Divvi Up: A privacy-respecting system for aggregate statistics

Take a look at this Divvi Up demo using Docker software and the command line.

Enforcing Privacy at Internet Scale

Use Cases

Metrics

Divvi Up can preserve user privacy while also collecting the application metrics needed to make product decisions.

Mozilla Firefox

Mozilla uses Divvi Up to collect metrics from users while preserving their privacy. Learn more about Divvi Up & Firefox.

Horizontal

Horizontal uses Divvi Up to collect telemetry in their sensitive applications at the intersection of technology, human rights, and justice. Learn more about Horizontal & Divvi Up.

Federated Machine Learning

Federated Learning is an emerging field of AI/ML and Divvi Up can help preserve user privacy when application developers train their models.

Flower Divvi Up Integration

A team of researchers sponsored by NLNet have built a prototype integrating Flower with Divvi Up's distributed secure aggregation system. Learn more about Flower & Divvi Up.

BUILT UPON AN EMERGING STANDARD

Always Open Source

All components of the Divvi Up system are open source and available on GitHub. Further, the core protocol, Distributed Aggregation Protocol (DAP), is on a path to become an Internet Engineering Task Force (IETF) standard co-developed by Internet Security Research Group (ISRG, best known known for Let's Encrypt), Cloudflare, and Mozilla.

ISRG

Divvi Up is built and operated by the Internet Security Research Group, the same nonprofit behind Let's Encrypt, the world's largest Certificate Authority providing free TLS certificates to 430 million websites.

Contact Our Team

If you have a use case for Divvi Up contact our team to learn more about a paid pilot or pricing on our production environments.

Privacy, Enforced by Technology

How Divvi Up Works

Learn about Divvi Up

A user-generated metric

Divvi Up works for any data that can be collected across a population, like telemetry, survey results, or many other scaled metrics collection use cases.

Divide the metric

Metrics are fed into a library where they’re divided into two shares (Divvied Up!). The shares are then encrypted locally, before any data leaves the device.

Two non-colluding servers

With two separate servers, each with only a partial share, it's impossible to deduce the whole metric. After validating the input, each server performs additional de-identification and aggregation.

Cryptographically-guaranteed privacy

Produce insights while protecting privacy

Divvi Up makes it possible to gain insights about your population of users without compromising individual privacy. Mitigate compliance risks, eliminate the need to store PII for telemetry, and respect your users’ privacy.

Why you should Divvi Up

Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries. Docker, Inc. and other parties may also have trademark rights in other terms used herein.