utilizing large scale randomized response at google
play

Utilizing Large-Scale Randomized Response at Google: RAPPOR and its - PowerPoint PPT Presentation

Dec 17, 2022 •377 likes •833 views

Utilizing Large-Scale Randomized Response at Google: RAPPOR and its lessons lfar Erlingsson, Vasyl Pihur, Aleksandra Korolova, Steven Holte, Ananth Raghunathan , Giulia Fanti, Ilya Mironov, Andy Chu DIMACS Security and Privacy Workshop (April

  1. Utilizing Large-Scale Randomized Response at Google: RAPPOR and its lessons Úlfar Erlingsson, Vasyl Pihur, Aleksandra Korolova, Steven Holte, Ananth Raghunathan , Giulia Fanti, Ilya Mironov, Andy Chu DIMACS Security and Privacy Workshop (April 2017)

  2. RAPPOR Motivation: Hijacking of Chrome Settings Find the Chrome homepages/search-engines used by clients ... with privacy for each user I.e., find popularity %’s of Yahoo! Search, Bing, … Also: detect unusually high %’s for sites installing unwanted software RAPPOR can find them, without seeing any user’s homepage! DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  3. Who on the Web is still using Silverlight? Estimated by RAPPOR netflix ebay intuit amazon live DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  4. Metaphor for RAPPOR DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  5. Microdata: An individual’s report DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  6. Microdata: An individual’s report Each bit is flipped with probability 25% DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  7. Big picture remains! DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  8. Best practice for learning statistics about users/clients ● Collect user data (perhaps with unique id for each user) Scrub IP addresses, timestamps, etc., from user data ● ● Keep central database of scrubbed data (e.g., for 2 weeks) ○ Keep only aggregates for older data Report aggregates of data over a threshold (e.g., 10 users) ● Can be the best approach (e.g., for opt-in, low-sensitivity data) DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  9. RAPPOR: Learn user statistics with much stronger privacy ● Rigorous and meaningful privacy guarantees for each user No central database (hackable, subpoenable) of user data ● User’s privacy doesn’t depend on a trusted third party ● ● No privacy externalities (e.g., from trackable user IDs) Well-suited to sensitive user data, such as URLs from users Dashboard at [redacted] DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  10. Chrome homepages (over 90 days) google msn avg google tr google br DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  11. Gold Standard of Security Same key aspects in software construction & computer security In programming In security Specification = Security policy Implementation = Enforcement mechanism Correctness = Assurance Methodology* = Security model * e.g., functional vs. declarative vs. imperative programming DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  12. Gold Standard of Privacy Same key aspects in software construction & computer security In programming In privacy Specification = Privacy policy Implementation = Enforcement mechanism Correctness = Assurance Methodology = Privacy model* * e.g., HIPAA vs. usage control vs. local- or database-differential privacy DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  13. Takeaways from this talk 1. Randomized response Learning categorical data and aggregating Bloom filters 2. RAPPOR’s 2-level randomized response Longitudinal differential privacy and anonymity 3. Lessons learnt from the large-scale deployment of a randomized-response privacy mechanism 4. Follow-up works DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  14. 1. Randomized Response: Collecting a sensitive Boolean Developed in 1960’s for sensitive surveys “Are you now, or have you ever been, a member of the communist party?” a. Flip a coin, in private b. If coin comes up heads, respond “Yes” c. If coin comes up tails, tell the truth Estimate true “Yes” ratio with: “Yes”% - 50% DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  15. 1. Randomized Response: Collecting a sensitive Boolean Developed in 1960’s for sensitive surveys “Are you now, or have you ever been, a member of the communist party?” a. Flip a coin, in private b. If coin comes up heads, --- flip another coin to select randomly “Yes” or “No” c. If coin comes up tails, tell the truth Satisfies differential privacy property (with two coins) Still easy to estimate true “Yes” ratio DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  16. Randomized response on categorical Boolean values ● If number of categories is small, can do an independent randomized response for each category ○ Bit-by-bit array of randomized responses ● Example: The categories may refer to salary ranges ○ Users do a “yes/no” randomized response for each range DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  17. Randomized response on categorical Boolean values ● If number of categories is small, can do an independent randomized response for each category ○ Bit-by-bit array of randomized responses ● Example: The categories may refer to salary ranges ○ Users do a “yes/no” randomized response for each range This user’s salary lies in this range. The “Yes” coin came up heads, so bit is “1”. DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  18. Learning the shape of the Salaries distribution Users flip a “yes” coin for just one bit; “no” coins for others No prior knowledge of the shape of the distribution. DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  19. Bloom filters to handle large sets of categories ● Compressed representation of a large set To minimize collisions/false positives, use multiple cohorts ● ○ Randomly assign clients to one of m cohorts ○ Each cohort uses different Bloom-filter hash functions DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  20. 2. RAPPOR two-level randomization and differential privacy ● Problem to ask the communist question repeatedly ○ Average of coin flips eventually reveals the true answer Memoization is the trick: Reuse the same answer ● ● But memoized random bits can hurt anonymity Repeated bit sequence forms a unique tracking ID ○ Randomization of memoized response is the answer! ● Flip coins on a value, and memoize ○ Then report coin flips on the memoized data ○ DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  21. RAPPOR algorithm 1. Hash a value v into Bloom filter B using h hash functions 2. Memoize a Permanent Randomized Response B’ 3. Report an Instantaneous Randomized Response S DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  22. RAPPOR algorithm 1. Hash a value v into Bloom filter B using h hash functions 2. Memoize a Permanent Randomized Response B’ f = ½ for example 3. Report an Instantaneous Randomized Response S q = ¾ and p = ½ for example DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  23. OSS project ● Contents of https://github.com/google/rappor ○ Demo that you can run with a couple shell commands ○ Client library Analysis tools and simulation ○ ○ Documentation ○ Analysis service ○ Clients code in a few languages DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  24. Lessons Learnt

  25. Design for simple explainability Critical to get comfort / acceptance from everybody … (also need reasonable ε, and may want user opt-in) DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  26. There will be growing pains ● Transitioning from a research prototype to a real product Scalability ● Versioning ● DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  27. Communicate Uncertainty DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  28. Candidates? – Enable diagnostics on collected data No missing candidates Three missing candidates DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  29. Know thy Enemies and Friends If raw data is being collected: ● privacy people & technology are a hindrance to utility ● hard to avoid the slippery slope … bodes ill for (pure) database-differential privacy If statistical/privacy-protected data is collected: ● privacy people become essential to utility ● big step onto the slippery slope … good reason to add noise early DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

  30. Keep your friends close ... ● Partner closely with the users, and monitor their use ○ tools/metrics/rappor/rappor.xml - chromium/src Avoid users treating your technology as a black box ● they’ll be disappointed & affect user privacy w/o utility ○ Set and manage expectations ● ○ e.g., local differential privacy can only see peaky tops DIMACS Security and Privacy Workshop (Apr. 2017) github.com/google/rappor

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Large-scale Graph Mining @ Google NY Vahab Mirrokni Google Research New York, NY DIMACS

Large-scale Graph Mining @ Google NY Vahab Mirrokni Google Research New York, NY DIMACS

Large-scale Graph Mining @ Google NY Vahab Mirrokni Google Research New York, NY DIMACS Workshop Large-scale graph mining Many applications Friend suggestions Recommendation systems Security Advertising Benefits Big data available Rich

822 views • 71 slides
A randomized block sampling approach to the canonical polyadic decomposition of large-scale

A randomized block sampling approach to the canonical polyadic decomposition of large-scale

A randomized block sampling approach to the canonical polyadic decomposition of large-scale tensors Nico Vervliet Joint work with Lieven De Lathauwer SIAM AN17, July 13, 2017 Classification of hazardous gasses using e-noses Sensor Classify

762 views • 58 slides
Large scale libc++ deployment Evgenii Stepanov, Google Ivan Krasin, Google Containers of

Large scale libc++ deployment Evgenii Stepanov, Google Ivan Krasin, Google Containers of

Large scale libc++ deployment Evgenii Stepanov, Google Ivan Krasin, Google Containers of incomplete types class A { std::deque<A> d; }; class B { std::set<B>::iterator p; } Super-popular patterns. Some algorithms are much harder

408 views • 11 slides
A Randomized Likelihood Method for Data Reduction in Large-scale Inverse Problems Ellen B. Le

A Randomized Likelihood Method for Data Reduction in Large-scale Inverse Problems Ellen B. Le

A Randomized Likelihood Method for Data Reduction in Large-scale Inverse Problems Ellen B. Le Tan Bui-Thanh Aaron Myers Institute for Computational Engineering and Sciences (ICES) The University of Texas at Austin SIAM CSE 15 Salt Lake City

991 views • 77 slides
Large-Scale Deep Learning with TensorFlow for Building Intelligent Systems Jeff Dean Google

Large-Scale Deep Learning with TensorFlow for Building Intelligent Systems Jeff Dean Google

Large-Scale Deep Learning with TensorFlow for Building Intelligent Systems Jeff Dean Google Brain Team g.co/brain In collaboration with many other people at Google We can now store and perform computation on large datasets, using things like

1.49k views • 127 slides
Building Large-Scale Internet Services Jeff Dean jeff@google.com Plan for Today Googles

Building Large-Scale Internet Services Jeff Dean jeff@google.com Plan for Today Googles

Building Large-Scale Internet Services Jeff Dean jeff@google.com Plan for Today Googles computational environment hardware system software stack & its evolution Techniques for building large-scale systems decomposition

1.27k views • 80 slides
tinyurl.com/s382q4f Doing More with Google: Utilizing Google Products in Your Classroom Phoebe

tinyurl.com/s382q4f Doing More with Google: Utilizing Google Products in Your Classroom Phoebe

Google Workshop 1/10/20 Phoebe Li Chen & Andrew Shapira Welcome to our workshop! If you havent already filled out the pre-workshop survey, please do so now by going to this link: tinyurl.com/s382q4f Doing More with Google: Utilizing

476 views • 34 slides
Symbiosis in Scale Out Networking and Data Management Amin Vahdat Google/UC San Diego

Symbiosis in Scale Out Networking and Data Management Amin Vahdat Google/UC San Diego

Symbiosis in Scale Out Networking and Data Management Amin Vahdat Google/UC San Diego vahdat@google.com Overview Large-scale data processing needs scale out networking Unlocking the potential of modern server hardware for at scale

693 views • 67 slides
Linear Convergence of Randomized Primal-Dual Coordinate Method for Large-scale Linear Constrained

Linear Convergence of Randomized Primal-Dual Coordinate Method for Large-scale Linear Constrained

Linear Convergence of Randomized Primal-Dual Coordinate Method for Large-scale Linear Constrained Convex Programming Daoli Zhu and Lei Zhao Shanghai Jiao Tong University ICML 2020 July 16, 2020 PRO PRE CCR LCA NA CCL Outline 1 Research

731 views • 28 slides
Large-Scale Deep Learning With TensorFlow Jeff Dean Google Brain team g.co/brain In

Large-Scale Deep Learning With TensorFlow Jeff Dean Google Brain team g.co/brain In

Large-Scale Deep Learning With TensorFlow Jeff Dean Google Brain team g.co/brain In collaboration with many other people at Google What is the Google Brain Team? Research team focused on long term artificial intelligence research Mix

1.45k views • 119 slides
Large-Scale Machine Learning at Twitter 2 Large-Scale Machine Learning at Twitter Jimmy Lin and

Large-Scale Machine Learning at Twitter 2 Large-Scale Machine Learning at Twitter Jimmy Lin and

Large-Scale Machine Learning at Twitter 2 Large-Scale Machine Learning at Twitter Jimmy Lin and Alek Kolcz Twitter, Inc. 1 Image source:google.com/images Large-Scale Machine Learning at Twitter Outline Outline Is twitter big data?

582 views • 40 slides
Evaluating Dem and Response in Large Scale Pow er System Studies Niamh OConnell Outline

Evaluating Dem and Response in Large Scale Pow er System Studies Niamh OConnell Outline

Evaluating Dem and Response in Large Scale Pow er System Studies Niamh OConnell Outline Integration Studies and Demand Response Modelling Demand Response for Large Scale Integration Studies Study Outline Study Results

270 views • 16 slides
FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large

FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large

FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large Scale Solar Lead April 2017 CONTENTS 1. Introduction to CEFC 2. Investment trends 3. The future of large scale solar 4. Pathway to sustainable

664 views • 21 slides
Multiresol olution M on Method hods f for Large-scale L Learni ning ng @ @ NIPS 2 S 2015

Multiresol olution M on Method hods f for Large-scale L Learni ning ng @ @ NIPS 2 S 2015

Multiresol olution M on Method hods f for Large-scale L Learni ning ng @ @ NIPS 2 S 2015 Ily lya Safro ro Clemso son U Universi sity Multigrid-inspired Methods for Large-scale Networks Fast Response to Infection Spread (with S.

796 views • 56 slides
Local Algorithms and Large Scale Graph Mining Silvio Lattanzi (Google Research NY) Charles River

Local Algorithms and Large Scale Graph Mining Silvio Lattanzi (Google Research NY) Charles River

Local Algorithms and Large Scale Graph Mining Silvio Lattanzi (Google Research NY) Charles River Workshop on Private Analysis of Social Networks Outline Problem and challenges Graph clustering, computation limitations. Local random walk and

1.22k views • 101 slides
UTILIZING COMMUNITY HEALTH WORKERS TO INCREASE ORS AND ZINC USE IN UGANDA: A CLUSTERED RANDOMIZED

UTILIZING COMMUNITY HEALTH WORKERS TO INCREASE ORS AND ZINC USE IN UGANDA: A CLUSTERED RANDOMIZED

UTILIZING COMMUNITY HEALTH WORKERS TO INCREASE ORS AND ZINC USE IN UGANDA: A CLUSTERED RANDOMIZED CONTROLLED TRIAL JOHN BOSCO ASIIMWE | MAKERERE UNIVERSITY 2 0 1 6 E A S T A F R I C A E V I D E N C E S U M M I T J U LY 1 3 , 2 0 1 5 | D

472 views • 7 slides
How did the Internet come to be? It started as a research project to experiment with

How did the Internet come to be? It started as a research project to experiment with

How did the Internet come to be? It started as a research project to experiment with connecting computers 2: Internet History together with packet switched networks. It was developed with funding and leadership of the Defense

422 views • 4 slides
Extreme DocBook Norman Walsh http://www.sun.com/ XML Standards Architect Extreme Markup

Extreme DocBook Norman Walsh http://www.sun.com/ XML Standards Architect Extreme Markup

Extreme DocBook Norman Walsh http://www.sun.com/ XML Standards Architect Extreme Markup Languages 2004 01-06 August 2004 Version 1.0 Table of Contents This presentation explores some of the design choices made in recasting DocBook from an

880 views • 61 slides
Samba and the road to 100,000 users Presented by Andrew Bartlet Samba Team - Catalyst / / SambaXP

Samba and the road to 100,000 users Presented by Andrew Bartlet Samba Team - Catalyst / / SambaXP

Samba and the road to 100,000 users Presented by Andrew Bartlet Samba Team - Catalyst / / SambaXP 2017 Andrew Bartlet Samba developer since 2001 Working on the AD DC since soon afuer the start of the 4.0 branch, since 2004! Driven to

664 views • 44 slides
CHOOSING THE RIGHT TECHNOLOGY ISNT ENOUGH Cons T hs Klarna AB, Sweden tisdag 2 oktober 12

CHOOSING THE RIGHT TECHNOLOGY ISNT ENOUGH Cons T hs Klarna AB, Sweden tisdag 2 oktober 12

CHOOSING THE RIGHT TECHNOLOGY ISNT ENOUGH Cons T hs Klarna AB, Sweden tisdag 2 oktober 12 Choosing the right technology isnt enough Growth pains Dangers of technology focus People matter more in the long run Hiring - finding the

289 views • 26 slides
F ROM R ESEARCH T O I NDUSTRY M OBILE EDITION (Or, How I Learned To Stop Worrying

F ROM R ESEARCH T O I NDUSTRY M OBILE EDITION (Or, How I Learned To Stop Worrying

F ROM R ESEARCH T O I NDUSTRY M OBILE EDITION (Or, How I Learned To Stop Worrying about Papers and Start Building Smartphone Apps) Stephen Miller, Co-Founder and SVP Engineering Fyusion, Inc T HIS TALK IS ABOUT How to

1.31k views • 99 slides
The state of OCaml, 2012 Xavier Leroy INRIA Paris-Rocquencourt OCaml Users and Developers

The state of OCaml, 2012 Xavier Leroy INRIA Paris-Rocquencourt OCaml Users and Developers

The state of OCaml, 2012 Xavier Leroy INRIA Paris-Rocquencourt OCaml Users and Developers Workshop, 2012-09-14 X. Leroy (INRIA) The state of OCaml, 2012 OUD 2012 1 / 17 Outline OCaml development news 1 OCaml community news 2 X. Leroy

488 views • 19 slides
RUNGE LIMITED (RUL) Annual General Meeting Time: 10.00 am (AEST) Date: Thursday, 18 November

RUNGE LIMITED (RUL) Annual General Meeting Time: 10.00 am (AEST) Date: Thursday, 18 November

RUNGE LIMITED (RUL) Annual General Meeting Time: 10.00 am (AEST) Date: Thursday, 18 November 2010 Venue: Christie Conference Centre, Kamisama Room, Level 6, 320 Adelaide Street, Brisbane, Queensland Chairmans Address We had a

444 views • 20 slides
Google Megastore: The Data Engine Behind GAE presentation by Atreyee Maiti What is it? Best

Google Megastore: The Data Engine Behind GAE presentation by Atreyee Maiti What is it? Best

Google Megastore: The Data Engine Behind GAE presentation by Atreyee Maiti What is it? Best of both worlds - NoSQL and relational Fully serializable ACID in fine grained data partitions Designed for interactive online services

679 views • 26 slides

More recommend