Dominik Meißner

Digital interactions via the internet have become the norm rather than the exception in our global society. Concerns have been raised about human-centered privacy and the often unreflected self-disclosure behavior of internet users. This study on human-centered privacy follows two major aims: first, investigate the willingness of university students as digital natives to self-disclose private data and information from psychological domains including their person, social and academic life, their mental health as well as their health behavior habits when taking part as a volunteer in a scientific online survey. Second, examine to what extent the participants’ self-disclosure behavior can be modulated by experimental induction of Privacy Awareness (PA) or Trust in Privacy (TIP) or a combination of both (PA and TIP). In addition, the role of human factors such as personality traits, gender or mental health (e.g., self-reported depressive symptoms) on self-disclosure behavior was explored and the influence of PA and TIP induction were considered. Participants were randomly assigned to four experimental groups. In group A (n = 50, 7 males), privacy awareness (PA) was induced implicitly by the inclusion of privacy concern items. In group B (n = 43, 6 males), trust in privacy (TIP) was experimentally induced by buzzwords and by visual TIP primes promising safe data storage. Group C (n = 79, 12 males) received both, PA and TIP induction, while group D (n = 55, 9 males) served as control group. Participants had the choice to answer the survey items by agreeing to one of a number of possible answers including the options to refrain from self-disclosure by choosing the response options “don’t know” or “no answer”. Self-disclosure among participants was high irrespective of experimental group and irrespective of psychological domains of the information provided. The results of this study suggest that willingness of volunteers to self-disclose private data in a scientific online study cannot simply be overruled or changed by any of the chosen experimental privacy manipulations. The present results extend the previous literature on human-centered privacy and despite limitations can give important insights into self-disclosure behavior of young people and the privacy paradox.

Modern single page web applications require client-side executions of application logic, including critical functionality such as client-side cryptography. Existing mechanisms such as TLS and Subresource Integrity secure the communication and provide external resource integrity. However, the browser is unaware of modifications to the client-side application as provided by the server and the user remains vulnerable against malicious modifications carried out on the server side. Our solution makes such modifications transparent and empowers the browser to validate the integrity of a web application based on a publicly verifiable log. Our Web Application Integrity Transparency (WAIT) approach requires (1) an extension for browsers for local integrity validations, (2) a custom HTTP header for web servers that host the application, and (3) public log servers that serve the verifiable logs. With WAIT, the browser can disallow the execution of undisclosed application changes. Also, web application providers cannot dispute their authorship for published modifications anymore. Although our approach cannot prevent every conceivable attack on client-side web application integrity, it introduces a novel sense of transparency for users and an increased level of accountability for application providers particularly effective against targeted insider attacks.

Empirical sciences and in particular psychology suffer a methodological crisis due to the non-reproducibility of results, and in rare cases, questionable research practices. Pre-registered studies and the publication of raw data sets have emerged as effective countermeasures. However, this approach represents only a conceptual procedure and may in some cases exacerbate privacy issues associated with data publications. We establish a novel, privacy-enhanced workflow for pre-registered studies. We also introduce PeQES, a corresponding platform that technically enforces the appropriate execution while at the same time protecting the participants' data from unauthorized use or data repurposing. Our PeQES prototype proves the overall feasibility of our privacy-enhanced workflow while introducing only a negligible performance overhead for data acquisition and data analysis of an actual study. Using trusted computing mechanisms, PeQES is the first platform to enable privacy-enhanced studies, to ensure the integrity of study protocols, and to safeguard the confidentiality of participants' data at the same time.

Background: Software agents are computer-programs that conduct conversations with a human. The present study evaluates the feasibility of the software agent “SISU” aiming to uplift psychological wellbeing. Methods: Within a one-group pretest-posttest trial, N = 30 German-speaking participants were recruited. Assessments took place before (t1), during (t2) and after (t3) the intervention. The ability of SISU to guide participants through the intervention, acceptability, and negative effects were investigated. Data analyses are based on intention-to-treat principles. Linear mixed models will be used to investigate short-term changes over time in mood, depression, anxiety. Intervention: The intervention consists of two sessions. Each session comprises writing tasks on autobiographical negative life events and an Acceptance- and Commitment Therapy-based exercise respectively. Participants interact with the software agent on two consecutive days for about 30 min each. Results: All participants completed all sessions within two days. User experience was positive, with all subscales of the user experience questionnaire (UEQ) M > 0.8. Participants experienced their writings as highly self-relevant and personal. However, 57% of the participants reported at least one negative effect attributed to the intervention. Results on linear mixed models indicate an increase in anxiety over time (β = 1.33, p = .001). Qualitative User Feedback revealed that the best thing about SISU was its innovativeness (13%) and anonymity (13%). As worst thing about SISU participants indicated that the conversational style of SISU often felt unnatural (73%). Conclusion: SISU successfully guided participants through the two-day intervention. Moreover, SISU has the potential to enter the inner world of participants. However, intervention contents have the potential to evoke negative effects in individuals. Expectable short-term symptom deterioration due to writing about negative autobiographical life events could not be prevented by acceptance and commitment therapy-based exercises. Hence, results suggest a revision of intervention contents as well as of the conversational style of SISU. The good adherence rate indicates the useful and acceptable format of SISU as a mental health chatbot. Overall, little is known about the effectiveness of software agents in the context of psychological wellbeing. Results of the present trial underline that the innovative technology bears the potential of SISU to act as therapeutic agent but should not be used with its current intervention content. Trial-registration: The Trial is registered at the WHO International Clinical Trials Registry Platform via the German Clinical Studies Register (DRKS): DRKS00014933 (date of registration: 20.06.2018). Link: https://www.drks.de/drks_web/navigate.do?navigationId=trial.HTML&TRIAL_ID=DRKS00014933.

Stateful applications are based on the state they hold and how it changes over time. This history of state changes is usually discarded as the application progresses. By building on concepts from event processing and storing the application history we envision a novel programming paradigm that supports retroaction. Retroactive computing introduces new opportunities for a developer to access and even modify an application timeline. By enabling the exploration of alternative scenarios, retroactive computing establishes powerful new ways to debug systems and introduces new approaches to solve problems. Initial work has shown the practicality and possibilities of this new programming paradigm and introduces further research questions and challenges.

State changes over time are inherent characteristics of stateful applications. So far, there are almost no attempts to make the past application history programmatically accessible or even modifiable. This is primarily due to the complexity of temporal changes and a difficult alignment with prevalent programming primitives and persistence strategies. Retroactive computing enables powerful capabilities though, including computations and predictions of alternate application timelines, post-hoc bug fixes, or retroactive state explorations. We propose an event-driven programming model that is oriented towards serverless computing and applies retroaction to the event sourcing paradigm. Our model is deliberately restrictive, but therefore keeps the complexity of retroactive operations in check. We introduce retro-λ, a runtime platform that implements the model and provides retroactive capabilites to its applications. While retro-λ only shows negligible performance overheads compared to similar solutions for running regular applications, it enables its users to execute retroactive computations on the application histories as part of its programming model.

Distributed event-sourced systems adopt a fairly new architectural style for data-intensive applications that maintains the full history of the application state. However, the performance implications of such systems are not yet well explored, let alone how the performance of these systems can be improved. A central issue is the lack of systematic performance engineering approaches that take into account the specific characteristics of these systems. To address this problem, we suggest a methodology for performance engineering and performance analysis of distributed event-sourced systems based on specific measurements and subsequent, targeted optimizations. The methodology blends in well into existing software engineering processes and helps developers to identify bottlenecks and to resolve performance issues. Using our structured approach, we improved an existing event-sourced system prototype and increased its performance considerably.

Event sourcing is increasingly used and implemented in event-based systems for maintaining the evolution of application state. However, unbounded event logs are impracticable for many systems, as it is difficult to align scalability requirements and long-term runtime behavior with the corresponding storage requirements. To this end, we explore the design space of log pruning approaches suitable for event-sourced systems. Furthermore, we survey specific log pruning mechanisms for event-sourced logs. In a brief evaluation, we point out the trade-offs when applying pruning to event logs and highlight the applicability of log pruning to event-sourced systems.

Stream-based graph systems continuously ingest graph-changing events via an established input stream, performing the required computation on the corresponding graph. While there are various benchmarking and evaluation approaches for traditional, batch-oriented graph processing systems, there are no common procedures for evaluating stream-based graph systems. We, therefore, present GraphTides, a generic framework which includes the definition of an appropriate system model, an exploration of the parameter space, suitable workloads, and computations required for evaluating such systems. Furthermore, we propose a methodology and provide an architecture for running experimental evaluations. With our framework, we hope to systematically support system development, performance measurements, engineering, and comparisons of stream-based graph systems.

An increasing number of distributed, event-based systems adopt an architectural style called event sourcing, in which entities keep their entire history in an event log. Event sourcing enables data lineage and allows entities to rebuild any previous state. Restoring previous application states is a straight-forward task in event-sourced systems with a global and totally ordered event log. However, the extraction of causally consistent snapshots from distributed, individual event logs is rendered non-trivial due to causal relationships between communicating entities. High dynamicity of entities increases the complexity of such reconstructions even more. We present approaches for retrospective and global state extraction of event-sourced applications based on distributed event logs. We provide an overview on historical approaches towards distributed debugging and breakpointing, which are closely related to event log-based state reconstruction. We then introduce and evaluate our approach for non-local state extraction from distributed event logs, which is specifically adapted for dynamic and asynchronous event-sourced systems.

Several data-intensive applications take streams of events as a continuous input and internally map events onto a dynamic, graph-based data model which is then used for processing. The differences between event processing, graph computing, as well as batch processing and near-realtime processing yield a number of specific requirements for computing platforms that try to unify theses approaches. By combining an altered actor model, an event-sourced persistence layer, and a vertex-based, asynchronous programming model, we propose a distributed computing platform that supports event-driven, graph-based applications in a single platform. Our Chronograph platform concept enables online and offline computations on event-driven, history-aware graphs and supports different processing models on the evolving graph.

In large-scale disaster scenarios, efficient triage management is a major challenge for emergency services. Rescue forces traditionally respond to such incidents with a paper-based triage system, but technical solutions can potentially achieve improved usability and data availability. We develop a triage management system based on commodity hardware and software components to verify this claim. We use a single-hop, ad-hoc network architecture with multi-master replication, a tablet-based device setup, and a mobile application for emergency services. We study our system in cooperation with regional emergency services and report on experiences from a field exercise. We show that state-of-the-art commodity technology provides the means necessary to implement a triage management system compatible with existing emergency service procedures, while introducing additional benefits. This work highlights that powerful real-world ad-hoc networking applications do not require unreasonable development effort, as existing tools from distributed systems, such as replicating NoSQL databases, can be used successfully.