Home Research Publications Talks Personal FAQ Bio
Research Overview
My research group is called CHIMPS (Computer Human Interaction: Mobility Privacy Security). My main research interests are in:
  • ubiquitous computing, especially context-aware and mobile social computing
  • usable privacy and security for ubicomp and cloud computing environments

Our research group has been generously funded through a number of sources, including the National Science Foundation, DARPA, the Army Research Office, Microsoft, Nokia Research, Intel, Google, Portugal Telecom, Pitney Bowes, CMU Cylab, NQ Mobile, Samsung, Yahoo!, the Institute for the Study of Entrepreneurship, Innovation, and Technology, and the Alfred P. Sloan Foundation.

I also help run the Pervasive Computing subreddit (please join!). I sometimes write for BLOG@CACM and Wombat Security Technologies' blog. I'm also a co-founder of Wombat Security Technologies.

What's New?
Dec 26, 2014
PrivacyGrade.org, which has our analysis of the privacy of 1 million Android smartphone apps, has been public for about a month. So far, our work has appeared on CNN, US News and World Report, New York Times, CNBC, IEEE Spectrum, Forbes, and more.

Dec 1, 2014
I'm very fortunate to have received the HCII Career Development fellowship. Special thanks to all of my colleagues and the students at CMU.

Nov 3, 2014
Our paper entitled Increasing Security Sensitivity With Social Proof: A Large-Scale Experimental Confirmation was presented at CCS 2014.

Oct 30, 2014
I briefed some Congressional staffers about our work on analyzing the privacy of smartphone apps.

Sep 17, 2014
My brother and I have created the Frances and Chou-Chu Hong graduate fellowship at the Veterinary and Animal Sciences Department at the University of Massachusetts, in honor of our wonderful parents.

Aug 1, 2014
Marco Gruteser and I will be technical program co-chairs for Mobisys 2015.

July 10, 2014
Wombat Security Technologies has closed Series B Funding of $6.7M with Level Equity. Read more here.

Jun 16, 2014
I gave the keynote talk at the Mobile Cloud Computing and Services Workshop, at Mobisys 2014. The talk was entitled Privacy, Ethics, and Big (Smartphone) Data.

Jun 13, 2014
Our group has two papers accepted to SOUPS 2014:

Jun 12, 2014
My company, Wombat Security Technologies, was profiled in the Pittsburgh Post Gazette. See the article here.

Jun 04, 2014
I was interviewed for a NY Times article entitled How Not to Pay the Price for Free Wi-Fi.

Mar 10, 2014
I gave a one hour crash course in UX and UI design. See the slides here.

Feb 26, 2014
Our group's work on predictive analytics was listed by the World Economic Forum as one of the top ten emerging technologies of 2014. See the article here.

Feb 25, 2014
I was interviewed on CBS Morning Show regarding mobile apps, privacy, and the new Blackphone smartphone. See the interview here.

Dec 9, 2013
Two of our group's papers were accepted to CHI 2014:

Oct 25, 2013
Gave a talk at PopTech 2013 on ubicomp sensing and privacy. See the slides and video here.

Aug 26, 2013
Wrote up a blog entry on Blog@CACM on Privacy and Google Glass.

Aug 9, 2013
Gave a talk at ISSA CISO Executive Forum on Leveraging Human Factors for Effective Security Training. See the slides here.

Dec 26, 2012
Our work on smartphone app privacy was featured on the CBS Morning Show.

Nov 30, 2012
Here is an extended analysis of the most unexpected behaviors we found in smartphone apps. This work is based on our Ubicomp 2012 paper on Expectation and Purpose: Understanding Users’ Mental Models of Mobile App Privacy through Crowdsourcing.

The image below shows the level of surprise for different kinds of permissions. For example, the figure below shows that 80% of people in our study were surprised that Angry Birds uses location data.

Oct 28, 2012
Our group's work on app scanning is mentioned in a NYTimes article about unusual behaviors of smartphone apps.

Apr 9, 2012
Our livehoods.org site is now public. Our vision is to re-imagine how cities work in the age of social media. Specifically, we've analyzed and clustered 18m foursquare checkins to understand how people use a city. We currently have maps for New York City and Pittsburgh. Livehoods has been featured in The Atlantic Cities, Wired Insider, MIT Technology Review, Fast Company Co.Design, New York Post, Wall Street Journal, and Haaretz.

Current Research
Research Overview
In the near future, our smartphones will know almost everything about us. These advances will offer us significant benefits in terms of healthcare, urban planning, information retrieval and more. However, at the same time, these advances pose significant new privacy challenges. How can we use this rich smartphone information in meaningful ways? At the same time, how can we improve the entire ecosystem around our personal data? You can see a short 5-minute video at PopTech summarizing my research on smartphones and privacy.

Augmented Social Graph
Smartphones and social networking services are both experiencing meteoric rates of adoption from people across most demographics. Combining smartphone data with social networking data creates an exciting new opportunity to observe and investigate social behavior at a level of detail and at a massive scale never before possible. Our goal is to build a better computational model of social relationships, capturing tie strength, groups, and roles.

See our CSCW 2013 paper on Mining Smartphone Data to Classify Life-Facets of Social Relationships.

UniAuth: Streamlining Authentication for Ubiquitous Computing
Passwords were a good idea when we only had a few of them, but don't work well now that we have many accounts, and also won't work well for devices that don't have screens or keyboard input. Our goal is to use smartphones to manage all of one's authentication needs, making authentication fast in safe situations, and reliable in unusual cases.

See our SOUPS 2013 paper on CASA and our Ubicomp 2013 paper on autobiographical authentication.

PrivacyGrade: Analyzing Smartphone App Privacy
Mobile smartphone apps can make use of a smartphone's numerous capabilities — including GPS, WiFi, camera, call logs, and contact lists — to create rich and compelling applications. However, these same capabilities are also being used in highly unexpected and privacy-intrusive ways. Our goal is to (a) develop a series of scalable techniques that combine crowdsourcing with static and dynamic analysis, to understand what mobile apps are really doing, and (b) design and evaluate better ways of communicating these behaviors to end-users.

See our Ubicomp 2012 paper examining the feasibility of using crowdsourcing to evaluate privacy policies, and our SOUPS 2014 paper looking to scale up our privacy models. We also interviewed and surveyed app developers to discover how they manage privacy. Part of our work was also mentioned in a NYTimes article about unusual behaviors of smartphone apps. You can also see an extended analysis of smartphone apps here.

The CHIMPS Research Team
Our research group is CHIMPS (Computer Human Interaction: Mobility Privacy Security). We have an amazingly talented group of PhD students and post-docs:
  • Afsaneh Doryab, working on smartphones, social relationships, and mental health
  • Jason Wiese, co-advised with John Zimmerman, working on understanding social relationships using smartphone and social network data
  • Eiji Hayashi, working on streamlining authentication in ubicomp and cloud computing environments
  • Sauvik Das, working on social dimensions of cybersecurity
  • Song Luan, working on large-scale analysis of smartphone apps
  • Dan Tasse, working on analytics and urban computing
Some alums of the CHIMPS group:
  • Karen Tang
  • Janne Lindqvist, now an asst prof at Rutgers
  • Polo Chau (with Christos Faloutsos and Niki Kittur), now an asst prof at Georgia Tech
  • Guang Xiang (with Carolyn Rose), now at Twitter
  • Jialiu Lin (with Norman Sadeh), now a privacy engineer at Google
  • Shah Amini, now at Google (previously Appthority)
  • Jun Ki Min, now at Motorola
  • Mike Villena, now at Appthority

Some of My Writings and Other Stuff I Helped Create
Blogs and social news sites I contribute to Web Design Patterns Design Patterns for Ubiquitous Computing Rapid Prototyping and Evaluation Tools Instructor Guides and Overviews Anti-Phishing Phil Advice for PhD students and Grad School Applicants My Cybersecurity Advice (for general audiences) Some Opinions The Design of Sites
I co-authored a book on web site design, which uses the notion of web design patterns as a way for facilitating the design of customer-centered web sites. Check out the web site for our book The Design of Sites. Our book has been translated into Polish, Chinese, Korean (and possibly other languages as well).
Currently Teaching (Spring 2015 and Summer 2015) Some Past Courses Taught
Current Service Some Past Service