Divvi Up is a privacy-respecting system for the collection of aggregate statistics such as application metrics.
Applications such as web browsers, mobile applications, or websites generate data. Normally they would just send all of the data back to the application developer, but applications using Divvi Up will split the data into two anonymized and encrypted shares and upload each share to different data share processors that do not share data with each other. This way only minimal information about the original data is revealed to either processor. Each processor then aggregates its data shares into a partial sum. The partial sums can then be combined into a final aggregation, permitting useful statistics over the whole body of data while revealing minimal information about individual participants. This system is based on the Prio and Heavy Hitters protocols developed at Stanford by Henry Corrigan-Gibbs and Dan Boneh.
Divvi Up takes a user-generated metric, from a mobile device, web browser, or other application, and divides the metric into two encrypted shares as it leaves the origin. One half of that metric is sent to a Divvi Up server, the other to a third-party server. When an application owner queries an aggregate statistic of its users, Divvi Up combines the divided metrics from all users and recombines them into a privacy-preserving aggregate.
ISRG can operate data share processors for your organization through our Divvi Up project. The software we use is open source and we have extensive experience running public benefit infrastructure. Our organization also operates the Let's Encrypt certificate authority.
Because the privacy-respecting architecture of this system depends on splitting user metrics up into two shares, you will need a second data share processor server. The second data share processor can be operated by your organization or another provider.
If you would like to use Divvi Up, please email email@example.com.
You will need to agree to the Subscriber Agreement for this service, which you can find below.