Four Two Rants on Mobile Computing

1
Four Two Rants on Mobile Computing

• Jason I. Hong
• Feb 20 2007
• Carnegie Mellon University
• Intel Ultra-Mobile Devices Workshop

2
Two Rants on Mobile Computing

• Text input is terrible
• Facing new privacy and security risks
• Cross-platform issues stifle wide-scale
  deployment
• Conducting realistic user evaluations difficult

3
Rant 1 Text Input is Terrible

• Standard phones
• Multi-tap, 8-20 wpm, world record 29 wpm
• T9, 20 wpm
• Special hardware
• Twiddler, 26-47 wpm (training)
• Pen
• QWERTY, 34 wpm
• IBM SHARK (pen), 60-70 wpm
• Stuck with 20 wpm for near future

4
Rant 1 Text Input is Terrible

• Observation dont have to support generic text
  input
• Support input for tasks that are common when
  mobile
• inTouch
• Leverage daily rhythms and real-time context
• Improve group awareness and messaging
• GurunGo
• Use existing desktop web browsing activities
• Improve information retrieval while on the go

5
inTouch Mobile Group Coordination

• Goal Better coordination for small mobile groups
• Contextual awareness
• Contextual messaging

6
Project InTouch
Its 430pm and Mom is stuck in traffic
inTouch checks her calendar and sees shes
supposed to pick up Cindy from ballet
7
Project InTouch
Moms phone senses that she is in a traffic jam,
and automatically prepares a status message
Mom hits send, and Cindy sees that Mom is
running late. Cindy decides to wait inside.
8
inTouch Mobile Group Coordination

• Using context to
• Select a message template
• Fill in the blanks (like a MadLib)
• When is contextual messaging useful?
• Calendar alarms (running late, will be there in
  ltETAgt)
• Current activity (Im in a meeting, done at
  lttimegt)
• Daily rhythms (Picked up kid ok at 3PM)
• Messages received (Where r u? -gt I am at
  ltplacegt)
• Currently developing a working prototype

9
GurunGo

• Goal Make it easy to access useful information
  while mobile
• Observation 1 People still tend to print out
  online maps, despite having mobile device. Why?
• Found it via desktop, easier to print than to
  copy to mobile
• Slow or expensive wireless connections
• Inconvenient form factor on mobile device
• Observation 2 People dont do the same kind of
  web browsing on mobile phones as on desktops
• Dont have to support all information finding
  tasks, just ones more likely to be done when
  mobile

10
GurunGo Scenarios

• Idea Tie mobile more closely with desktop
• You find an interesting product while browsing
• Use GurunGo to copy-and-paste to mobile
• Augments with product reviews
• Copies to mobile
• Kept until explicitly deleted
• As you browse web on desktop
• GurunGo scans HTML for maps
• Generates speech-based directions
• Copies to mobile
• Directions eventually discarded after given time

11
GurunGo Usage

• Acquire
• Let people explicitly copy-and-paste info to
  mobile
• Let people implicitly copy info via regular web
  browsing
• GurunGo scans pages seen for potentially useful
  stuff
• Augment
• Look for known data types, make mobile data more
  useful
• Ex. Augment maps with speech-based directions
• Copy (to mobile in the background)
• Browse
• Organize data based on common data types
• Street addresses, product comparisons, phone s

12
GurunGo Speech-based Directions
13
Nice Features of GurunGo

• Reduces number of clicks to get to useful
  information
• Can support specific information finding tasks
  while mobile
• Currently Directions, products
• Future Movies, phone s, dates and times, recent
  emails
• Works even if you dont have wide-area wireless
• Works disconnected (no network or dont want to
  pay)
• Only needs personal area network (Bluetooth)

14
Rant 2 New Privacy and Security Risks

• Mobile devices becoming intimate part of our
  lives
• Mobile communication
• Mobile e-commerce
• Sharing location information with others
• Unlock doors in home
• Leads to lots of new risks
• Mobile spyware (tracks location, already
  starting)
• Steal and punch thru corporate firewalls
• Device lost, embarrassment

15
User Controllable Privacy and Security

• Goal Make it easy for people to manage privacy
  and security policies for pervasive computing
• Simple UIs for specifying policies
• Clear notifications and explanations of what
  happened
• Better visualizations to summarize results
• Machine learning for learning preferences
• Start with small evaluations, continue with
  large-scale ones
• Large multi-disciplinary team and project
• Six faculty, 1.5 postdocs, six students
• Supported by NSF, CMU CyLab
• Roughly 1 year into project

16
Contextual Instant Messaging

• Facilitate coordination and communication by
  letting people request contextual information via
  IM
• Interruptibility (via SUBTLE toolkit)
• Location (via Place Lab WiFi positioning)
• Active window
• Developed a custom client and robot on top of AIM
• Client (Trillian plugin) captures and sends
  context to robot
• People can query imbuddy411 robot for info
• howbusyis username
• Robot also contains privacy rules governing
  disclosure

17
Contextual Instant MessagingPrivacy Mechanisms

• Web-based specification of privacy preferences
• Users can create groups andput screennames into
  groups
• Users can specify what each group can see

18
Contextual Instant MessagingPrivacy Mechanisms

• Notifications of requests

19
Contextual Instant MessagingPrivacy Mechanisms

• Social translucency

20
Contextual Instant MessagingPrivacy Mechanisms

• Audit logs

21
People Finder

• Location useful for micro-coordination
• Meeting up
• Okayness checking
• Developed phone-based client
• GSM localization (Intel)
• Conducted studies to see how people specify
  rules ( how well)
• See how well machine learning can learn
  preferences

22
Grey Access Control to Resources

• Distributed smartphone-based access control
  system
• physical resources like office doors, computers,
  and coke machines
• electronic ones like computer accounts and
  electronic files
• currently only physical doors
• Proofs assembled from credentials
• No central access control list
• End-users can create flexible policies

23
Some Early Lessons

• People dont seem to think about things in terms
  of privacy and security, more of value
  proposition
• Need large network effects to study some things
• Right now, only seeing small interesting results
• Believe we will find interesting results with
  LOTS of people
• Machine learning seems promising
• Social psychology issues
• Projecting a desired persona, plausible
  deniability
• Cornwell, J., et al. User-Controllable Security
  and Privacy for Pervasive Computing. In the
  Proceedings of The 8th IEEE Workshop on Mobile
  Computing Systems and Applications (HotMobile
  2007).

24
Other Rants (Briefly)

• Rant 3 Cross-platform issues stifling
  wide-scale deployability
• Symbian, Nokia, Palm, Windows Mobile, Blackberry
• All incompatible!
• J2ME only helps a little
• Severely limits deployability and usage of apps
• Rant 4 Conducting realistic user evals
  difficult
• Hard to do lab studies since (by definition)
  mobile
• Hard to observe while mobile
• Majority of people already have phones (contacts,
  phone)

25
Summary

• Text input is terrible
• Likely we will be stuck with 20wpm
• Leverage real-time context to support specific
  mobile information finding tasks rather than
  generic ones
• Facing new privacy and security risks
• This may be an Achilles heel for pervasive
  computing
• Hard, and lots of devices to manage
• Our work looks at making it easy for people to
  specify, visualize, and manage their privacy and
  security policies

26
Backup Slides
27
Usability Issues

• 20 of WiFi access points returned
• People couldnt figure out how to make it work
• My guess 80 of unsecured WiFi access points
• When you are mobile, risk of eavesdroppers
• Computer security too hard to understand, too
  hard to setup

28
Usability Issues

• Phishing really really works
• Exact numbers hard to find, but LOTS of people
  fall for them
• Semantic gap between us and everyday users
• SSL, certificates, encryption, man-in-the-middle
  attacks
• But simple phishing is stunningly effective
• Observation need security models that are
  invisible (managed by others) or extremely easy
  to understand

Civilization advances by extending the number of
operations we can perform without thinking about
them. - Alfred North Whitehead
29
Cultural Issues

• Browser Cookies
• Originally meant for maintaining state
• Now a pervasive means for tracking people online
• Embedded in every browser, hard to change
• Observation Security hard issue to wrap brain
  around
• Hard to assess risk of low-probability event in
  future
• Adds to cost of development for uncertain benefit
• Thus, often done as an afterthought (ie too late)

30
Economic Issues

• Estimated cost of phishing in US is 5 billion
• Solutions already exist
• Two-factor authentication
• Email authentication
• But
• Non-computer scams 200 billion
• Estimated cost of implementation gt 5 billion
• Observation Many solutions are out there, but
• Need to align needs of various parties (politics)
• Need incentives (cost-benefit, law)
• Observation Scammers getting more sophisticated
• Market for scammers (setup steal, mules,
  bookkeeping)
• Build it, and scammers will also come

31
No Secure Mobile Computing Soon

• Lots of important info on mobile devices
• Usability issues
• Cultural issues
• Economic issues

IEEE Computer, Dec 2005 Minimizing Security
Risks in Ubicomp Systems Invisible Computing
Column
32
GurunGo Product Reviews
33
Rant 2 New Privacy and Security Risks
This was just March 2006