About ShareAR

Overview

How does ShareAR work?

ShareAR is an app-level developer toolkit; as an AR application developer, you can simply include the ShareAR toolkit with your application code and call on it whenever you want to share some virtual content. ShareAR keeps track of information like which objects are shared with which users, and it provides functions for achieving higher-level sharing objectives like creating an object that’s shared with a set of users. You can think of ShareAR like a dashboard with a set of knobs and switches: you can choose which high-level ShareAR controls are relevant for your application and you can turn the knobs and flip the switches accordingly. We designed this set of knobs and switches to enable easy construction of security- and privacy-conscious AR content sharing across a range of different types of applications.

Can I use ShareAR for my multi-user AR application?

Yes! Please try out ShareAR, and share your feedback with us. However, use only at your own risk. This is a beta version of ShareAR, which we have released for community evaluation and feedback. While we have designed ShareAR to provide the security properties described in this FAQ, please be aware that ShareAR has not received a formal security audit.

Using ShareAR

How do I get started?

To use ShareAR, you need to include the Microsoft HoloToolkit and the ShareAR core into your application code.

Can ShareAR only work with HoloLens?

In theory, ShareAR can work with any AR device with a Unity development workflow. In practice, this beta version of ShareAR was only built and tested for use with HoloLens.

Can I use ShareAR for only some of my cross-device communication?

ShareAR does not prevent cross-device communication through other channels. However, be aware that out-of-band communication is not within the scope of ShareAR's automatically enforced controls.

Where do I go to learn more?

The ShareAR documentation can be found here.

Security and Threat Model

What security properties does ShareAR provide?

At a high level, ShareAR contains protections against two classes of user-to-user threats:

• Access control for virtual content: ShareAR enforces permissions on virtual content as set by API calls in the application. This prevents one user in the app from seeing or modifying content that is intended to be access-restricted.
• Control over incoming virtual content: ShareAR provides a mechanism for users to control how their reality is augmented by other users. This prevents one user in the app from spamming another user with harmful or distracting virtual content.

What does ShareAR NOT protect against?

• ShareAR does not protect against malicious or compromised applications. An application that does not behave in the user's best interest can cause security and privacy violations irrespective of ShareAR.
• ShareAR does not protect against network attackers. Developers must protect against eavesdropping and content modification attacks by other means (e.g., end-to-end encryption).
• ShareAR does not protect against spoofed location data for users or AR content. It expects that location information communicated between devices is accurate within a reasonably small margin of error.

Learn More

I want to learn more about ShareAR's design and security properties.

Please check out our research paper, which appears at USENIX Security Symposium in August 2019.

I want to provide feedback to the ShareAR team.

We’d love to hear your feedback! Please contact us at ShareAR@cs.washington.edu.

I want to look at or use the ShareAR source code.

Great! You can license the code here.