I crafted a strategy to beat the high score at a game based on differential privacy. It should have been harder to beat, though…

A quick look at three papers who use neat tricks to boost the utility of simple DP operations.

Many real-world DP deployments use privacy parameters that can seem unconvincing. Should we be worried?

This post contains the slides and transcript of a talk about empirical privacy metrics that I delivered at PEPR in June 2024.

A small collection of interactive converters between differential privacy variants.

A quick look at a new paper poking at empirical privacy metrics for ML models.

This post contains the slides and transcript for an invited talk I delivered at AnoSiDat in April 2024.

A simple introduction to an essential building block for differential privacy: how to select a value among many.

A guide listing common privacy-enhancing technologies, and delineating between which problem each one solves.

An overview of legacy techniques used to anonymize data, how they fail, and what we can learn from these failures.

Some data publication or sharing use cases are well-suited to the use of differential privacy, while some aren’t. In this blog post, we give a litmus test allowing you to quickly distinguish between the two.

What happens to differential privacy if you model a weaker adversary with only partial knowledge over the input data?

This post contains the slides and speaker notes for an invited talk I delivered at PPAI-22.

Averaging the privacy loss random variable across outputs can be useful: introducing Rényi DP, and zero-concentrated DP.

A list of practical deployments of differential privacy, along with their privacy parameters.

An introduction and table of contents for my beginner-friendly blog post series about differential privacy.

I'm joining Tumult Labs, a startup focused on differential privacy. Here's why I'm excited about it!

Your data was already noisy before I got a chance to add noise to it! Here's why you shouldn't panic, and also what you should do about it.

A few generic pieces of advice on how to get better utility out of your differentially private aggregations.

The US Census is moving to differential privacy, after running a successful privacy attack on their 2010 release. Let's look at this attack in more detail!

What does it mean for an algorithm to not be differentially private?

A story of false hopes, perseverance, pain, and futility.

Why is Gaussian noise a popular choice to make statistics and machine learning models differentially private?

What does \(\delta\) really mean in \((\varepsilon,\delta)\)-differential privacy? Let's explain this using a central concept: the privacy loss random variable.

A list of papers to check out to learn more about differential privacy.

Besides having a super cool job title, what is it like being a privacy engineer?

Differential privacy is used in two very distinct contexts. Come learn about the distinction between the two, and interesting new directions that combine them!

You can't both remember unique individuals and not remember them. Shocking, right? :D

Publishing histograms without knowing the categories in advance: introducing (ε,δ)-differential privacy.

How I contribute to a healthier model of scientific publishing.

How to add differentially private magic to your statistics, in the easy cases: counts, sums, averages, histograms…

I got this question many times. So I thought I'd answer it, along with other frequent questions about this arrangement.

Why does differential privacy work so well? Let's look at it more closely.

A high-level, non-technical explanation of differential privacy and its advantages.

δ-presence is a privacy notion which captures a different attack model than what we've previously seen. Let's understand why yet another definition is necessary, and what the solution looks like!

l-diversity is the first famous attempt at considering stronger attack models than simply reidentification attacks. Let's see how it works, and which flaws of k-anonmyity it fixes!

A short review of Crash Override, by Zoë Quinn. tl;dr: you should read it, especially if you're building tech products or working in tech policy.

Weakening k-anonymity, really? This sounds weird, but this can actually be quite reasonable. Let's learn why!

A short review of Twitter and Tear Gas: The Power and Fragility of Networked Protest, by Zeynep Tufekci. tl;dr: you should read it, especially if you participate in activist movements.

Know the difference. It probably won't save your life, but it can certainly avoid you saying nonsensical things on the Internet.

How a privacy researcher proved a politician wrong, and how she created the first ever definition of anonymity in the process.

Blog intro. What's going to be there?