Inspired by Tor's work on anonymous metrics[0], as well as Apple's recent announcements about the use of Differential Privacy[1], I am starting to do some research and thinking on creating a new mobile analytics package that is private, anonymous, confidential, etc, by design. This is also being inspired by the recent kerfuffle around the Meitu apps insane hoovering of personal data. For now, I am calling this Respectful Analytics. This work is being done with some colleagues at the new Berkman-Klein Assembly[0.1] program I am participating in.
All in all, it is good as a developer to know if your app is working well, and if your user is happy, but for projects like ours, we can't just plop in Google Analytics or some other package, and call it day. We do want to know if version by version we are getting better at things like battery usage, responsiveness, data latency, and so on, but we definitely aren't interested in having every tap a user makes, or heatmaps of every screen. My thought is that we could create something with some of these properties: - Data is stored and processed on the client, rather than logged en masse on a server, to determine outcomes - Specific queries can be defined such as "is battery usage better or worse than with the last version?" that gain can be analyzed on the client - Any data aggregation should be done via Tor and possibly some kind of mix/data laundering middle server onion - user identifiers would be pseudonymous key identities that would only last per lifetime of an app install (and could be optionally cleared/reset by the user) - Some kind of user control panel for opting in/out of various aspects of the analytics package, and controlling when/how data is shared - As possible, advanced techniques like Differential Privacy[3], Randomized Response[4], Google's Rappor[5] should be utilized to further protect from misuse of data So, does any of this exist today already? Any packages, projects or papers I should be looking at? Any other thoughts on how we could make this broadly useful for mobile app developers, web developers, and perhaps even IoT? Thanks! [0] https://blog.torproject.org/blog/tors-innovative-metrics-program-receives-award-mozilla [0.1] https://berkmankleinassembly.org/ [1] https://www.wired.com/2016/06/apples-differential-privacy-collecting-data/ [2] https://techcrunch.com/2017/01/19/meitu-app-collects-personal-data/ [3] https://www.cis.upenn.edu/~aaroth/Papers/privacybook.pdf [4] https://www.dartmouth.edu/~chance/teaching_aids/RResponse/RResponse.html [5] https://github.com/google/rappor -- Nathan of Guardian [email protected] _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
