Whats the Gist? Privacy-Preserving Aggregation of User Profiles


Event Esorics


Igor Bilogrevic
Julien Freudiger
Emiliano De Cristofaro
Ersin Uzun
Technical Publications
September 7th 2014
Online service providers gather increasingly large amounts of personal data into user profiles and monetize them with advertisers and data brokers. Users have little control of what information is processed and face an all-or-nothing decision between receiving free services or refusing to be profiled. This paper explores an alternative approach where users only disclose an aggregate model -- the ``gist'' -- of their data. The goal is to preserve data utility and simultaneously provide user privacy. We show that this approach is practical and can be realized by letting users contribute encrypted and differentially-private data to an aggregator. The aggregator combines encrypted contributions and can only extract an aggregate model of the underlying data. In order to dynamically assess the value of data aggregates, we use an information-theoretic measure to compute the amount of ``valuable'' information provided to advertisers and data brokers. We evaluate our framework on an anonymous dataset of 100,000 U.S. users obtained from the U.S. Census Bureau and show that (i) it provides accurate aggregates with as little as 100 users, (ii) it generates revenue for both users and data brokers, and (iii) its overhead is appreciably low.


Bilogrevic, I.; Freudiger, J.; De Cristofaro, E.; Uzun, E. Whats the Gist? Privacy-Preserving Aggregation of User Profiles. Esorics, 2014.

Additional information

Focus Areas

Our work is centered around a series of Focus Areas that we believe are the future of science and technology.

Licensing & Commercialization Opportunities

We’re continually developing new technologies, many of which are available for¬†Commercialization.


PARC scientists and staffers are active members and contributors to the science and technology communities.