Personal data control

Mobile apps and web services that store user data on servers in data centers often make use of it themselves. They might aggregate the data to gain insights into consumer shopping patterns; sometimes they share it with advertisers. Traditionally, however, users haven’t had much control over how their personal data is used.

Riverbed, a new platform developed by MIT and Harvard University researchers, ensures that web services honor users’ preferences on how their data is stored and shared in the cloud. It works by having a proxy run on a user’s device to mediate communication with the cloud services. When a service uploads user data, the proxy tags it with a set of permissible data “policies”—such as “Do not store my data in persistent storage” or “My data may only be shared with the external service x.com.”

In the data center, Riverbed assigns the uploaded data to an isolated cluster of software components, called “universes,” which each process only data tagged with the same policies. Riverbed monitors the server-side code to ensure it adheres to a user’s policies and, if it doesn’t, terminates the service.

“Users give a lot of data to web apps for services,” says Frank Wang, SM ’16, PhD ’18, who invented Riverbed with Harvard PhD student Ronny Ko and associate professor of computer science James Mickens. “We give users control to tell web apps, ‘This is exactly how you can use my data.’”