Expose - Masterthesis - Carsten Porth.tex 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145
  1. \documentclass[10pt,
  2. article,
  3. type=msc,
  4. colorbacktitle,
  5. instlogo,
  6. accentcolor=tud1c,
  7. %twoside
  8. ]{tudreport}
  9. \usepackage[ngerman]{babel}
  10. \usepackage[utf8]{inputenc}
  11. \usepackage{subfig}
  12. \usepackage{hyperref}
  13. \usepackage{url}
  14. \usepackage[section]{placeins}
  15. \usepackage{booktabs}
  16. \usepackage{listings}
  17. \usepackage[normalem]{ulem}
  18. \useunder{\uline}{\ul}{}
  19. \begin{document}
  20. \title{HybridOSN}
  21. \subtitle{Carsten Porth, carsten.porth@stud.tu-darmstadt.de, 1804629}
  22. \maketitle
  23. \section*{Meta data}
  24. \begin{tabular}{l l}
  25. \textbf{Name:} & Carsten Porth \\
  26. \textbf{Student number:} & 1804629 \\
  27. \textbf{Department:} & Computer Science - Prüfungsordnung 2015 \\
  28. \textbf{Allocation Date:} & xx.xx.2018 \\
  29. \textbf{Supervisor:} & Jörg Daubert \\
  30. \textbf{Second Supervisor:} & Aidmar Wainakh \\
  31. \textbf{Category for Digilib:} & S \\
  32. \end{tabular}
  33. \section{Motivation}
  34. The work will be done as part of the project "Privacy and Trust for Mobile Users". The ongoing penetration of computers in everyday life is used by a large part of the population for their own benefit. Emerging disadvantages, such as the increasing transparency and monitorability of a user with simultaneous lack of transparency of the entire network, are accepted. The aim of this interdisciplinary project is to reverse these trends and adapt privacy to personal interests. Economic interests on the one hand and social interests on the other should be reconciled.
  35. With Web 2.0, the use and perception of the Internet changed. Instead of just consuming content as before, web applications were created that allowed users to place content on the Internet themselves. The big social media networks such as Facebook (2 billion monthly active users\footnote{\url{https://www.heise.de/newsticker/meldung/Facebook-meldet-2-Milliarden-aktive-User-3757367.html}}) or Twitter (330 million monthly active users\footnote{\url{https://www.heise.de/newsticker/meldung/Twitter-schafft-ersten-Gewinn-Nutzerzahl-stagniert-3963390.html}}) have become particularly popular.
  36. With the evolution of the mobile phone to the smartphone, a range of functions preciously known only by computers has been made accessible mobile. The ability to install any application and to use the device for a variety of purposes opened up new possibilities. The development of the hardware and new sensors make it possible to comprehensively capture the environment. This technology is not only used in smartphones, more and more tracking devices and smart watches are conquering the market. For the user, these changes initially bring advantages. What happens to the collected data and what may be unconsciously shared with servers all over the world and possibly further processed there is in most cases opaque.
  37. Especially in social networks, a lot of data is collected by the respective app. If the user wants to use a certain network, he usually has no choice but to divulge the data. However, recent and older data scandals have shown that the users should be careful about what data they reveal. Often there are no opportunities to determine this yourself.
  38. % related work (Twitterize, Diaspora, Man.., Akas...)
  39. % There have been aproaches in the past to tackle these issues. Several social networks have been developed and most of them have already failed or ...
  40. %In this thesis, the goal is to develop a client app for an online social network which runs on Android. Using this client app, the user should be able to use the social network with it's whole functionality commonly but additional has the possibility to exchange data with other users using the same app via a P2P network closed for the provider. Regarding the P2P network, nothing new should be created, an existing P2P network should be used for storing the private user data. Main requirement for the online social network is the offering of an API for almost all functionalities to make development easy. For this reason, Twitter is perfectly qualified to be used in the thesis.
  41. This raises the question of how the user's data can be better protected and at the same time the network with its full functionality can be used, so the user does not have to make any compromises. Data exchange between users would have to take place via another channel. In such a hybrid solution, another network would be set up between the users and the data stored decentrally.
  42. This work will examine what such a solution might look like and what difficulties need to be overcome. Which requirements apply to the social network, which to the network between users and which to the client application? How can authenticity be guaranteed in the private network? The results of the research are to be implemented in a prototype and thus the quality of the solutions are validated.
  43. \section{Related Work/Background}
  44. The criticism on how personal data is handled by the large online social networks like Twitter and Facebook is not new. Therefore, there have been some attempts to build networks that focus on privacy. Unfortunately, these attempts were unsuccessful and did not reach critical mass to exist permanently. And although criticism continues and scandals have become public again and again, the majority of users remained loyal to large networks. As a consequence of this circumstance, the protection of personal data with further use of the corresponding networks with all their functions is an interesting topic. One way to better protect privacy is to use a hybrid client app. This hybrid app allows the user to use the network with all its features in a conventional way. But beyond that, it allows the user to share data with other users who are not saved on the servers of the network operator. For this a peer 2 peer network is used and the data is stored decentrally.
  45. \subsection{Hybrid Online Social Network App}
  46. The idea behind a hybrid online social network app is that the user can continue to use the network without compromise, with all his contacts and full functionality. Furthermore, it is still possible for other users to communicate in a conventional manner with the users of the app. However, in addition to the data exchange via the server of the provider, there is also the possibility of exchanging data via a peer 2 peer network. The data exchange in this way should be displayed in the app automatically in the right places. In this case users must use the app.
  47. To implement such an app, some requirements must be met. First, the social network used must provide interfaces that allow it to legally retrieve data. It is common that such APIs can be used via REST interfaces. Furthermore, a way has to be found how data can be exchanged over a peer 2 peer network. In general, the installation and operation of a separate client is necessary to use the network. Since this is data worthy of protection, it is also important to deal with the issue of encryption.
  48. \subsection{Facebook}
  49. In March 2018, it was revealed that the data of 87 million Facebook users was harvested by another company running an app on Facebook. The British company Cambridge Analytica had collected data via an app on Facebook and processed it for their own use. Both companies suffered immense damage after it became known. Facebook suffered a major damage to its image, Cambridge Analytica had to file for bankruptcy and ceased operations.
  50. Improving privacy and protecting the personal data of Facebook users would be of particular interest against this background. However, the strong limitations of the Facebook API (Graph API) do not allow it to develop your own Facebook client. For example, it is not possible to query a user’s news stream or to like a post.
  51. With apps like \textit{Friendly for Facebook} or \textit{Metal} there are alternative Facebook clients in the Google Play Store. Since the official Facebook API may not have been used due to the restrictions, two approaches are conceivable:
  52. \begin{enumerate}
  53. \item A WebView is used to display the website offered for mobile devices (\url{https://m.facebook.com/}). Thus, the app only serves as a wrapper around the mobile website. However, the different design indicates that the pages are modified by the Android app. This is technically possible by injecting JavaScript code into the page. Disadvantage is that changes on the mobile website lead to the injected JavaScript code suddenly no longer having the desired effect.
  54. \item The apps crawl the Facebook website and extract the content. The display of the data can therefore be freely designed. The disadvantage of this method is its dependence on the HTML structure of the Facebook web pages. Even small changes to the website could prevent the content from being extracted. Furthermore, requests to the Facebook servers would have to pass through the security precautions on Facebook, for example the presence of any tokens.
  55. \end{enumerate}
  56. Due to the limitations of the Facebook Graph API and the unstable and inconsistent workarounds, the idea of using Facebook as social network for a hybrid app was neglected for this project.
  57. \subsection{Twitter}
  58. Besides Facebook, also Twitter was in press in April 2018 because of selling user data to Cambridge Analytica. Indeed, it was only containing data which was publicly posted on Twitter, but nevertheless the data left the social network on way which was not intended by the user.
  59. In difference to Facebook, Twitter offers an API for developers covering nearly the whole functionality of Twitter. Therefore, it is easily possible to develop own Twitter clients. Unfortunately, over the years Twitter also made restrictions to the API and it is likely that this process will continue. But right now, these restrictions are not affecting the goals of the thesis. So all in all, Twitter is a good candidate to develop a hybrid client for.
  60. \section{Approach/Goal}
  61. The goal of the thesis is the development of a Twitter client app for Android. In this app it should be possible to use the traditional functions of Twitter as usual, so that communication with any other Twitter user is possible without problems. In addition, the user should also be possible to decide whether a tweet or like is shared with the followers via a peer-2-peer network and is therefore not stored on a Twitter server.
  62. Due to the limited time the app should have the following functionalities:
  63. \begin{itemize}
  64. \item Fetch the users home feed containing tweets from the Twitter server and related tweets from the P2P network.
  65. \item Display user profiles and user feeds again containing both types of tweets.
  66. \item Write tweets in text form and decide on which network they are stored. Same for liking and retweeting.
  67. \item Search public Twitter for users and tweets for a given keyword.
  68. \item Configuration of the key pair for encryption and decryption.
  69. \end{itemize}
  70. As a result, the following Twitter functionalities are not implemented in the context of this thesis:
  71. \begin{itemize}
  72. \item The notification system
  73. \item The direct message system
  74. \item Changing settings
  75. \item Update the user's profile
  76. \item Writing tweets containing any multimedia attachment like videos and pictures
  77. \end{itemize}
  78. The tweets exchanged via the peer 2 peer network are serialized into a JSON or XML format and then exchanged among the clients via the P2P network.
  79. \section{Schedule}
  80. The following schedule should only give a rough outline. Where appropriate, individual phases may also overlap and change slightly over time. In addition, regular meetings are scheduled with the supervisors to discuss progress and possible problems.
  81. %\begin{tabular}{|l|l|p{9cm}|}
  82. % Please add the following required packages to your document preamble:
  83. % \usepackage[normalem]{ulem}
  84. % \useunder{\uline}{\ul}{}
  85. \begin{table}[]
  86. \begin{tabular}{|l|l|p{11cm}|}
  87. \hline
  88. \textbf{Week} & \textbf{Task} & \textbf{Description} \\ \hline
  89. 1 & Start & Get familiar with the task and the goals. Check related projects and get a feeling for what was tried before and where are possible problems. \\ \hline
  90. 2 & OSN analysis & Analysis of several OSN for their suitability for this thesis. Check their public APIs for the usage in this project. Focus on Facebook and Twitter. \\ \hline
  91. 3 & P2P network analysis & Get familiar with peer 2 peer networks and how they are used nowadays. Understand the theory and check how they can be used to build a hybrid OSN. \\ \hline
  92. 4 & P2P network setup test & Test how to build up a own P2P network, identifiy obstacles and find helpful libraries/services. \\ \hline
  93. 5 & Existing P2P networks & Check if existing P2P networks can be used to realize the goals. Compare these networks and identify their strengths and weaknesses. Again, check for useful libraries. \\ \hline
  94. 6 & Check out Dapps & Decentralized application (Dapp) using Ethereum blockchain and IPFS to store data should be investigated for the suitability for this project. \\ \hline
  95. 7 & Android Apps & Compare different possibilities on how to build an Android app. Taking the prior research results on P2P networks and OSN into account and find the best way to easily build an app. Possible candidates are classic Android app development using Java and usage of web technologies (HTML, CSS, JavaScrip) with Ionic framework. \\ \hline
  96. 8 & Start development & Start with the development of the HybridOSN app. First step: Login with Twitter account \\ \hline
  97. 9 & Connect to the Twitter API & Send requests to the Twitter API containing the auth tokens and display the results (home feed, user profile) \\ \hline
  98. 10 & Implement basic actions & Implement the actions a user can perform (tweeting; liking; follow, block and mute users) \\ \hline
  99. 11 & Research security & Research how the user's data can be exchanged via the P2P network and stays private. \\ \hline
  100. 12 & Connect to P2P network & Establish connection to the P2P network and store data there. \\ \hline
  101. 13 & Interact with P2P network & Read and write data to the P2P network. Establish a format to store information which is easy to extend. \\ \hline
  102. 14 & Implement security & Implement mechanisms to ensure that data is only readable by authorized users. \\ \hline
  103. 15 & Testing & Write tests to validate the correct and error-free functionality of the app. \\ \hline
  104. 16 & Release prototype & A fully functional prototype should be finished. In a two week test phase, bugs and problems should be identified. Furthermore, the usability of the app should me monitored in an everyday life context. \\ \hline
  105. 18 & End of testing phase & Collect feedback concerning the testing phase of the app from the users. Use the feedback to improve the app. \\ \hline
  106. 19 & Writing & Writing of the thesis.
  107. \\ \hline
  108. 24 & Final presentation & Finale presentation of the results and the HybridOSN app. \\ \hline
  109. \end{tabular}
  110. \end{table}
  111. \end{document}