Ted is writing things

On privacy, research, and privacy research.

All posts

Empirical privacy metrics: the bad, the ugly… and the good, maybe?

This post contains the slides and transcript for an talk about empirical privacy metrics I delivered at PEPR in June 2024.

Converters between differential privacy variants

A small collection of interactive converters between differential privacy variants.

Paper highlight: Evaluations of Machine Learning Privacy Defenses are Misleading

A quick look at a new paper poking at empirical privacy metrics for ML models.

Five stages of accepting provably robust anonymization

This post contains the slides and transcript for an invited talk I delivered at AnoSiDat in April 2024.

Choosing things privately with the exponential mechanism

A simple introduction to an essential building block for differential privacy: how to select a value among many.

Mapping privacy-enhancing technologies to your use cases

A guide listing common privacy-enhancing technologies, and delineating between which problem each one solves.

What anonymization techniques can you trust?

An overview of legacy techniques used to anonymize data, how they fail, and what we can learn from these failures.

Is differential privacy the right fit for your problem?

Some data publication or sharing use cases are well-suited to the use of differential privacy, while some aren’t. In this blog post, we give a litmus test allowing you to quickly distinguish between the two.

Research post: Differential privacy under partial knowledge

What happens to differential privacy if you model a weaker adversary with only partial knowledge over the input data?

A bottom-up approach to making differential privacy ubiquitous

This post contains the slides and speaker notes for an invited talk I delivered at PPAI-22.

Averaging risk: Rényi DP & zero-concentrated DP

Averaging the privacy loss random variable across outputs can be useful: introducing Rényi DP, and zero-concentrated DP.

A list of real-world uses of differential privacy

A list of practical deployments of differential privacy, along with their privacy parameters.

A friendly, non-technical introduction to differential privacy

An introduction and table of contents for my beginner-friendly blog post series about differential privacy.

Joining Tumult Labs

I'm joining Tumult Labs, a startup focused on differential privacy. Here's why I'm excited about it!

Don't worry, your data's noisy

Your data was already noisy before I got a chance to add noise to it! Here's why you shouldn't panic, and also what you should do about it.

Getting more useful results with differential privacy

A few generic pieces of advice on how to get better utility out of your differentially private aggregations.

Demystifying the US Census Bureau's reconstruction attack

The US Census is moving to differential privacy, after running a successful privacy attack on their 2010 release. Let's look at this attack in more detail!

Why not differential privacy?

What does it mean for an algorithm to not be differentially private?

Converting my PhD thesis into HTML

A story of false hopes, perseverance, pain, and futility.

The magic of Gaussian noise

Why is Gaussian noise a popular choice to make statistics and machine learning models differentially private?

The privacy loss random variable

What does \(\delta\) really mean in \((\varepsilon,\delta)\)-differential privacy? Let's explain this using a central concept: the privacy loss random variable.

A reading list on differential privacy

A list of papers to check out to learn more about differential privacy.

« What does a privacy engineer do, anyway? »

Besides having a super cool job title, what is it like being a privacy engineer?

Local vs. central differential privacy

Differential privacy is used in two very distinct contexts. Come learn about the distinction between the two, and interesting new directions that combine them!

Research post: Cardinality Estimators do not Preserve Privacy

You can't both remember unique individuals and not remember them. Shocking, right? :D

Almost differential privacy

Publishing histograms without knowing the categories in advance: introducing (ε,δ)-differential privacy.

Personal open access policy

How I contribute to a healthier model of scientific publishing.

Differential privacy in practice (easy version)

How to add differentially private magic to your statistics, in the easy cases: counts, sums, averages, histograms…

« So, how does your part-time PhD arrangement actually work? »

I got this question many times. So I thought I'd answer it, along with other frequent questions about this arrangement.

Differential privacy in (a bit) more detail

Why does differential privacy work so well? Let's look at it more closely.

Why differential privacy is awesome

A high-level, non-technical explanation of differential privacy and its advantages.

δ-presence, for when being in the dataset is sensitive

δ-presence is a privacy notion which captures a different attack model than what we've previously seen. Let's understand why yet another definition is necessary, and what the solution looks like!

l-diversity, because reidentification doesn't tell the whole story

l-diversity is the first famous attempt at considering stronger attack models than simply reidentification attacks. Let's see how it works, and which flaws of k-anonmyity it fixes!

Book review: Crash Override

A short review of Crash Override, by Zoë Quinn. tl;dr: you should read it, especially if you're building tech products or working in tech policy.

k-map, the weird cousin of k-anonymity

Weakening k-anonymity, really? This sounds weird, but this can actually be quite reasonable. Let's learn why!

Book review: Twitter and Tear Gas

A short review of Twitter and Tear Gas: The Power and Fragility of Networked Protest, by Zeynep Tufekci. tl;dr: you should read it, especially if you participate in activist movements.

Biometrics: authentication or identification?

Know the difference. It probably won't save your life, but it can certainly avoid you saying nonsensical things on the Internet.

k-anonymity, the parent of all privacy definitions

How a privacy researcher proved a politician wrong, and how she created the first ever definition of anonymity in the process.


Blog intro. What's going to be there?

All opinions here are my own, not my employer's.   |   Feedback on these posts is very welcome! Please reach out via e-mail (se.niatnofsed@neimad) or Twitter (@TedOnPrivacy) for comments and suggestions.   |   Interested in deploying formal anonymization methods? My colleagues and I at Tumult Labs can help. Contact me at oi.tlmt@neimad, and let's chat!