Building a useful analytics system with strong anonymity is difficult. It is an iterative process: ideas are generated, flaws are discovered, and new ideas emerge in response.
Aircloak is dedicated to transparency. We openly publish our anonymization technology and encourage white-hat attacks on our system through our bounty program and free academic licenses. We allow our white-hat attackers to publish the attacks that they develop, and normally our attackers do this responsibly by publishing only after fixes are in place.
Early on, we decided to give our anonymization technology a name: Diffix. Our thinking was that the name would make it easier for the community to refer to and discuss the technology, in the same way people refer to Differential Privacy or K-Anonymity.
Unfortunately, this has led to growing confusion as to exactly what Diffix is. Because our anonymization technology evolves, the Diffix of two years ago is not the same as the Diffix of one year ago is not the same as Diffix today. Or course many key mechanisms have remained, such as sticky layered noise and low-count suppression, but other mechanisms have been added or replaced as the system improves.
To reduce confusion, we have moved to a version-based naming system. Instead of Diffix, we now have Diffix Aspen (published in June 2017), Diffix Birch (published in June 2018), and soon-to-be-published Diffix Cedar.
Note that Aircloak Insights’ version naming system will stay the same. Not all improvements to the product are results of changes in the anonymization approach: many are related to features, usability, performance and interface.
We believe this new naming will make everyone’s life easier when inspecting Aircloak’s approach, and as a side benefit it will make it more obvious to see the steps we’re taking continuously to keep our anonymization – and our customers data – safe.