[guardian-dev] Respectful Analytics
Hans-Christoph Steiner
hans at guardianproject.info
Fri Feb 10 05:24:04 EST 2017
We'll hopefully have a basic PopCon implemented for F-Droid by June.
The guts of that are already included.
.hc
Nathan of Guardian:
> That is an excellent example to take a look at. I think what PopCon is
> doing is basically the state of things for those who are attempting some
> basic privacy preserving steps. We want to systematize this, and make it
> much easier to implement, ala ACRA.
>
> On Thu, Jan 26, 2017, at 04:40 AM, Hans-Christoph Steiner wrote:
>>
>> Debian Popularity Contest is a good example of opt-in usage metrics:
>>
>> http://popcon.debian.org/
>> https://www.linuxjournal.com/content/popcon-are-you-or-out
>>
>> It doesn't do active identity obfuscation as far as I can tell, as in
>> adding noise to the data or other tricks, but it actively avoids sending
>> identity info like IP address, hostname, username, language, time zone,
>> etc.
>>
>> .hc
>>
>> Tom Ritter:
>>> +1 for Rappor. I would think that the simplest usage metrics ('Did a
>>> user use this feature' and 'How long/many was X') should be pretty
>>> simple to do with Rappor and provide very strong privacy while keeping
>>> the normal metric use scenario people are used to: users submit data
>>> to a server, and you have fancy tools that draw fancy graphs.
>>>
>>> -tom
>>>
>>> On 25 January 2017 at 09:50, Nathan of Guardian
>>> <nathan at guardianproject.info> wrote:
>>>> Inspired by Tor's work on anonymous metrics[0], as well as Apple's
>>>> recent announcements about the use of Differential Privacy[1], I am
>>>> starting to do some research and thinking on creating a new mobile
>>>> analytics package that is private, anonymous, confidential, etc, by
>>>> design. This is also being inspired by the recent kerfuffle around the
>>>> Meitu apps insane hoovering of personal data. For now, I am calling this
>>>> Respectful Analytics. This work is being done with some colleagues at
>>>> the new Berkman-Klein Assembly[0.1] program I am participating in.
>>>>
>>>> All in all, it is good as a developer to know if your app is working
>>>> well, and if your user is happy, but for projects like ours, we can't
>>>> just plop in Google Analytics or some other package, and call it day. We
>>>> do want to know if version by version we are getting better at things
>>>> like battery usage, responsiveness, data latency, and so on, but we
>>>> definitely aren't interested in having every tap a user makes, or
>>>> heatmaps of every screen.
>>>>
>>>> My thought is that we could create something with some of these
>>>> properties:
>>>>
>>>> - Data is stored and processed on the client, rather than logged en
>>>> masse on a server, to determine outcomes
>>>> - Specific queries can be defined such as "is battery usage better or
>>>> worse than with the last version?" that gain can be analyzed on the
>>>> client
>>>> - Any data aggregation should be done via Tor and possibly some kind of
>>>> mix/data laundering middle server onion
>>>> - user identifiers would be pseudonymous key identities that would only
>>>> last per lifetime of an app install (and could be optionally
>>>> cleared/reset by the user)
>>>> - Some kind of user control panel for opting in/out of various aspects
>>>> of the analytics package, and controlling when/how data is shared
>>>> - As possible, advanced techniques like Differential Privacy[3],
>>>> Randomized Response[4], Google's Rappor[5] should be utilized to further
>>>> protect from misuse of data
>>>>
>>>> So, does any of this exist today already? Any packages, projects or
>>>> papers I should be looking at? Any other thoughts on how we could make
>>>> this broadly useful for mobile app developers, web developers, and
>>>> perhaps even IoT?
>>>>
>>>> Thanks!
>>>>
>>>>
>>>> [0]
>>>> https://blog.torproject.org/blog/tors-innovative-metrics-program-receives-award-mozilla
>>>> [0.1] https://berkmankleinassembly.org/
>>>> [1]
>>>> https://www.wired.com/2016/06/apples-differential-privacy-collecting-data/
>>>> [2] https://techcrunch.com/2017/01/19/meitu-app-collects-personal-data/
>>>> [3] https://www.cis.upenn.edu/~aaroth/Papers/privacybook.pdf
>>>> [4]
>>>> https://www.dartmouth.edu/~chance/teaching_aids/RResponse/RResponse.html
>>>> [5] https://github.com/google/rappor
>>>>
>>>> --
>>>> Nathan of Guardian
>>>> nathan at guardianproject.info
>>>> _______________________________________________
>>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>> To unsubscribe, email: guardian-dev-unsubscribe at lists.mayfirst.org
>>> _______________________________________________
>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>> To unsubscribe, email: guardian-dev-unsubscribe at lists.mayfirst.org
>>>
>>
>> --
>> PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556
>> https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
>> _______________________________________________
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>> To unsubscribe, email: guardian-dev-unsubscribe at lists.mayfirst.org
>
>
--
PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
More information about the guardian-dev
mailing list