tree: 67d368bd5cd8d627d7c5ea68dea77ff172c062ae [path history] [tgz]
  1. bin/
  2. BUILD.gn
  3. METADATA.textproto
  4. OWNERS
  5. README.md
src/cobalt/README.md

Cobalt: Telemetry with built-in privacy

Overview

Cobalt is a pipeline for collecting metrics data from user-owned devices in the field and producing aggregated reports.

Cobalt includes a suite of features for preserving user privacy and anonymity while giving product owners the data they need to improve their products.

  • Local Differential Privacy. If you enable it, Cobalt can add random noise on the client during metrics collection.
  • Shuffling. Our pipeline shuffles the collected records to break linkability. This also amplifies the level of differential privacy.
  • No IDs. Cobalt does not use device IDs or user IDs; not even pseudonymous IDs.
  • No exact timestamps. Cobalt uses day indices only.
  • Only standard metric types. Not arbitrary protocol buffers.
  • No ad-hoc, post-facto querying. Whereas on other telemetry systems standard practice is to “collect now; ask questions later”, with Cobalt the analyst must think in advance about what aggregations they wish to report and predeclare reports.
  • Only aggregated data is released. It is not possible to query the raw collected data.

Cobalt Core

The code in the Git repo at https://fuchsia.googlesource.com/cobalt is known as Cobalt Core. Cobalt Core contains the main client-side logic for Cobalt. Cobalt Core gets pulled into a Fuchsia checkout at //third_party/cobalt.

Cobalt on Fuchsia

This directory contains an embedding of Cobalt into the Fuchsia OS. The primary components are: