The project is nicknamed RAPPOR, which stands for Randomized Aggregatable Privacy-Preserving Ordinal Response. GoogleGoogle plans to present a paper on it next week at the ACM Conference on Computer and Communications Security. Alles zu Google auf CIO.de
RAPPOR is intended to collect statistics about software, such as security flaws, but in a way that doesn't expose sensitive information. It can do that by applying a technique used for randomized response surveys, wrote Ulfar Erlingsson, tech lead manager for security research.
It's a bit of a statistical trick, where people participating in a survey are instructed to answer in a specific way based on if a coin toss results in a "heads" or "tails." Surveyors can then calculate which answers were likely truthful, but respondents maintain plausible deniability if confronted.
"RAPPOR builds on the above concept, allowing software to send reports that are effectively indistinguishable from the results of random coin flips and are free of any unique identifiers," Erlingsson wrote. "However, by aggregating the reports we can learn the common statistics that are shared by many users."
Google is releasing RAPPOR under an open-source license "so that anybody can test its reporting and analysis mechanisms, and help develop the technology" Erlingsson wrote.