Almond is our flagship project: a virtual assistant that preserves the user's privacy without sacrificing the ability to share data.
In this page, we introduce the design and architecture that it makes it possible to preserve privacy in Almond.
Sharing is broken today; this is why the convenience of sharing via Facebook has driven billions to give up ownership to their data. Virtual assistants can transform how we share everything digital. In our design, the virtual assistant handles all the sharing: it accepts requests, gets approval from the owner, executes the requests, and returns only the requested results. For generality and fine granularity, the request can be any ThingTalk program. For privacy, the owner can specify what ThingTalk programs each person can execute, in natural language. For example, a dad can tell his voice-activated virtual assistant that "Bobby can buy household goods that are under $20". The assistant, upon recognizing Bobby’s voice, can enforce the constraint. We extended ThingTalk to include specification of access control.
With this design, the owner is not constrained by the sharing options offered by the original service providers; in fact, the requesters do not even need to join the same services. With GDPR, individuals can get access to all their personal information in the cloud and share them at will.
Today, the email SMTP protocol, despite its insecurity, is good at letting users share data stored in different servers including their own. We see adding secure communication to open virtual assistants as a great opportunity to create a higher-level, more secure, privacy-honoring sharing capability. Thus, we propose DTP, Distributed ThingTalk Protocol, to let assistants securely distribute ThingTalk programs and return results. Using DTP, virtual assistants let users access each others’ data and resources easily in a similar fashion as their own. For example, instead of saying "Show me my security camera", Ann’s father can simply say "Show me Ann's security camera", his virtual assistant can automatically execute the command on Ann’s virtual assistant using DTP, provided Ann has given permission.