Do You Want To Hug Me?


Do You Want To Hug Me (or DYWTHM, an acronym that rolls straight off the tongue) is a combination of a stress ball, desktop pal, and mental health counter. Simply "hug" our Android friend, and he'll record your squeeze and put it into our database. From our mobile/desktop apps, you'll be able to look at your hug trends as well as other hug data. While it's innately simple, Do You Want To Hug Me is extremely flexible. Individuals can choose what hugging the plush means (e.g. hug each time I'm stressed, hug each time I'm very happy), and then look at a visual representation of their day in forms of hugs. Users can then figure out, for example, what times they're the most stressed, or when they're the most happy, or every time they see a Donald Trump post on Facebook. The world is their oyster!


Well, that Android plush from Google was pretty cute looking, so much in fact that we decided to hug it repeatedly (it's very, very soft). Hugging makes you feel naturally better, but we started wondering what we could do with our hugs. A simple action like squeezing a toy can give a lot of information about a person: how hard they squeeze, how long they squeeze, and how frequently they squeeze. Unfortunately, due to time and resource constraints, we focused on only one: hug frequency. While the hug can mean something different for each person, it's still a pretty cool insight into your life. You can see when you're hugging more, and also have a lot of fun squeezing a little plush. It's a win win!


We failed a lot, but during that process we learned even more, so it was generally alright! Originally, we planned to measure pressure, frequency, and time, but we quickly realized that we had to focus our resources on a more narrow goal. Throughout our development cycle, we encountered numerous problems: whether it was with Bluetooth interfacing between the Arduino 101 and our Computers/Phones, to huge backend server mishaps, and a complete shift from a mobile-oriented product to a desktop-focused product (after a colossal mobile failure), it was a very rocky road. Ultimately, our final product wasn't close to what we imagined at the start, but that was fine! We're still super happy that we were able to make something so cool, and plus we know what kinds of mistakes that we probably shouldn't make again in the future. Probably.


One of Hack Western's themes this year was learning, and we tried our best to use this hackathon as an opportunity to do just that. Each of our team members took to learning a new topic area that they hadn't practiced before. Here are a few quotes from our team members:

"I worked mostly on the backend. I've used node before, but this was my first time actually peaking into the HTTP(S) protocol, which was awesome. It was also my first time taking security seriously, so I also learned a ton about encryption techniques. Next time I'm at a hackathon, I think I'd like to write my own SSL client to take a deeper poke at the world of web security" - Jack Sarick

"I worked mostly on the front-end of DYWTHM, but also did a few backend tasks when I could. While I'm not a complete stranger to front-end frameworks, this was my first time dealing with asynchronous development: our mobile (and desktop) applications needed to sync their data with our webserver, updating each other every time new data was made. I learned a lot about the do's (and many, many dont's) of async development, and I'm super excited to take this new knowledge into the future! I promise to try more back-end things at my next hackathon: full-stack development looks super cool, and I'm hungry for more!" - Matthew Wang

"I worked mostly on the hardware testing, connection and bluetooth communications. I test individual sensors and algorithms on bluetooth communications with smartphones. Finally, I make sure all components are working together." - Simon Guo

All of us learned a lot at Hack Western, especially from our fellow hackers and mentors.


Our team absolutely loved Hack Western: we got to meet tons of new, super smart and cool people; we got to demo awesome new tech; and we got to learn from industry pros. We're also super proud that we were able to complete Do You Want To Hug Me: it's a project that we put a lot of time, effort, and love into, and we're excited to see what'll come next. And, we got to hug a lot of people. That's always nice.

Share this project:


posted an update


There were a lot of security headaches with DYWTHM. Here is the basic interaction model:

When I started, we weren't using HTTPS and Bluetooth settings were horrible, and there were generally a ton of holes. These problems had to be handled in sections.

TL;DR I use HTTPS, Blowfish encryption, and best bluetooth practice. Pictures here


First problem was HTTP. I couldn't leave the connection insecure because we were transferring passwords. Step one was to re-write that part of the server. I wrote the server myself in node.js, using the default library. Luckily, node includes libraries for both HTTP and HTTPS communication. During dev, I used self-signed certificates on localhost, but when I pushed it to my site, I had to get real ones. Let's Encrypt makes this process free and relatively easy. Now the server was officially secure on that front Also, to prevent session hijacking, each request must be authenticated with a username and password.


This was both a simple and a difficult problem. Bluetooth is a weird format to work with because it is a bit of a black box. I used to my advantage, and just fiddled with the default settings. Now the plush won't try to connect to anything once it has a partner. This helps guard against things like a spoofing attack.


The database was unpredictably fun to work with. It had a two big security holes: encryption and SQL injection. We used SQLite as a database so no unnecessary connections were made, and we could keep it fast and light. This was a huge plus, compared to my previous experience with MySQL. Unfortunately, the simple nature of SQLite databases means you can't simply protect them with a secure log in. I went back over my whole server, patching up holes I'd left open. Some key fixes:

  • Disabling password login (enforce SSH keys)
  • Can't SSH directly to root
  • Updating SSL to the most recent version

I also took into consideration how we store the information. One thing was basic database architecture. Because we have (hopefully) many users producing a lot of data, there is a chance that two things that should be unique are the same. This could be exploited by someone with malicious intent. To avoid this, I use auto-incremented ids instead of random so there's no unintentional collision. Another huge thing is my use of Blowfish encryption, probably the strongest general use encryption technique out there.

Log in or sign up for Devpost to join the conversation.

posted an update

36 hours ago, I was so struggling with ideas and started walking around different panels. Suddenly I saw this really cute android plush from google, and I hugged it. It was so soft and comfortable, and I didn't feel that stressful anymore. I took the plush back to our group, and we came up with this awesome idea. I am in charge of the hardware and Bluetooth part of the project, and I was struggling with connecting our microcontroller(Intel Arduino 101) to any device. I did a lot of research and asked for mentorship, and figured it out. I learned so much about Bluetooth during this hackathon.

Log in or sign up for Devpost to join the conversation.

posted an update

30 some-odd hours in, and I understand why I will come to hackathons for the rest of my life. We've been through (callback) hell, worn to our tattered cores. It is only in the deep wells of insanity that powerful knowledge lurks. In the moments that seemed hopeless, when all libraries failed us, nothing in the docs were helping, and even Stack Overflow was turning up blanks, I've learned things I wouldn't have guessed existed a midnight ago. Some things are practical, like the fact that in javascript ANY data type plus an empty array yields a string (weird right?), but also the less tangible stuff like perseverance, though graph theory isn't exactly grounded in reality. In sum, I've learned a decade of knowledge in just over 30 hours.

Log in or sign up for Devpost to join the conversation.