Post on 22-Dec-2015
transcript
Four Two Rants on Mobile Computing
Jason I. HongFeb 20 2007
Carnegie Mellon UniversityIntel Ultra-Mobile Devices Workshop
Two Rants on Mobile Computing
• Text input is terrible• Facing new privacy and security risks
• Cross-platform issues stifle wide-scale deployment• Conducting realistic user evaluations difficult
Rant #1 – Text Input is Terrible
• Standard phones– Multi-tap, 8-20 wpm, world record 29 wpm
– T9, ~20 wpm
• Special hardware– Twiddler, ~26-47 wpm (training)
• Pen– QWERTY, ~34 wpm
– IBM SHARK (pen), 60-70 wpm
• Stuck with ~20 wpm for near future
Rant #1 – Text Input is Terrible
• Observation: don’t have to support generic text input– Support input for tasks that are common when mobile
• inTouch – Leverage daily rhythms and real-time context
– Improve group awareness and messaging
• GurunGo– Use existing desktop web browsing activities
– Improve information retrieval while on the go
inTouch: Mobile Group Coordination
• Goal: Better coordination for small mobile groups– Contextual awareness
– Contextual messaging
Project: InTouch
It’s 4:30pm and Mom is stuck in traffic
inTouch checks her calendar and sees she’s supposed to pick up Cindy from ballet
Project: InTouch
Mom’s phone senses that she is in a traffic jam, and automatically prepares a status message
Mom hits “send”, and Cindy sees that Mom is running late. Cindy decides to wait inside.
inTouch: Mobile Group Coordination
• Using context to: – Select a message template
– Fill in the blanks (like a MadLib)
• When is contextual messaging useful?– Calendar alarms (“running late, will be there in <ETA>”)
– Current activity (“I’m in a meeting, done at <time>”)
– Daily rhythms (“Picked up kid ok” at 3PM)
– Messages received (“Where r u?” -> “I am at <place>”)
• Currently developing a working prototype
GurunGo
• Goal: Make it easy to access useful information while mobile
• Observation #1: People still tend to print out online maps, despite having mobile device. Why?– Found it via desktop, easier to print than to copy to mobile
– Slow or expensive wireless connections
– Inconvenient form factor on mobile device
• Observation #2: People don’t do the same kind of web browsing on mobile phones as on desktops– Don’t have to support all information finding tasks,
just ones more likely to be done when mobile
GurunGo Scenarios
• Idea: Tie mobile more closely with desktop
• You find an interesting product while browsing– Use GurunGo to copy-and-paste to mobile
– Augments with product reviews
– Copies to mobile
– Kept until explicitly deleted
• As you browse web on desktop:– GurunGo scans HTML for maps
– Generates speech-based directions
– Copies to mobile
– Directions eventually discarded after given time
GurunGo Usage
• Acquire– Let people explicitly copy-and-paste info to mobile
– Let people implicitly copy info via regular web browsing• GurunGo scans pages seen for potentially useful stuff
• Augment– Look for known data types, make mobile data more useful
– Ex. Augment maps with speech-based directions
• Copy (to mobile in the background)• Browse
– Organize data based on common data types
– Street addresses, product comparisons, phone #s
GurunGo: Speech-based Directions
Nice Features of GurunGo
• Reduces number of clicks to get to useful information– Can support specific information finding tasks while mobile
– Currently: Directions, products
– Future: Movies, phone #s, dates and times, recent emails
• Works even if you don’t have wide-area wireless– Works disconnected (no network or don’t want to pay)
– Only needs personal area network (Bluetooth)
Rant #2: New Privacy and Security Risks
• Mobile devices becoming intimate part of our lives– Mobile communication
– Mobile e-commerce
– Sharing location information with others
– Unlock doors in home
• Leads to lots of new risks– Mobile spyware (tracks location, already starting)
– Steal and punch thru corporate firewalls
– Device lost, embarrassment
User Controllable Privacy and Security
• Goal: Make it easy for people to manage privacy and security policies for pervasive computing– Simple UIs for specifying policies
– Clear notifications and explanations of what happened
– Better visualizations to summarize results
– Machine learning for learning preferences
– Start with small evaluations, continue with large-scale ones
• Large multi-disciplinary team and project– Six faculty, 1.5 postdocs, six students
– Supported by NSF, CMU CyLab
– Roughly 1 year into project
Contextual Instant Messaging
• Facilitate coordination and communication by letting people request contextual information via IM– Interruptibility (via SUBTLE toolkit)
– Location (via Place Lab WiFi positioning)
– Active window
• Developed a custom client and robot on top of AIM– Client (Trillian plugin) captures and sends context to robot
– People can query imbuddy411 robot for info• “howbusyis username”
– Robot also contains privacy rules governing disclosure
Contextual Instant MessagingPrivacy Mechanisms
• Web-based specification of privacy preferences– Users can create groups and
put screennames into groups
– Users can specify what each group can see
Contextual Instant MessagingPrivacy Mechanisms
• Notifications of requests
Contextual Instant MessagingPrivacy Mechanisms
• Social translucency
Contextual Instant MessagingPrivacy Mechanisms
• Audit logs
People Finder
• Location useful for micro-coordination– Meeting up
– Okayness checking
• Developed phone-based client– GSM localization (Intel)
• Conducted studies to see how people specify rules (& how well)
• See how well machine learning can learn preferences
Grey – Access Control to Resources
• Distributed smartphone-based access control system – physical resources like office doors,
computers, and coke machines
– electronic ones like computer accounts and electronic files
– currently only physical doors
• Proofs assembled from credentials– No central access control list
– End-users can create flexible policies
Some Early Lessons
• People don’t seem to think about things in terms of privacy and security, more of value proposition
• Need large network effects to study some things– Right now, only seeing small interesting results– Believe we will find interesting results with LOTS of people
• Machine learning seems promising• Social psychology issues
– Projecting a desired persona, plausible deniability
Cornwell, J., et al. User-Controllable Security and Privacy for Pervasive Computing. In the Proceedings of The 8th IEEE Workshop on Mobile Computing Systems and Applications (HotMobile 2007).
Other Rants (Briefly)
• Rant #3 – Cross-platform issues stifling wide-scale deployability– Symbian, Nokia, Palm, Windows Mobile, Blackberry
– All incompatible!
– J2ME only helps a little
– Severely limits deployability and usage of apps
• Rant #4 – Conducting realistic user evals difficult– Hard to do lab studies since (by definition) mobile
– Hard to observe while mobile
– Majority of people already have phones (contacts, phone#)
Summary
• Text input is terrible– Likely we will be stuck with 20wpm
– Leverage real-time context to support specific mobile information finding tasks rather than generic ones
• Facing new privacy and security risks– This may be an Achilles’ heel for pervasive computing
• Hard, and lots of devices to manage
– Our work looks at making it easy for people to specify, visualize, and manage their privacy and security policies
Backup Slides
Usability Issues
• ~20% of WiFi access points returned– People couldn’t figure out how to make it work
• My guess: ~80% of unsecured WiFi access points– When you are mobile, risk of eavesdroppers
– Computer security too hard to understand, too hard to setup
Usability Issues
• Phishing really really works– Exact numbers hard to find, but LOTS of people fall for them
• Semantic gap between us and everyday users– SSL, certificates, encryption, man-in-the-middle attacks
– But simple phishing is stunningly effective
• Observation: need security models that are invisible (managed by others) or extremely easy to understand
“Civilization advances by extending the number of operations we can perform without thinking about them.” - Alfred North Whitehead
Cultural Issues
• Browser Cookies– Originally meant for maintaining state
– Now a pervasive means for tracking people online
– Embedded in every browser, hard to change
• Observation: Security hard issue to wrap brain around– Hard to assess risk of low-probability event in future
– Adds to cost of development for uncertain benefit
– Thus, often done as an afterthought (ie too late)
Economic Issues
• Estimated cost of phishing in US is ~$5 billion• Solutions already exist
– Two-factor authentication– Email authentication
• But:– Non-computer scams ~$200 billion– Estimated cost of implementation > $5 billion
• Observation: Many solutions are out there, but: – Need to align needs of various parties (politics)– Need incentives (cost-benefit, law)
• Observation: Scammers getting more sophisticated– Market for scammers (setup + steal, mules, bookkeeping)– “Build it, and scammers will also come”
No Secure Mobile Computing Soon
• Lots of important info on mobile devices• Usability issues• Cultural issues• Economic issues
IEEE Computer, Dec 2005“Minimizing Security Risks in Ubicomp Systems”Invisible Computing Column
GurunGo: Product Reviews
Rant #2: New Privacy and Security Risks
This was just March 2006