The Internet Security Research Group (ISRG) plans to enable companies to collect information about how people use their products while protecting the privacy of those who generate the data.
Today, Let’s Encrypt, a California-based nonprofit organization, launched Prio’s services, a service that allows you to collect product information online without compromising your personal information.
Applications such as web browsers, mobile applications and websites generate measurements, according to Josh Aas, founder and CEO of ISRG, and Tim Geoghegan, site reliability engineer, in his announcement. Usually they just send all the settings back to the application developer, but with Prio applications split the settings into two anonymous and encrypted sources and load each source onto different processors that don’t communicate with each other.
Usually they just send all the settings back to the application developer, but with Prio the applications split the settings into two anonymous and encrypted sources.
The prio is described in the research paper [PDF] for 2017 as a data protection system for the collection of aggregated statistics. The system was developed by Henry Corrigan-Gibbs, then PhD and currently Associate Professor at the Massachusetts Institute of Technology (MIT), and Dan Bonnet, Professor of Computer Science and Electrical Engineering at Stanford.
Prio uses a cryptographic approach called Non-Interactive Proofing with Secret Separation (SNIP). According to its creators, it only processes data 5.7 times slower than systems without privacy protection. It’s much better than the competition: The non-interactive detection of the lack of customer-oriented knowledge (NIZK) is 267 times slower than the unprotected data processing and privacy methods based on concise non-interactive knowledge arguments (SNARK), which are three orders of magnitude slower.
With Prio, you can get both: the joint statistics needed to improve an application or service and protect the privacy of the people who provide those data, Boone said in a statement. This system offers a reliable solution to meet the two growing demands of our technological economy.
In 2018, Mozilla began testing Prio to collect Firefox telemetry data and found the cryptographic scheme convincing enough to make it the basis of its Firefox Origin telemetry service.
Last year Chris Hutten-Chapsky, a Firefox platform engineer, wrote Prio neatly in a blog post. So we know how much is going on in the general Firefox population without ever knowing which Firefox sent us which information.
Prio’s services allow any company subscribing to the service to fragment, cut and anonymise its data, so that it can be viewed in its entirety without the risk of the data being used to identify individuals.
Have Encrypt warn you that a third of next year’s Android devices will fall on sites with itscertificates.
The ISRG manages the data processing server, and the subscribers set up a second server and agree that their applications forward their measurements so that they can be shared between the two servers for later anonymous aggregation and analysis.
By providing cost-effective and easy-to-use cryptographic protection of the user’s privacy, ISRG will take an important step towards protecting the public from privacy violations, according to Aas and Geoghegan. We hope that the collection of privacy information will become an expectation for application developers.
The services are not yet available to the public. ISRG is working on the implementation of the service with the first group of subscribers and will provide more detailed information at a later date. But the orgy says it expects to be the first organisation to run Prio as a production department.
In an e-mail to the register, Ace stated that it was still too early to give information about prices.
He says that while some subscribers at the bottom of the scale pay for the service, many have access to it through charitable donations. We are currently unable to provide pricing information to potential paying subscribers.
Ace said that companies that do not care about the privacy of users might not be very motivated to use Prio, although he suggested that the service might be attractive to those who want to return to the dark side.
Prio prevents intentional and unintentional breaches of confidentiality, making the system beneficial to the best-informed companies, he said. The ability to convince people that an application is reliable is important to many companies and using Prio is a way for them to do so. ®