The large-scale monitoring of computer users’ software activities has become commonplace, e.g., for application telemetry, error reporting, or demographic profiling. This paper describes a principled systems architecture—Encode, Shuffle, Analyze (ESA)—for performing such monitoring with high utility while also protecting user privacy. The ESA design, and its PROCHLO implementation, are informed by our practical experiences with an existing, large deployment of privacy-preserving software monitoring. With ESA, the privacy of monitored users’ data is guaranteed by its processing in a three-step pipeline. First, the data is encoded to control scope, granularity, and randomness. Second, the encoded data is collected in batches subject to a ra...
Abstract—We consider a problem where mutually untrusting curators possess portions of a vertically p...
As advances in technology increase data processing and storage capabilities, the collection of massi...
This paper introduces Prio+, a privacy-preserving system for the collection of aggregate statistics,...
The large-scale monitoring of computer users’ software activities has become commonplace, e.g., for ...
Collecting distributed data from millions of individuals for the purpose of analytics is a common sc...
In this article, we discuss the new requirements for standards for policy and mechanism to retain pr...
In the modern information society, a high volume and a tremendous variety of data are produced at an...
Abstract Incredible amounts of data is being generated by various organizations like hospitals, bank...
Software development produces large amounts of data both from the process, as well as the usage of t...
In today's data-driven world, we are conflicted with two opposing phenomena. On the one hand, collec...
Data is becoming increasingly valuable, but concerns over its security and privacy have limited its ...
In several domains, privacy presents a significant obstacle to scientific and analytic research, and...
Many future applications for advanced software agents imply distributed computation involving sensit...
Probabilistic counters are well known tools often used for space-efficient set cardinality estimatio...
The modern internet and phone networks offer very little security, privacy, or accountability to the...
Abstract—We consider a problem where mutually untrusting curators possess portions of a vertically p...
As advances in technology increase data processing and storage capabilities, the collection of massi...
This paper introduces Prio+, a privacy-preserving system for the collection of aggregate statistics,...
The large-scale monitoring of computer users’ software activities has become commonplace, e.g., for ...
Collecting distributed data from millions of individuals for the purpose of analytics is a common sc...
In this article, we discuss the new requirements for standards for policy and mechanism to retain pr...
In the modern information society, a high volume and a tremendous variety of data are produced at an...
Abstract Incredible amounts of data is being generated by various organizations like hospitals, bank...
Software development produces large amounts of data both from the process, as well as the usage of t...
In today's data-driven world, we are conflicted with two opposing phenomena. On the one hand, collec...
Data is becoming increasingly valuable, but concerns over its security and privacy have limited its ...
In several domains, privacy presents a significant obstacle to scientific and analytic research, and...
Many future applications for advanced software agents imply distributed computation involving sensit...
Probabilistic counters are well known tools often used for space-efficient set cardinality estimatio...
The modern internet and phone networks offer very little security, privacy, or accountability to the...
Abstract—We consider a problem where mutually untrusting curators possess portions of a vertically p...
As advances in technology increase data processing and storage capabilities, the collection of massi...
This paper introduces Prio+, a privacy-preserving system for the collection of aggregate statistics,...