Fixing Privacy for the Internet of Things – User Experience matters

Grokya: A Privacy-Friendly Framework for Ubiquitous Computing

The Grokya project, currently developed in Macau by Filipe Farinha, aims to address the privacy issues resulting from the combination of two fast rising technology trends: the Internet-of-Things (IoT) and Big Data analytics. Filipe believes that consumer data protection and privacy regulations are well intended but ultimately fail to address the needs of corporations, which will typically find ways of working around them.

Grokya attempts to offer a technological solution that satisfies both the needs of corporations and the privacy of consumers, and it aims to achieve this by decentralising Big Data. The plan is to provide each consumer with a personal system that allows for the collection, control and data mining of personal data, and at the same time offering a set of privacy protecting APIs that permits corporations to engage with the resulting distributed network of consumer-owned systems.

The Grokya project consists of the following components:

  • LifeServer (LS): a consumer personal server with data storage and data mining capabilities.
  • Sense API: a protocol that allows external sensors and apps to contribute personal data to the user’s LS;
  • Act API: a protocol that allows the LS to control and customise external apps and devices, enabling the personalisation of user experience and digital content presented to the user;
  • Mind API: a protocol and query language that allows third parties to communicate with the LS without granting them direct access to its internal data. Here the user is in control of who can access what. Targeted advertising will normally be a push-only operation, with the LS selecting any ads that are of relevance and interest to the user. The Mind Query Language (MQL) allows for anonymised queries run over a large number of LS nodes, effectively providing statistical data from the network without identifying individuals.
  • Value Distribution Protocol (VDP): a protocol that allows for the distribution of value across multiple related stakeholders. When personal data is monetized, such as an advertiser paying for a targeted ad that gets served to a user based on his LS data, this protocol allows for a fair distribution of that value across the range of stakeholders who participated in that process through the 3 related APIs (Sense, Act, and Mind). VDP uses blockchain technology to achieve transparent and peer-to-peer distribution of value across a wide range of entities, without relying on any centralised brokers.



At the end of the master project Filipe hopes to have a proof-of-concept that can demonstrate how corporations can still achieve some of their high-level business intelligence and marketing goals, including the monetization of personal consumer data, without directly accessing that data. At the same time, by providing individuals with total privacy, he hopes to remove any obstacles to self-monitoring and allow the LifeServer to develop to its full potential as the consumer-owned “digital self” data vault, which will also maximise its utility to individuals in their every day usage of context-aware technology.

More information about this project can be found at