We'll hopefully have a basic PopCon implemented for F-Droid by June. The guts of that are already included.
.hc Nathan of Guardian: > That is an excellent example to take a look at. I think what PopCon is > doing is basically the state of things for those who are attempting some > basic privacy preserving steps. We want to systematize this, and make it > much easier to implement, ala ACRA. > > On Thu, Jan 26, 2017, at 04:40 AM, Hans-Christoph Steiner wrote: >> >> Debian Popularity Contest is a good example of opt-in usage metrics: >> >> http://popcon.debian.org/ >> https://www.linuxjournal.com/content/popcon-are-you-or-out >> >> It doesn't do active identity obfuscation as far as I can tell, as in >> adding noise to the data or other tricks, but it actively avoids sending >> identity info like IP address, hostname, username, language, time zone, >> etc. >> >> .hc >> >> Tom Ritter: >>> +1 for Rappor. I would think that the simplest usage metrics ('Did a >>> user use this feature' and 'How long/many was X') should be pretty >>> simple to do with Rappor and provide very strong privacy while keeping >>> the normal metric use scenario people are used to: users submit data >>> to a server, and you have fancy tools that draw fancy graphs. >>> >>> -tom >>> >>> On 25 January 2017 at 09:50, Nathan of Guardian >>> <[email protected]> wrote: >>>> Inspired by Tor's work on anonymous metrics[0], as well as Apple's >>>> recent announcements about the use of Differential Privacy[1], I am >>>> starting to do some research and thinking on creating a new mobile >>>> analytics package that is private, anonymous, confidential, etc, by >>>> design. This is also being inspired by the recent kerfuffle around the >>>> Meitu apps insane hoovering of personal data. For now, I am calling this >>>> Respectful Analytics. This work is being done with some colleagues at >>>> the new Berkman-Klein Assembly[0.1] program I am participating in. >>>> >>>> All in all, it is good as a developer to know if your app is working >>>> well, and if your user is happy, but for projects like ours, we can't >>>> just plop in Google Analytics or some other package, and call it day. We >>>> do want to know if version by version we are getting better at things >>>> like battery usage, responsiveness, data latency, and so on, but we >>>> definitely aren't interested in having every tap a user makes, or >>>> heatmaps of every screen. >>>> >>>> My thought is that we could create something with some of these >>>> properties: >>>> >>>> - Data is stored and processed on the client, rather than logged en >>>> masse on a server, to determine outcomes >>>> - Specific queries can be defined such as "is battery usage better or >>>> worse than with the last version?" that gain can be analyzed on the >>>> client >>>> - Any data aggregation should be done via Tor and possibly some kind of >>>> mix/data laundering middle server onion >>>> - user identifiers would be pseudonymous key identities that would only >>>> last per lifetime of an app install (and could be optionally >>>> cleared/reset by the user) >>>> - Some kind of user control panel for opting in/out of various aspects >>>> of the analytics package, and controlling when/how data is shared >>>> - As possible, advanced techniques like Differential Privacy[3], >>>> Randomized Response[4], Google's Rappor[5] should be utilized to further >>>> protect from misuse of data >>>> >>>> So, does any of this exist today already? Any packages, projects or >>>> papers I should be looking at? Any other thoughts on how we could make >>>> this broadly useful for mobile app developers, web developers, and >>>> perhaps even IoT? >>>> >>>> Thanks! >>>> >>>> >>>> [0] >>>> https://blog.torproject.org/blog/tors-innovative-metrics-program-receives-award-mozilla >>>> [0.1] https://berkmankleinassembly.org/ >>>> [1] >>>> https://www.wired.com/2016/06/apples-differential-privacy-collecting-data/ >>>> [2] https://techcrunch.com/2017/01/19/meitu-app-collects-personal-data/ >>>> [3] https://www.cis.upenn.edu/~aaroth/Papers/privacybook.pdf >>>> [4] >>>> https://www.dartmouth.edu/~chance/teaching_aids/RResponse/RResponse.html >>>> [5] https://github.com/google/rappor >>>> >>>> -- >>>> Nathan of Guardian >>>> [email protected] >>>> _______________________________________________ >>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev >>>> To unsubscribe, email: [email protected] >>> _______________________________________________ >>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev >>> To unsubscribe, email: [email protected] >>> >> >> -- >> PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556 >> https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556 >> _______________________________________________ >> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev >> To unsubscribe, email: [email protected] > > -- PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556 https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556 _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
