I’m an Assistant Research Professor at IMDEA Networks in Madrid and a research scientist at the Networking and Security team at the International Computer Science Institute (ICSI) in Berkeley. I have a degree in Telecommunications Engineering from the University of Oviedo and I also have a PhD un in Computer Science from Cambridge University.
¿When did you start having interest in data and privacy?
It all began in my internship at Telefónica Research in Barcelona. We started to analyse the volume of traffic associated to mobile advertising. From then on, I started to investigate and had interest in some privacy aspects and the organizations behind tracking services and mobile advertising.
¿How did you know about DTL and its initiative?
I knew about DTL through its spreading in the research community and practically from the first edition I was aware of this opportunity and initiative to provide transparency and awareness to users about the consequences that their online activities may have in their privacy.
What is the app Lumen about?
Each time we install an Android App, the OS request us to give some permissions to the app, and specifically to get certain personal data from us. The problem is that Android doesn’t explain which is the destination of these data. Thanks to Lumen we want to develop an app that allows the user to get transparency regarding the destination of such data and the organizations which are collecting these personal and valuable data. Moreover, Lumen also identifies privacy violations, even with encrypted traffic. We use the man in the middle attack which allows us to break the encrypted flow of information from a device. All the analysis happens in the mobile device without the need to export any data to servers for a later analysis.
¿Who can benefit from Lumen?
When we developed Lumen our main aim was to create a tool which could be useful for any user, regardless of the technical skills and the interest on mobile privacy. We want to make an educational app to bring awareness on how tools behave in our devices. We’ve noticed that only users with a high level of technical and privacy skills are the ones using the app nowadays. So, we need to make a great effort to try to make the app more accessible to any user.
We want standard users to use the app but also, we want to make Lumen accessible to researchers as it allows to create detailed reports about how apps behave in terms of traffic level
We want standard users to use the app but also, we want to make Lumen accessible to researchers as it allows to create detailed reports about how apps behave in terms of traffic level. Lumen can be useful to audit, analyse apps in labs and therefore advance the awareness and transparency of apps through the research community.
¿Is it easy to develop this kind of tools?
An app such as Lumen, or any other app regarding transparency, is pretty hard to develop because regardless of the technical aspects you also need to create an interface which can be useful and intuitive for any user regardless of the technical skills.
¿Which are the main challenges and developments in the field of data transparency online?
I think that there are two main challenges: The first one is trying to identify privacy violation in apps using obfuscation. This allows, for instance, to transform data in a chain of characters that may seem random but are in fact leaking personal information from the user.
The second one is related to IoT development. We are going to be tracked by many
devices and at present we can have smart TVs in our homes or even toasters connected to internet. All these devices may be using tracking services and therefore can get a most detailed profile from us than they could get only through web or certain apps. The development of tools and the characterizing of this cross-device tracking ecosystem is going to be one of the main challenges that we are going to face next year.
¿Do you have upcoming tools in mind?
We are working to adapt Lumen to a home networking environment. We have many devices in our homes but we don’t know how they behave. So, we want to launch tools that allow users to get certain control over the flow of information that these devices generate and understand the type of privacy violations that may cause.