Non-tracking web analytics

Today, websites commonly use third party web analytics services t obtain aggregate information about users that visit their sites. This information includes demographics and visits to other sites as well as user behavior within their own sites. Unfortunately, to obtain this aggregate information, web analytics services track individual user browsing behavior across the web. This violation of user privacy has been strongly criticized, resulting in tools that block such tracking as well as anti-tracking legislation and standards such as Do-Not-Track. These efforts, while improving user privacy, degrade the quality of web analytics. This paper presents the first design of a system that provides web analytics without tracking. The system gives users differential privacy guarantees, can provide better quality analytics than current services, requires no new organizational players, and is practical to deploy. This paper describes and analyzes the design, gives performance benchmarks, and presents our implementation and deployment across several hundred users.

[1]  B. E. Eckbo,et al.  Appendix , 1826, Epilepsy Research.

[2]  Cynthia Dwork,et al.  Privacy, accuracy, and consistency too: a holistic solution to contingency table release , 2007, PODS.

[3]  Ranjita Bhagwan,et al.  Anonygator: Privacy and Integrity Preserving Data Aggregation , 2010, Middleware.

[4]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[5]  Moni Naor,et al.  Our Data, Ourselves: Privacy Via Distributed Noise Generation , 2006, EUROCRYPT.

[6]  Helen Nissenbaum,et al.  Adnostic: Privacy Preserving Targeted Advertising , 2010, NDSS.

[7]  David Wetherall,et al.  Detecting and Defending Against Third-Party Tracking on the Web , 2012, NSDI.

[8]  Dan Suciu,et al.  Boosting the accuracy of differentially private histograms through consistency , 2009, Proc. VLDB Endow..

[9]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[10]  Bing-Rong Lin,et al.  Towards an axiomatization of statistical privacy and utility , 2010, PODS.

[11]  Suman Nath,et al.  Privacy-aware personalization for mobile advertising , 2012, CCS.

[12]  Saikat Guha,et al.  Privad: Practical Privacy in Online Advertising , 2011, NSDI.

[13]  Paul Francis,et al.  Towards Statistical Queries over Distributed Private User Data , 2012, NSDI.

[14]  Mehdi Talebi,et al.  A new untraceable off-line electronic cash system , 2011, Electron. Commer. Res. Appl..

[15]  Frank McSherry,et al.  Privacy integrated queries: an extensible platform for privacy-preserving data analysis , 2009, SIGMOD Conference.

[16]  Martín Abadi,et al.  Differential privacy with information flow control , 2011, PLAS '11.

[17]  Michael J. Freedman,et al.  Collaborative, Privacy-Preserving Data Aggregation at Scale , 2010, Privacy Enhancing Technologies.

[18]  Elaine Shi,et al.  Privacy-Preserving Aggregation of Time-Series Data , 2011, NDSS.

[19]  Animesh Nandi,et al.  P3: A Privacy Preserving Personalization Middleware for recommendation-based services , 2011 .

[20]  Suman Nath,et al.  Differentially private aggregation of distributed time-series with transformation and encryption , 2010, SIGMOD Conference.

[21]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[22]  Masayuki Abe,et al.  How to Date Blind Signatures , 1996, ASIACRYPT.

[23]  Yitao Duan,et al.  P4P: Practical Large-Scale Privacy-Preserving Distributed Computation Robust against Malicious Users , 2010, USENIX Security Symposium.

[24]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[25]  Nina Mishra,et al.  Releasing search queries and clicks privately , 2009, WWW '09.

[26]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[27]  Dongdai Lin,et al.  A randomized RSA-based partially blind signature scheme for electronic cash , 2005, Comput. Secur..