For projects to develop they need users feedback. One way to get it is metrics.
Metrics are also important for the social aspects of projects. For example, Almonit users want to know which websites are popular in the Almonit community.
However, it is difficult to collect user metrics without violating privacy. Privacy concerns have three elements here.
Communication. If users send metrics to Almonit server, they are exposed as Almonit users.
Data encryption and processing. Users surfing habits are exposed if data is not encrypted. If data is encrypted, it is hard for Almonit to calculate statistics.
Statistics publishing. How to publish on-going statistics while preserving the data that each user contributed to it?
In the first version of the plugin Almonit will handle privacy as following. Users will send their metrics to the Almonit server every certain period of time.
We promise not to keep any logs connected to those transmissions (IPs etc.).
We promise not to keep any identifying or personal information.
We promise to delete the user data once it was integrated into the statistics.
This model is faulty since it requires trust in Almonit. Below are initial thoughts of how to create a trustless private metrics.
Communication. The trivial way to solve it is using Tor or i2p. Hoever, this is difficult to do with a browser plugin. Another option is Bitcoin style privacy: messages are broadcasted to a p2p network of Almonit users (based on webRTC). The messages are encrypted to Almonit public key, without information on the sender. An issue with this proposal is that this is easy for sybill attacks or other false metric information.
Data encryption and processing. This is a tough nut. Can this be tackled using tools like zk-snarks or multi-party computation?
Statistics publishing. Another tough nut. Perhaps differential privacy can help here.
Reliable privacy preserving metrics are long way down the road, but it's an interesting problem to think of. A solution to this problem could be applied in almost every modern project.
For projects to develop they need users feedback. One way to get it is metrics.
Metrics are also important for the social aspects of projects. For example, Almonit users want to know which websites are popular in the Almonit community.
However, it is difficult to collect user metrics without violating privacy. Privacy concerns have three elements here.
In the first version of the plugin Almonit will handle privacy as following. Users will send their metrics to the Almonit server every certain period of time.
This model is faulty since it requires trust in Almonit. Below are initial thoughts of how to create a trustless private metrics.
Communication. The trivial way to solve it is using Tor or i2p. Hoever, this is difficult to do with a browser plugin. Another option is Bitcoin style privacy: messages are broadcasted to a p2p network of Almonit users (based on webRTC). The messages are encrypted to Almonit public key, without information on the sender. An issue with this proposal is that this is easy for sybill attacks or other false metric information.
Data encryption and processing. This is a tough nut. Can this be tackled using tools like zk-snarks or multi-party computation?
Statistics publishing. Another tough nut. Perhaps differential privacy can help here.
Reliable privacy preserving metrics are long way down the road, but it's an interesting problem to think of. A solution to this problem could be applied in almost every modern project.