68. good

69. at

70. introspection.

71. All

72. too

73. easy

74. to

75. crash the
interpreter.

76. (openpds.questions.mitfit_tasks.py

77. imports

78. the

79. sys

80. module.

81. Can

82. shutdown

83. celery

84. from

85. the

86. task

87. module.)
>>> # How to call sys.exit() without mentioning it.
>>> import sys
>>> s = sys
>>> s.__dict__[''.join([chr(i-13) for i in [114, 133, 118, 129]])]()

88. Incentives to Adopt openPDS?
●
Many

89. have

90. fallen

91. foul

92. of

93. Facebook's

94. “real

95. names”

96. policy,

97. yet

98. adoption

99. of

100. Friendica,

101. Diaspora

102. and

103. other

104. distributed

105. social

106. networks

107. is

108. low.

109. Was

110. USENET

111. the

112. original

113. open,

114. federated

115. social

116. network?

117. (
https://medium.com/@violetblue

118. http://tinyurl.com/maradydd80

119. )
●
Will

120. individuals

121. host

122. their

123. own

124. PDS?

125. Do

126. they

127. value

128. their

129. data

130. enough?
●
Would

131. “PDS-as-a-service”

132. defeat

133. the

134. object?
●
Is

135. there

136. any

137. incentive

138. for

139. current

140. service

141. providers

142. to

143. relax

144. their

145. monopoly

146. on

147. our

148. data?

150. MIT

151. Media

152. Lab

153. is

154. now

155. investigating

156. the

157. block-chain:
http://enigma.media.mit.edu/
https://web.media.mit.edu/~guyzys/data/ZNP15.pdf
The

158. app

159. is

160. currently

161. tracking

162. ~30

163. masters

164. students.
-Repeat

165. the

166. “datathon”,

167. and

168. masterclass

169. on

170. app

171. reversal:

172. http://kingsbsd.github.io/DroidDestructionKit/
Potential

173. for

174. use

175. in

176. the

177. training

178. aspect

179. of

180. the

181. SoBigData

182. project:

183. http://www.sobigdata.eu/

185. MobileMiner:

186. http://kingsbsd.github.io/MobileMiner
Twitter:

187. @KingsBSD

188. Blog:

189. http://big-social-data.net/
Slideshare:

190. http://www.slideshare.net/kingsBSD/