(Cross-posted on the Chromium Blog and the Google Online Security Blog)
At Google, we are constantly trying to improve the techniques we use to protect our users security and privacy. One such project, RAPPOR (Randomized Aggregatable Privacy-Preserving Ordinal Response), provides a new state-of-the-art, privacy-preserving way to learn software statistics that we can use to better safeguard our users security, find bugs, and improve the overall user experience.
Building on the concept of randomized response, RAPPOR enables learning statistics about the behavior of users software while guaranteeing client privacy. The guarantees of differential privacy, which are widely accepted as being the strongest form of privacy, have almost never been used in practice despite intense research in academia. RAPPOR introduces a practical method to achieve those guarantees.
To understand RAPPOR, consider the following example. Lets say you wanted to count how many of your online friends were dogs, while respecting the maxim that, on the Internet, nobody should know youre a dog. To do this, you could ask each friend to answer the question Are you a dog? in the following way. Each friend should flip a coin in secret, and answer the question truthfully if the coin came up heads; but, if the coin came up tails, that friend should always say Yes regardless. Then you could get a good estimate of the true count from the greater-than-half fraction of your friends that answered Yes. However, you still wouldnt know which of your friends was a dog: each answer Yes would most likely be due to that friends coin flip coming up tails.
RAPPOR builds on the above concept, allowing software to send reports that are effectively indistinguishable from the results of random coin flips and are free of any unique identifiers. However, by aggregating the reports we can learn the common statistics that are shared by many users. Were currently testing the use of RAPPOR in Chrome, to learn statistics about how unwanted software is hijacking users settings.
We believe that RAPPOR has the potential to be applied for a number of different purposes, so were making it freely available for all to use. Well continue development of RAPPOR as a standalone open-source project so that anybody can inspect and test its reporting and analysis mechanisms, and help develop the technology. Weve written up the technical details of RAPPOR in a report that will be published next week at the ACM Conference on Computer and Communications Security.
Were encouraged by the feedback weve received so far from academics and other stakeholders, and were looking forward to additional comments from the community. We hope that everybody interested in preserving user privacy will review the technology and share their feedback at rappor-discuss@googlegroups.com
0 comments:
Post a Comment