Personal Containers

Frictionless sharing could erode rights

2012-03-16T00:00:00-07:00

As services become ‘social’ the ability to seamlessly share things with your colleagues and friends becomes widespread. For example, Facebook allows users to connect their music services and share what they’re listening to with their friends.

In general, this type of sharing is considered largely innocuous, unless you count those occasions where your friends catch you listening to something embarrassing (though some services do offer a ‘private listening’ mode). However, it seems that users who take advantage of this kind of frictionless sharing might inadvertently be eroding their rights. At least in the USA.

An article in a student law journal makes some intriguing points about ubiquitous sharing, privacy law and social readers (which automatically share what you’re reading online). You may feel that sharing individual reading items is probably of little consequence but as all the major social networks have demonstrated, pieces of information can combine into valuable datasets.

… reading choices that seem innocuous to you can cumulatively be indicative of patterns, intent, or allegiances …

A fact already known to the American Library Association, who have been advocates of reader privacy since since 1939.

The question of rights arises when you consider what information the government can collect about you. The Fourth Amendment of the US Constitution guards against unreasonable searches and seizures and also relates to the “reasonable expectation of privacy”. It’s this expectation of privacy where the issues comes about.

In cases where the Fourth Amendment applies, the Supreme Court may need to decide what’s reasonable and whether warrants are required before the government can collect information. The fact that ‘expectations’ are involved necessarily means that cultural norms play a role in such decisions. If courts believe that sharing information through social networks with hundreds of ‘friends’ reduces the expectation of privacy, then warrants would no longer be required. In addition, law enforcement could argue that content was shared with the platform itself, thus no longer considered private. This is where individual rights begin to erode.

Overall, this is another indication that technology and behaviour are evolving much faster than the judicial process. People will still share articles and music choices but this shouldn’t imply that such items are de-facto considered as public.

Although the above refers to the US legal system, the discussion is still relevant for the UK. As our lives grow to include more digital interactions, the legal framework we operate in needs to adapt. Both to afford protection for individuals and also provide due process for law enforcement.

Friend recommendations and Address Book Privacy

2012-02-23T00:00:00-08:00

In the last couple of weeks another news story about privacy flared-up, gathered some momentum and appears to have died down.

The story was about how Path, a social networking app for the iPhone, was silently copying users’ address books to its servers. How it was discovered probably added some fuel to the story, since it involved a developer running a proxy and noticing what kind of information was being sent back and forth. The headline was that the entire address book was sent from the phone to Path’s servers. There was no indication in Path’s privacy policy that they collected information in this way (whether anyone actually reads such policies is a topic for another time). You can follow the unfolding events in the rough timeline below.

The justification for needing the address book data is to improve friend recommendations. For example, Alice joins a service and by accessing her address book, the service realises she has Bob’s contact details. Since Bob is already a member, the service can suggest that they connect. This ‘feature’ is commonplace in almost every social networking application. The issue with Path was that it occurred without users’ explicit consent and that the data was then stored on their servers. The CEO even commented that it was “industry best practice”.

It’s this last comment that is concerning. Mostly because it’s true.

Path wasn’t alone in quietly scraping users’ data. Although they didn’t suffer the same backlash, sites like Instagram, Twitter, Foursquare and others were also taking copies of users’ address books. All without the users’ explicit knowledge.

It appears that in the race to deliver excellent, well-designed user experiences, the simple act of informing users what you’re doing with their data is completely overlooked. Perhaps it’s one dialog box too far for the developers?

The surprising thing that’s come out of this isn’t only that data-copying is so prevalent but the attitude that it’s somehow Apple’s responsibility. Since Apple explicitly didn’t lock-down address book access, it must be acceptable to do whatever you want with it. Apple may be at fault for allowing unfettered access but their guidelines do state that:

Para 17.1 - Apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used

Para 17.2 - Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected

The meaning of “data about a user” could be considered a little ambiguous and this viewpoint also seems to be shared by two US Congressmen, who promptly sent a letter to Apple asking for clarification on data access.

In general, I find the annoyance directed at Apple to be counter-productive. Despite the seemingly failed app approval process, it’s still the social networks who wrote the code to copy data, without user prompting. Claims that it’s Apple’s fault for ‘letting them get away with it’ seem to be missing the point. That those networks should hold themselves to higher standards.

Each of these ‘privacy-leak’ stories seem to be short-lived but the growing frequency indicates that control over personal data and awareness of your ’lifelong digital footprint’ is becoming a more visible topic. As well it should be.

Rough timeline of events

[8 Feb] - Arun Thanmpi writes about the exact POST request which sends his entire address book to Path
[8 Feb] - Path CEO responds to comments on Thanmpi’s blog post, and mentions that this behaviour is “Industry best practice”, among other things
[8 Feb] - Another developer confirms that such behaviour is commonplace, but believes Apple is to blame
[9 Feb] - Path CEO apologises on their blog
[12 Feb] - NY Times article about the sensitivity of address book data
[14 Feb] - Venture Beat article mentioning other services that transmit address book data, including in plain-text
[15 Feb] - Congressmen write to Apple with several questions about Apple policies.
[15 Feb] - Apple makes a statement that “any app wishing to access contact data will require explicit user approval”
[22 Feb] - California Attorney General brings major tech vendors together to ensure all mobile apps come with a privacy policy

Connected devices, web services and Signpost

2012-02-08T00:00:00-08:00

Connected devices are here

The number of internet-enabled devices is increasing and mobile phones only represent one category. Other types of ‘enabled’ devices can be made quite cheaply, contain a multitude of sensors and be situated almost anywhere. For example, there are a couple of projects on Kickstarter that promise small boxes with a variety of sensors and even actuators, that can be used for a variety of purposes (see Twine and Ninja Blocks). The fact that these projects surpassed their funding goals so quickly and spectacularly indicates how excited people are about the possibilities of smart sensors and connected devices. Commercial products also exist, such as the Nest thermostat, which communicates with a cloud-based service to regulate the temperature in the home.

You can easily imagine many uses for such linked-sensor networks. One example might be a security and access system for your home. For example, imagine that you have a camera attached to your doorbell, which can send a video-feed directly to your smart-phone at work. You could then talk to the postman who’s trying to deliver a parcel and make sure he leaves it with people at No.3 or No.10 (people you actually know), and definitely not with the guy at No.1 (who you’ve never got on with). Perhaps you could also control the lock and let a trusted friend in if they’ve arrived while you’re still on your way home. The possibilities are only limited by the sensors, actuators and people’s imaginations.

The key point about these types of devices is that they’re ’connected’, which usually means ’connected-to-the-internet’. The implicit message is that they’re linked to some kind of centralised service but most people don’t delve into what that actually means.

All your device are belong to us … ?

Something common to all the rhetoric about connected devices (phones included) are references to cloud-based services. In fact, there’s a surprising lack of discussion about this aspect. It’s almost taken for granted that such devices will need to ‘dial home’ to achieve anything useful. ‘Home’ is typically a third-party service to which users are granted access (possibly as a subscription). It’s a little lax to discuss the ‘internet-of-things’ without also mentioning the centralised services that may underlie it.

Nikesh Arora of Google recently mentioned that “Consumers want a divergence of devices but a convergence of services”. It’s safe to assume that Google would like to be a point of convergence and have begun to position themselves in this way*. Arora, like many others, makes the implicit assumption that cloud-based services will provide the connectivity between devices. Specifically, that these web-based services will act to host, co-ordinate and route data from whichever devices are authenticated with them.

In all the excitement, what isn’t really discussed is the increasing amount of personal data that would have to be shared with such centralised services (of course, they would all claim that data security is paramount for them). Something to consider is whether the organisations even need to hold such information at all. For some companies, there may be a clear, strategic desire to collate and analyse user data (e.g Google is adept at monetising what it learns from users). However, in other cases, the back-end service may only exist to solve the problem of connectivity. Put bluntly, it’s difficult to get all your devices to talk to each other but much more straightforward to get them talking to one central point on the internet. For example, your phone can usually ‘find and connect’ to the internet, but it’s a lot more complicated if a device needs to ‘find and connect’ to your phone.

If a mechanism existed to allow devices to quickly and efficiently make direct connections with each-other, then perhaps many of the coming services could focus on the value-adding features, instead of how to get data from device A (my doorbell camera) to device B (my smart-phone screen).

Signpost addresses the difficult yet fundamental problem for properly enabling the ‘internet-of-things’. That of creating robust, ad-hoc, private connections between devices.

Signpost enables truly connected devices

Signpost enables devices to create bi-directional connections between each-other which can be used by applications to route data. It could be used by any arbitrary application that needs to get information from one device to another and can also achieve this in a way that doesn’t involve directly handling the data itself.

Since devices can be highly mobile, moving from wifi networks to 3G and back, Signpost maintains two useful pieces of information for each device. The first is a universal name for each device, which acts as a pointer. The second is a list of tactics, which can be enacted to create connections between two trusted devices. In some sense this is similar to the way DNS works, resolving device names into methods for connecting to those devices. Initially, a personal, centralised Signpost can act to co-ordinate these connections but an individual could have multiple Signposts. For example one could run on your network at home to enable connectivity between home devices in the absence of the external internet.

In this way, the critical problem that Signpost solves is the ability to traverse the messy and chaotic structure of the internet to provide end-to-end connectivity. More importantly, it can be done in an automated way that doesn’t require the end users of devices to behave differently and can enable new services to grow that don’t need to create web-services solely to co-ordinate devices.

Work is still progressing towards an alpha version and early results are very promising.

* For example, Google has recently merged its privacy policies to allow all their services to share data between them.

Towards Statistical Queries over Distributed Data

2012-01-26T00:00:00-08:00

One of the issues with the distributed nature of personal data is the ability to perform statistical queries over it. This is true of both aggregated data stores and those that only catalog data, which remains in its original location. In both cases, a client that wishes to run a query still has to request access to a number of stores and aggregate the results in an efficient manner. This last piece is exactly the scenario for which Dataware is being designed.

A new project is taking shape, which will use personal containers and the principles of Dataware to build an employee incentive scheme to optimise energy usage. It’s taking place at Cambridge University in two phases. The first phase is to gather fine-grained data from employees regarding travel habits and energy usage. The second phase aims to use this information to construct incentive schemes to help optimise the energy usage of employees and monitor the changes.

Energy use in buildings and in transport systems is rapidly becoming part of our lifelong contextual footprint so the study needs to be completed without participants sacrificing their privacy. Therefore, the project will enable a user to collect their private information into a personal container which they own. Then the project team can request the ability to run queries over subsets of the data contained in those stores. This arrangement facilitates the following:-

Allows the research team to calculate energy use accurately
Assures users that the data is only used for this application
Denies the team access to other data that is not relevant

The type of sensitive data relevant to the study will be daily commutes (e.g. GPS information between 8am-10am and 4pm-6pm on weekdays only). This information could be combined with public data (e.g. traffic data) and a series of incentives constructed to optimise the overall energy usage. A particularly exciting possibility would be the ability to test various types of incentives with different groups to see which are most effective. All while preserving the individual privacy of users.

We’ll post more information as the project develops, including the hurdles and technical challenges that need to be overcome. In the meantime, you can read more about the project itself at the C-AWARE site.

Privacy needs to be built in

2012-01-25T00:00:00-08:00

Today, news broke about how O2, a Mobile Network Operator, reveals customers’ mobile numbers when they browse from their phones. A site put together by Lewis Peckover simply displays the headers sent to his servers when people visit the page. If you visit from an O2 phone, then you ~~can~~ could easily see your phone number displayed. In other words, the phone number is simply given to the requesting server as plain text in the http headers (specifically x-up-calling-line-id). There was nothing particularly special about Lewis’ site so it’s reasonable to assume that any site people have browsed using their 3G connection could have kept a copy of the user’s number.

This is obviously a massive breach of privacy and as you can imagine, news of it spread fairly quickly via twitter. A few customers even posted templates to help others file complaints with the UK’s Data Protection office (who have now contacted O2 to “remind them of their data breach notification obligations”). One of the main objections was that advertisers who can track visitors now also have access to phone numbers which can be used to tie different visits together.

In fact, this isn’t the first time that mobile browsing has been shown to leak data. A prior study by Collin Mulliner in 2010 showed that the phone number could appear in any number of headers as well as other information (e.g your roaming status).

This highlights how ‘spread-out’ personal data has become and breaches like this serve to remind us how lax some organisations can be. As more and more people access the web via mobile devices, issues like this become more important. Products and services should be designed to be privacy-preserving from the very beginning. To some extent this can mitigate any mistakes that others can make but can also empower users by giving them the option to explicitly share information if they deem it sensitive.

(O2 has now written a post about what happened)

Growing awareness of Personal Data

2012-01-20T00:00:00-08:00

Awareness of Personal Data issues have risen in prominence in recent years and there have even been a number of new companies springing up around the idea of personal data stores. At the moment, only a handful of these are public and it’s likely that more of them are working away behind the scenes.

Although we won’t necessarily be discussing these sites in any detail it’s interesting that what they all have in common is the aim of aggregating a user’s data in one place. Once a user has collected all her data, the suggestion is that she can share those ‘data-streams’ with others, including services that she’s granted access to. At the moment there’s limited information on how this aspect would work in practice but it’s certainly important in order to liberate the value of that data.

In general, this approach seems similar to the previous iteration of Personal Containers. The idea of aggregating data into one place is fairly intuitive but as we’ve learned from prior feedback, there is valid concern about having “all your eggs in one basket”.

There have been security issues that highlight this problem. Last year a programming error at Dropbox, a popular file-syncing service, led to customer accounts being accessible. For a few hours you could access any user account with any arbitrary password. The flaw was possible because of the way Dropbox handles encryption, specifically that they hold users’ encryption keys and therefore have access to files.*

The situation above is a clear example that there should be more separation of privileges among our data. Our response to feedback was the concept of Dataware. The premise is to leave the data themselves in the most appropriate place but facilitate access to them. We achieve this by creating shims that can interface with services and at the moment the team has put together a couple that interface with social networking sites and another for Aether’s Notebook. These look very promising and we hope to continue developing these and others, along with the ability to run authorised computations on the data.

There’ll be more to follow in the coming weeks on different aspects of Personal Containers, covering both Dataware and Signpost.

*Although this might sound odd, many services do this. If a user forgets their password, the files can still be recovered. In this case there was some confusion about how security was presented to users. In order to have a fully secure system, users would need to accept that if they lost their passwords, the service wouldn’t be able to help.

Aether's Notebook

2011-09-01T00:00:00-07:00

Aether’s Notebook has been developed by Dominic Price as part of the Horizon Infrastructure project. For more details see the source or visit its wiki.

Many applications that make use of personal data start by logging data on mobile devices before subsequent upload and/or offline processing. Aether’s Notebook is a framework that separates the concerns of recording and storing log data. Structured as a client-server framework, it makes logging similar data by multiple applications efficient, provides a single interface for the user to control what is logged, and makes it straightforward to log new data types in a consistent fashion.

The cient component consists of loggers which generate log messages, appenders which consume them, and a core which bridges messages between loggers and appenders, replicating them as required. The core can also be made responsible for starting/stopping selected managed loggers and appenders. Log messages contain, in addition to the messages, three pieces of metadata: timestamp including timezone; location as given by the best available source, and a UID and version number for the logger. Location logging can be turned on and off.

There are several built-in loggers: cell location, connection state, signal strength, and position; and two built-in appenders, one to a local (on-device) file and the other which will take local log files and HTTP POST them to an external server.

Aether’s Notebook is now available in the Android Marketplace. To download the AGPLv3 licensed source, visit source. For more detailed, live documentation visit the wiki.

Moving Personal Containers to the next stage

2011-08-31T00:00:00-07:00

After some time analysing responses to the first prototypes of the Personal Container, we’re now moving on to the next stage! One of the pieces of feedback we received quite strongly was that it’s not always appropriate to attempt to pull all your personal data into a single centralised location. This seems to be true whether or not you make that location locally hosted, e.g., on your phone or set-top box; or you make that location cloud hosted, e.g., in an Amazon virtual machine or in a specifically designed Personal Container service. A number of people we talked with expressed high levels of concern about the security of such a repository, its vulnerability to attack and the fear of the “all your eggs in one basket” approach.

We had a think about this and, in response, came up with the notion of Dataware. This lets you construct a federated system in which you control access to your personal data, which remains stored where it is most appropriate. For example, your financial data might remain with your bank, and your health data with your GP; but you would have the ability to permit access to these data sources by third parties, for specific, restricted purposes. Equally, where appropriate, you might construct aggregate data sources that live on hosts such as your set-top box or phone.

Some of the technical problems encountered in trying to build this system are described in overview on this website. Over the coming weeks we will be adding a series of posts to this blog describing some of them in detail, along with some of the components we’ve been building, with the hope that our experiences and our code will be of wider interest and use. We look forward to any comments or other inputs!

Project VRM

2011-08-30T00:00:00-07:00

“ProjectVRM seeks to improve markets by equipping customers with tools for both independence from vendors and better engagement with vendors.”

Internet Identity Commons

2011-08-30T00:00:00-07:00

“Identity Commons is a community of groups working on developing the identity and social layer of the web. We are loosely connected sharing a common purpose and principles. Our main community gathering is the Internet Identity Workshop that happens twice a year.”

Personal Data Ecosystem Consortium

2011-08-30T00:00:00-07:00

“The Consortium catalyzes a Personal Data Ecosystem where individuals control their own data by enabling a thriving network of businesses around personal data stores and services. Our three constituency initiatives:

The Startup Circle - for startups committed to putting people in control of their own data, open standards and interoperability
Industry Collaborative - for existing industries seeking to understand opportunities, launch pilot projects and ultimately offer services in the ecosystem.
1 Million People for Personal Data - gathers people enthusiastic about the vision and keen trying out new products and services.”

Dataware Networking

2011-04-13T00:00:00-07:00

Keeping it personal

2011-03-23T00:00:00-07:00

Computing is becoming pervasive. The development of commonly available platforms has opened ubiquitous computing to a massive and creative developer base. We see a common application template of smart phone and cloud computing service, bringing personalized experiences to the user while companies seek (often desperately!) to monetize the information derived from the use of the applications. This sharing of information and co-creation of value is at the heart of the digital economy, but implementation for ethical companies often hits a privacy brick wall, while others are blissfully unaware of the privacy minefield they are walking through. The talk will discuss some of the issues in personal information sharing, the deep social context in which this sharing takes place in the real world, present some challenges for the future in embedding this sharing in technology and some of our work in this field.

Unclouded Vision

2011-01-05T00:00:00-08:00

Current opinion and debate surrounding the capabilities and use of the Cloud is particularly strident. By contrast, the academic community has long pursued completely decentralised approaches to service provision. In this paper we contrast these two extremes, and propose an architecture, Droplets, that enables a controlled trade-off between the costs and benefits of each. We also provide indications of implementation technologies and two simple sample applications that substantially benefit by exploiting these trade-offs.

The Dataware Manifesto

2011-01-04T00:00:00-08:00

In this paper we concern ourselves with Service-Oriented Architectures (SOA) in the “business to consumer” (B2C) arena. In particular we consider the services required to enable consumers to combine data they possess with data held about them by businesses and government. We introduce the concept of Dataware as the logical federation of data sources containing “my data” and discuss an SOA to deliver new and compelling services and applications able to reap the benefits of value-in-use for consumers.

Becoming Dataware--- Enabling third-party computation across persnonal data

2010-12-16T00:00:00-08:00

Modern life involves each of us in the creation and management of data, and specifically digital data. Data about us is either created and managed by us (e.g., our address books, email accounts), or by others (e.g., our health records, bank transactions, loyalty card activity). Personal Containers is a project investigating how to build an ecosystem around my data, supporting provision of novel, desirable applications and services by new and existing businesses. The key technical problem in supporting an ecology around my data is not one of containment (“how can I archive all of my data?”). The matter is complicated by the basic property of digital data, that it can be infinitely copied without loss of fidelity: once my data escapes my immediate purview, I cannot easily exercise further control over it; yet in order to generate significant value from my data, I must allow others access to it. I will describe our initial steps toward a system in which we are trying to enable third parties to compute over personal data while providing individually acceptable privacy guarantees.

Horizon--- Becoming Dataware

2010-11-18T00:00:00-08:00

As we go about our lives, each of us creates and manages personal digital data about our online and real-world activities. Horizon Digital Economy Research is an RCUK research hub investigating the many different challenges surrounding collection and exploitation of these personal contextual footprints. Currently, many companies exploit our contextual footprints for their own gain, often without much explicit understanding or involvement on our part. Building an ecosystem around exploitation of our contextual footprints that maintains acceptable levels of privacy, both when our data is being exploited individually and as part of a group, is key to enabling growth in value of our social and personal data. After introducing Horizon, I will describe our initial steps toward a system in which we are trying to enable third parties to compute over personal data while providing individually acceptable privacy guarantees.

Mirage, A New Multi-Scale Operating System for Clouds and Crowds

2010-10-22T00:00:00-07:00

Applications run on all kinds of environments these days: multicore desktops, virtual cloud infrastructures, smart-phones, and web browsers. These diverse environments make it worth rethinking the long-term future of our software stacks; do we really want to continue bundling gigabytes of general-purpose OS software with every single cloud image? Is there any point holding onto decades-old interfaces such as POSIX any more?

I will introduce Mirage, a new operating system built in the statically type-safe OCaml functional language. Mirage compiles high-level functional source code directly into a variety of targets such as:

small microkernels that run directly on the “bare-metal” Xen hypervisor;
Javascript for web browsers; or
embedded ARM devices; …and of course normal operating systems such as Linux.

Mirage provides a consistent, simple programming API across all of these diverse backends, which makes it a powerful foundation for constructing safe, complex distributed systems across a heterogeneous set of modern compute resources such as mobile devices or cloud computing infrastructure. Also, it’s just plain fun programming in OCaml.

Personal Containers or, Your Life in Bits

2010-10-11T00:00:00-07:00

Unclouded Vision

2010-10-11T00:00:00-07:00

Free the data

2010-10-01T00:00:00-07:00

Yurts for Digital Nomads

2010-04-29T00:00:00-07:00

The App Engine data collector for Personal Containers is coming on nicely, and is on track for an alpha preview release fairly soon. Working with AppEngine has been interesting; it’s got excellent availability and you can’t beat the price (free), but coding robust Python that doesn’t trip over the tight resource limits for individual requests, asynchronous tasks and queries is tricky. While it is good for small records such as my iPhone or Find My iPhone GPS traces traces, it doesn’t work so well with my gigabytes of photographs or decades of e-mail.

This confirmed our earlier intuition that there is no one perfect solution for personal data handling; instead, we need to embrace diversity and construct an infrastructure that can cope with change over the coming decades. Mobile programming has changed beyond recognition in just a few years, and cloud providers are specialising in different ways (e.g. PiCloud for simple compute, or EC2 for fancy services like elastic load balancing).

So to recognise this, we are building components that all interoperate with your personal data, keep it secure, and ensure it persists for more than a few years. Malte Schwarzkopf came up with the term “digital yurts”, and it’s stuck. We’ve written a draft paper about it, and would love to hear your comments and feedback on the approach.

There are some interesting recent trends that make doing this particularly important:

The New York Times wrote about the data-driven life increasingly influencing our decision making. Current sensor data such as GPS traces are just harbringers for the privacy disaster that would be information such as heart rates or your consumption habits getting into the public domain. (link via Derek Murray).
Facebook has announced a brand new API platform to get access to your information. The EFF has a fantastic timeline of Facebook’s Eroding Privacy over the last five years, to demonstrate how unsafe it is to trust your data to any third-party. We’ve started developing an information dump plugin for Facebook, but the API just changed mid-way and so it has to be started again (volunteers welcome!).
In the UK, the Digital Economy Act is an extremely controversial act that makes anonymity and privacy all the more important. We’re assembling an open-source dust cloud that integrates Tor into personal containers to automatically grant you anonymity as you communicate with your friends.

If you’re interested, join our group or contact me directly. At this stage, you need desire and the ability to hack code, but things are settling down over the next few months…

Pulling together a user interface

2010-04-15T00:00:00-07:00

We’ve been hacking away on fleshing out the App Engine node for personal containers. We’re building this node first because, crucially, deploying an App Engine VM is free to anyone with a Google account. The service itself is limited since you can only respond to HTTP or XMPP requests and do HTTP fetches, and so its primary use is as an always-on data collection service with a webmail-style UI written using extjs.

Personal containers gather data from a wide variety of sources, and normalise them into a format which understands people (address book entries, with a set of services such as e-mail, phone, IM and online IDs), places (GPS, WOEID), media (photos, movies) and messages (Tweets, emails, Facebook messages). I’ll post more about the data model behind personal containers in a follow-up as the format settles.

The App Engine node has a number of plugins to gather data and aggregate them into a single view (see screenshot). Plugins include:

iPhoto extracts location (via EXIF), people present (associated via faces), and of course, the actual photograph.
Adium logs all IMs into a threaded chat view.
iPhone uses the backup files on a Mac to extract SMS messages, phone call records (and it could also get photographs and browsing history, although it currently doesn’t). An AppEngine tracker can also use FindMyIPhone to poll your iPhone regularly to keep track of your location without publishing it to Google or Yahoo (and hopefully in iPhone 4.0, we can operate as a background service at last!).
Twitter runs directly on AppEngine (authenticated via OAuth) and synchronizes with a Twitter feed.
SyncServices hooks into the MacOS X sync framework and initially subscribes to Address Book updates. This seems to be the first open-source sync alternative to the expensive Mobile Me, as far as I can tell. I’m planning to expand this to also subscribe to the full set of sync information (e.g. calendars).

I’m switching tacks briefly; we received an Amazon Research Grant recently and I’m building a node that runs as a Linux server to act as a longer-term archival and search server. This is being written in OCaml and uses Tokyo Cabinet (with Jake Donham’s excellent bindings) and so should be speedy and a useful alternative implementation of the HTTP REST interface. The plan is to automatically synchronize meta-data across all the nodes of a personal container, but store large and historical data away from expensive cloud storage such as App Engine.

There are lots more plugins in development, such as Foursquare and Gowalla OAuth collectors, an Android mobile application to upload location and contacts information, and Google GData synchronization. If you’re interested in one of these or something else, please do get in touch or just fork the project and start hacking!

A Personal Containers Marketplace

2010-04-09T00:00:00-07:00

Personal Containers securely hold all your personal data to help maintain your privacy and security, and the current prototype enables that. However, to liberate the value contained within your personal data means allowing third-parties access to it somehow, so that they can provide services, advertising and other value-add. We think this is a pretty interesting problem, so we’ve added an initial design note with some thoughts on how we might solve it. Feel free to pitch in!

Opening a website

2010-03-29T00:00:00-07:00

We’ve been working away at building a new type of database to help individuals keep reigns on their ever-increasing personal digital information. The first prototypes run freely on Google App Engine to gather your data behind-the-scenes, and we are working on more advanced versions that run on embedded devices and the cloud.

If you’re interested in keeping track of your personal data, you can start off with the installation instructions to clone your own version. After that, read up on the design of the system (which is still changing as we research new ideas around it). When you find something you want to fix, or add a new plugin data source, just clone the code and send us back fixes!