📊 Diagram: MiniTwit Case-Study
🔗 Link to Original Paper/Article
📝 Short Description
This diagram illustrates the data flow between the components/functionalities of the MiniTwit application from the study. The diagram is based on the code from the study, in which the nodes show different functionalities and labels show decorators that the functions had. This application behaves like a much simpler version of Twitter with the diagram showing the main functionalities, such as un/following users, diplaying the public/private timeline or adding a message. The diagram also shows the added components for privacy policies and consents implemented in the app, which was one of the main focus of the paper.
🔤 Abbreviations
- Ad/s: Advertisement
📖 Extensive Description (if possible)
The left side of the diagram shows the user entering its credentials (email, username, and password) into the Flask App. From here on there are 2 possible flows of data, which depend on the user being already registered or not. In both flows the credentials flow to the Login Flask or Register Flask nodes. Afterwards in the login case the credentials flow to the Check Credentials node where they are checked and consequentially to the SQLite DB node. In the case of the registration flow the credentials flow to the After Register Hook and finally to the SQLite DB. From the SQLite DB lots of different data flow to the Current User node which then distributes the data to the nodes which contain the individual functionalities of the application. Starting from the top there is a flow of the feed_messages data to the Display Public Timeline node, which in turn generated the ads data flow to the Generate Ad General node. Directy beneath there are the Unfollow User and Follow User nodes which send the respective un/follow_data to the Save To DB node so that this new information is saved. Another flow of data from the Current User node is with the purpose, user_data and user_consents data flows which serve as input for the Add Consent node and after the new consents have being added they flow to the Save To DB node again to be stored. In a similar manner there is a flow of data of user_consents from the Current User to the Remove Consents node which then outputs the actualized_consents and flows again into the Save To DB function. Right beneath that there is the Add Message node which send the message data to the Save To DB node. Furthermore there is the flow of the user_consents data again to the Policy node, in which a user can view its consent policies, which then redirects this data to the Privacy Template node where the consents are shown. Lastly there is the information flow from Current User with the follow_data, user_profile data (from another user) and users_messages to the Display Single User Timeline node, which redirects the information to the node User Timeline Template.
🏷️ Label description
🗂️ Data Labels:
UserData:
- FeedMessages: Messages that appear in the feed of a user
- FollowData: Data of followed users
- UserMessages: Messages of the given user
- UnfollowData: Data containing the user that has been unfollowed
- UserProfile: Another users profile data
- Message: Messages data of a given user
- UserData: Data of the user
- Purpose: Action that the user wants to perform (and needs consent for)
- UserConsents: List of consented actions/purposes of the user
- NewConsents: List of updated actions/purposes of the user after adding a new consent
- Ads: Advertisements of the application for a user
Credentials:
- Email: Email of the user
- Password: Password of the user
- Username: User name of the user
🏷️ Node Labels:
Decorator:
- Secure: Decorator that defines that given node (or function in the code) as secure
- UserRegistered: Decorator that defines that for the given node (or function in the code) the user has to be registered
- LoginRequired: Decorator that defines that for the given node (or function in the code) the user has to be logged in
ConsentedPurposes
- DisplayPublicTimeline: The purpose of displaying the public timeline (feed) to the user is consented
- GenerateRelevantMarketingEntities: The purpose of generating individual advertisements to the user is consented
- DisplayRelevantPosts: The purpose of displaying the content from the followed user is consented
⚠️ Constraints
Sensitive data from the user such as UnfollowData, FollowData, Message and NewConsents can not flow to an insecure node:
- secure:
data UserData.UnfollowData,UserData.FollowData,UserData.Message,UserData.NewConsents neverFlows vertex !Decorator.Secure
- secure:
User messages data neverflows to a node which does not have the purpose/settings of DisplayRelevantPosts allowed:
- purpose_display_sing_timeline:
data UserData.UserMessages neverFlows vertex !ConsentedPurposes.DisplayRelevantPosts
- purpose_display_sing_timeline:
Advertisements data neverflows to a node which does not have the purpose/setting of GenerateRelevantMaketingEntities allowed:
- purpose_display_sing_timeline:
data UserData.Ads neverFlows vertex !ConsentedPurposes.GenerateRelevantMarketingEntities
- purpose_display_sing_timeline:
Feed Messages data from the user neverflow to a node which does not have the purpose/action of DisplayPublicTimeline allowed:
- purpose_display_sing_timeline:
data UserData.FeedMessages neverFlows vertex !ConsentedPurposes.DisplayPublicTimeline
- purpose_display_sing_timeline:
🚨 Violations
- None