Skip to main content

Divvi Up

Divvi Up is a privacy-preserving measurement system (privacy-preserving analytics) that enables organizations to compute aggregate statistics over user events without collecting raw user data.

  • Distributed aggregation of client event data using a multi-party computation design (privacy-preserving analytics).
  • Client–server protocol for encoding, encrypting, and submitting measurements from end-user applications (data collection protocol).
  • Verifier and aggregator roles split across independent entities to prevent exposure of individual user reports (security architecture).
  • Support for computing aggregate metrics such as counts and histograms over large populations with per-user privacy protection (statistical measurement).
  • Service and ecosystem operated by the Internet Security Research Group with integration options for application and platform developers (cloud service / integration platform).

More About Divvi Up

Divvi Up is a privacy-preserving measurement system (privacy-preserving analytics) developed under the Internet Security Research Group and presented as a service for organizations that need aggregate telemetry about user behavior without collecting identifiable or linkable per-user data. It targets use cases where enterprises, nonprofits, and public-interest projects require usage statistics for product decisions, performance monitoring, or policy evaluation while aligning with strict privacy constraints.

The core design of Divvi Up uses a distributed aggregation model (multi-party computation) in which individual client reports are encrypted and then split across at least two independent aggregators. Each aggregator receives only a share of the encrypted data, and the system protocol is structured so that no individual party can reconstruct a user’s raw measurement. Only aggregated statistics, such as totals or histograms, are revealed at the end of the computation. This model fits into categories such as privacy-preserving telemetry, federated-style analytics, and secure aggregation infrastructure.

On the client side, Divvi Up defines a protocol and libraries (client Software Development Kit (SDK) / data collection) that applications can use to encode measurement events, apply cryptographic protections, and send them to the aggregators. Typical integration points are mobile apps, web applications, and other networked software that need to report events like feature usage, configuration opt-ins, or performance signals. The client never sends plaintext event data directly to a single central server; instead, it participates in the Divvi Up protocol that prepares reports suitable for distributed aggregation.

On the server side, the system is structured around roles for “helper” and “leader” aggregators (aggregation service). These entities receive encrypted report shares, perform partial aggregations, and coordinate to compute the final aggregate outputs. The design assumes that aggregators are run by separate organizations or trust domains so that collusion is constrained by governance and operational separation. The outputs can then be delivered to relying parties such as product teams, analytics pipelines, or dashboards that only need aggregated values.

For enterprise and institutional environments, Divvi Up provides a way to collect metrics in sectors where privacy regulations and organizational policies restrict traditional analytics models. Organizations can use the service to obtain usage statistics without retaining raw identifiers or event logs. Divvi Up fits into observability and analytics stacks as an upstream telemetry source where queries are at the level of pre-defined metrics rather than arbitrary event-level analysis. It intersects with technical domains that include applied cryptography, Secure Multi-Party Computation (SMPC), privacy engineering, and networked telemetry systems.

The project is operated under the broader A Better Internet initiative of ISRG, which also encompasses other security and privacy infrastructure efforts. Divvi Up is positioned as shared measurement infrastructure (privacy-preserving analytics / security infrastructure) that multiple organizations can use rather than each building proprietary systems. Its architectural model is oriented toward interoperability: applications integrate with a consistent protocol and service endpoints, while independent operators can participate as aggregators under the protocol rules. For technical stakeholders, Divvi Up represents a concrete option when cataloging tools in categories such as privacy-preserving telemetry services, secure aggregation platforms, and privacy-first measurement frameworks.