Divvi Up: A privacy-respecting system for aggregate statistics
Privacy, Enforced by Technology
How Divvi Up Works
A user-generated metric
Divvi Up works for any data that can be collected across a population, like telemetry, survey results, or many other scaled metrics collection use cases.
Divide the metric
Metrics are fed into a library where they’re divided into two shares (Divvied Up!). The shares are then encrypted locally, before any data leaves the device.
Two non-colluding servers
With two separate servers, each with only a partial share, it's impossible to deduce the whole metric. After validating the input, each server performs additional de-identification and aggregation.
Produce insights while protecting privacy
Divvi Up makes it possible to gain insights about your population of users without compromising individual privacy. Mitigate compliance risks, eliminate the need to store PII for telemetry, and respect your users’ privacy.
The Distributed Aggregation Protocol: A First-Time Editor's View of Writing Standards at the IETF
What we’ve learned and how we’ve evolved Divvi Up through the process of writing an Internet Standard in the IETF.Read more
A Year-End Letter from our Vice President
A summary of how ISRG’s three projects, Let’s Encrypt, Divvi Up, and Prossimo continue to improve security and privacy.Read more
Divvi Up is providing privacy-preserving metrics for Firefox
Firefox telemetry metrics will be collected in a privacy-preserving way with Divvi Up.Read more