Lumen Privacy Monitor

Principal Investigator(s): 
Narseo Vallina-Rodriguez

Your mobile phone hosts a rich array of information about you and your behavior. This includes a wide range of unique identifiers and sensitive personal information that enables online tracking, often times for delivering targeted advertisement. It is, however, striking how little insight and control we, as mobile users have into the operation and performance of our devices, into how (or whether) they protect information we entrust to them, and who they share it with. Further, it is not just regular users that are in the dark; much of the operation of mobile devices remains mysterious even to experts.

The ICSI Haystack project aims to overcome the limitations found on previous methodologies to better illuminate the mobile ecosystem at scale. At the core of the project is the Lumen app, available for free on Google Play. The app runs on the mobile phone itself and can comprehensively observe app, device and network activity. This will allow ICSI researchers to understand the operation, performance and personal information flow---including online third-party services collecting this information---at unprecedented scales with real user stimuli. Specifically, Lumen’s comprehensive vantage point facilitates four research thrusts: network performance analysis, mobile traffic characterization, analysis of the mobile tracking ecosystem, and mobile networking security assessment.

The team will develop significant understanding about the technical nature of the mobile ecosystem, however the largest contribution will leverage the user-facing aspect of Lumen to aid users in terms of better understanding their phones and the potential risks of various apps and operations. Any mobile user can benefit from and contribute to the ICSI Haystack project by installing our mobile app. In its current version, the Lumen app exposes to users detailed information about the hidden behavior of their mobile apps, with whom they talk to and if they do it securely (i.e., if they use encrypted protocols as HTTPS). ICSI does not collect any personal information about you or about your device for our studies; your personal information remains in your phone. The goal is to enable mechanisms that would help users to exercise control over how and to who their private information is exfiltrated. By giving users both transparency and control ICSI's Haystack project will not only shine a light on currently hidden behavior, but also offer users a lever by which to navigate around technical issues and possibly change the behavior of mobile carriers and app developers. The data collected will be publicly available for other researchers.

http://haystack.mobi

Download from Google play store