+1 for Rappor. I would think that the simplest usage metrics ('Did a
user use this feature' and 'How long/many was X') should be pretty
simple to do with Rappor and provide very strong privacy while keeping
the normal metric use scenario people are used to: users submit data
to a server, and you have fancy tools that draw fancy graphs.-tom On 25 January 2017 at 09:50, Nathan of Guardian <[email protected]> wrote: > Inspired by Tor's work on anonymous metrics[0], as well as Apple's > recent announcements about the use of Differential Privacy[1], I am > starting to do some research and thinking on creating a new mobile > analytics package that is private, anonymous, confidential, etc, by > design. This is also being inspired by the recent kerfuffle around the > Meitu apps insane hoovering of personal data. For now, I am calling this > Respectful Analytics. This work is being done with some colleagues at > the new Berkman-Klein Assembly[0.1] program I am participating in. > > All in all, it is good as a developer to know if your app is working > well, and if your user is happy, but for projects like ours, we can't > just plop in Google Analytics or some other package, and call it day. We > do want to know if version by version we are getting better at things > like battery usage, responsiveness, data latency, and so on, but we > definitely aren't interested in having every tap a user makes, or > heatmaps of every screen. > > My thought is that we could create something with some of these > properties: > > - Data is stored and processed on the client, rather than logged en > masse on a server, to determine outcomes > - Specific queries can be defined such as "is battery usage better or > worse than with the last version?" that gain can be analyzed on the > client > - Any data aggregation should be done via Tor and possibly some kind of > mix/data laundering middle server onion > - user identifiers would be pseudonymous key identities that would only > last per lifetime of an app install (and could be optionally > cleared/reset by the user) > - Some kind of user control panel for opting in/out of various aspects > of the analytics package, and controlling when/how data is shared > - As possible, advanced techniques like Differential Privacy[3], > Randomized Response[4], Google's Rappor[5] should be utilized to further > protect from misuse of data > > So, does any of this exist today already? Any packages, projects or > papers I should be looking at? Any other thoughts on how we could make > this broadly useful for mobile app developers, web developers, and > perhaps even IoT? > > Thanks! > > > [0] > https://blog.torproject.org/blog/tors-innovative-metrics-program-receives-award-mozilla > [0.1] https://berkmankleinassembly.org/ > [1] > https://www.wired.com/2016/06/apples-differential-privacy-collecting-data/ > [2] https://techcrunch.com/2017/01/19/meitu-app-collects-personal-data/ > [3] https://www.cis.upenn.edu/~aaroth/Papers/privacybook.pdf > [4] > https://www.dartmouth.edu/~chance/teaching_aids/RResponse/RResponse.html > [5] https://github.com/google/rappor > > -- > Nathan of Guardian > [email protected] > _______________________________________________ > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > To unsubscribe, email: [email protected] _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
