Home Publications Recent Talks Personal FAQ Bio
What's New?
Nov 30, 2012
Here is an extended analysis of the most unexpected behaviors we found in smartphone apps. This work is based on our Ubicomp 2012 paper on Expectation and Purpose: Understanding Users’ Mental Models of Mobile App Privacy through Crowdsourcing.

The image below shows the level of surprise for different kinds of permissions. In our study, we operationalized privacy by looking at the difference between what people think an app does, and what it actually does. For example, the figure below shows that 80% of people in our study were surprised that Angry Birds uses location data.

Nov 7, 2012
No, your users aren't morons. This is a rant I wrote for my startup, Wombat Security Technologies, criticizing folks in the security community who have no empathy and no respect for the people they are supposed to be protecting.

Nov 5, 2012
Published a blog article in CACM entitled PhDs from the Faculty's Perspective

Oct 28, 2012
Our group's work on app scanning is mentioned in a NYTimes article about unusual behaviors of smartphone apps.

Oct 18, 2012
Our paper Mining Smartphone Data to Classify Life-Facets of Social Relationships was accepted to CSCW 2013.

Oct 14, 2012
Had a lot of fun at the Kavli Frontiers of Science (15th Chinese-American Symposium). It really amazed me as to the range of challenges that folks in other fields were facing, the tools and methods they used, plus the sheer challenges of complexity (especially in the life sciences).

Interestingly, one common theme I heard from several folks when I asked them about the toughest challenges in their field was that they were rapidly accumulating lots of facts (thanks to breakthroughs in tools) but had a hard time distilling those facts into useful and understandable kinds of models.

Sep 9, 2012
Jialiu Lin presented our Ubicomp 2012 paper on Expectation and Purpose: Understanding Users’ Mental Models of Mobile App Privacy through Crowdsourcing.

Sep 1, 2012
Congrats to Polo Chau, who is starting as an assistant professor at my alma mater, Georgia Tech.

Aug 27, 2012
Teaching the Social Web course this semester.

Aug 21, 2012
NSF will be funding our research on combining crowdsourcing with static and dynamic analysis for evaluating the privacy of Android apps. This is work with Janne Lindqvist at Rutgers and Joy Zhang at CMU Silicon Valley.

Aug 1, 2012
Mary Baker and I have created a subreddit for Pervasive Computing, meant as a shared community resource. Please join and share news articles, your works in progress, cool videos, discussion of research papers, conference reports, calls for papers, and more. Items shared may also be incorporated into a community column that Mary and I are heading up for IEEE Pervasive Computing magazine.

July 9, 2012
Our paper entitled OTO: Online Trust Oracle for User-Centric Trust Establishment has been accepted to CCS 2012.

June 29, 2012
Gave a talk at Microsoft Research entitled Social Graphs, Urban Analytics, and Smartphone Privacy. I also gave similar talks at Google and Facebook.

June 7, 2012
Our paper on LiveHoods has won the best paper award at ICWSM 2012.

Apr 30, 2012
I gave a talk at CMU Cylab's weekly seminar, entitled Crowdsourcing for Privacy and Security.

Apr 29, 2012
I'm the general chair for the workshop on Location-Based Social Networks 2012, which is co-located with Ubicomp 2012. Deadline for submissions is June 12, 2012.

Apr 29, 2012
Our Sketch It Make It (SIMI) site is now live. SIMI is a research prototype demonstrating a collection of sketch-based interaction techniques that let people design for laser cutters.

Apr 9, 2012
Our livehoods.org site is now public. Our vision is to re-imagine how cities work in the age of social media. Specifically, we've analyzed and clustered 18m foursquare checkins to understand how people use a city. We currently have maps for New York City and Pittsburgh. Livehoods has been featured in The Atlantic Cities, Wired Insider, MIT Technology Review, Fast Company Co.Design, New York Post, Wall Street Journal, and Haaretz.

Apr 3, 2012
MIT Tech Review has an article about our work on Using Crowdsourcing to Protect Privacy.

Apr 3, 2012
The CHIMPS group will have two papers at CHI 2012 this year
  • WebTicket: Account Management Using Printable Tokens
  • Understanding the Implications of Offering More Disclosure Choices for Location Sharing (short paper)

Apr 1, 2012
We received funding from DARPA for a project entitled Real-World Analytics: Combining Social Networks and Smartphones to Understand Social Graphs and Behaviors

Research Overview
 
My research group is called CHIMPS (Computer Human Interaction: Mobility Privacy Security). My current research interests are in:
  • ubiquitous computing, especially mobile social computing and context-aware computing
  • usable privacy and security for ubicomp and cloud computing environments

I also work with the CUPS lab (CMU Usable Privacy and Security) and the Mobile Commerce Lab. I'm an associate editor for IEEE Pervasive. I'm a co-founder of Wombat Security Technologies. I have also participated on DARPA's Computer Science Study Panel (CS2P), am an Alfred P. Sloan Research Fellow, and a Kavli Fellow.

Our research group has been generously funded through a number of sources, including the National Science Foundation, DARPA, the Army Research Office, Microsoft, Nokia Research, Intel, Google, Portugal Telecom, Pitney Bowes, CMU Cylab, the National Security Agency, the Institute for the Study of Entrepreneurship, Innovation, and Technology, and the Alfred P. Sloan Foundation.

I help run the Pervasive Computing subreddit (please join!). I also write for BLOG@CACM and Wombat Security Technologies' blog.


Current Research
 
Smartphones know almost everything about you, in terms of who you know, who you call, where you go, what you search, and what you do. Given this, how can we use this rich smartphone information in meaningful ways? At the same time, how can we protect this information and help people understand how their personal information is being used?

Augmented Social Graph
Smartphones and social networking services are both experiencing meteoric rates of adoption from people across most demographics. Combining smartphone data with social networking data creates an exciting new opportunity to observe and investigate social behavior at a level of detail and at a massive scale never before possible. Our goal is to build a better computational model of social relationships, capturing tie strength, groups, and roles. Such an augmented social graph will have a number of applications, in terms of streamlining communications and helping with privacy and security policies.

Context-Aware Scalable Authentication
Passwords were a good idea when we only had a few of them, but are having serious problems scaling up, especially as more ubicomp services and cloud computing services are deployed. Our goal with this project is to understand how to simplify authentication using a number of sensors and behavioral models, while also maintaining adequate levels of security.

CrowdScanning Android Apps
Mobile smartphone apps can make use of a smartphone's numerous capabilities — including network access, data storage, and sensors detecting motion, location, and sound level — and personal data, such as one's call logs and contacts list. These capabilities allow developers to create rich and compelling applications, but can also lead to new kinds of spyware, malware, and privacy intrusions. Our goal is to (a) develop a series of scalable techniques that combine crowdsourcing with static and dynamic analysis, to understand what mobile apps are really doing, and (b) design and evaluate better ways of communicating these behaviors to end-users.

See our Ubicomp 2012 paper examining the feasibility of using crowdsourcing to evaluate privacy policies. Part of our work was also mentioned in a NYTimes article about unusual behaviors of smartphone apps. You can also see an extended analysis of smartphone apps here.



The CHIMPS Research Team
Our research group is CHIMPS (Computer Human Interaction: Mobility Privacy Security). We have an amazingly talented group of PhD students and post-docs:
  • Afsaneh Doryab, working on smartphones, social relationships, and mental health
  • Jun Ki Min, working on data mining social relationships from smartphone data
  • Jialiu Lin, co-advised with Norman Sadeh, working on privacy and security of mobile apps
  • Jason Wiese, co-advised with John Zimmerman, working on understanding social relationships using smartphone and social network data
  • Eiji Hayashi, working on streamlining authentication in ubicomp and cloud computing environments
  • Shah Amini, working on privacy and security for mobile apps
  • Guang Xiang, co-advised with Carolyn Rose
  • Sauvik Das, working on streamlining authentication in ubicomp and cloud computing environments
Some folks I used to work with:
  • Karen Tang, now a postdoc at UC Irvine
  • Janne Lindqvist, now an assistant research professor at Rutgers
  • Polo Chau, co-advised with Christos Faloutsos and Niki Kittur, now an assistant professor at Georgia Tech

Some Stuff I Helped Create
Web Design Patterns Design Patterns for Ubiquitous Computing Rapid Prototyping and Evaluation Tools Instructor Guides Anti-Phishing Phil The Design of Sites
I co-authored a book on web site design, which uses the notion of web design patterns as a way for facilitating the construction of customer-centered web sites. Check out the web site for our book The Design of Sites. Our book has been translated into Polish, Chinese, Korean (and possibly other languages as well).
Teaching
Here are links to some courses I've taught at Carnegie Mellon University:
Service