List of implementations of differentially private analyses explained

Since the advent of differential privacy, a number of systems supporting differentially private data analyses have been implemented and deployed. This article tracks real-world deployments, production software packages, and research prototypes.

Real-world deployments

Name	Organization	Year Introduced	Notes	Still in use?
OnTheMap: Interactive tool for exploration of US income and commute patterns.[1] [2]	US Census Bureau	2008	First deployment of differential privacy	Yes
RAPPOR in Chrome Browser to collect security metrics[3] [4]	Google	2014	First widespread use of local differential privacy	No
Emoji analytics; analytics. Improve: QuickType, emoji; Spotlight deep link suggestions; Lookup Hints in Notes. Emoji suggestions, health type usage estimates, Safari energy drain statistics, Autoplay intent detection (also in Safari)[5]	Apple	2017		Yes
Application telemetry[6]	Microsoft	2017	Application usage statistics Microsoft Windows.	yes
Flex: A SQL-based system developed for internal Uber analytics[7] [8]	Uber	2017		Unknown
2020 Census[9]	US Census Bureau	2018		Yes
Audience Engagement API[10]	LinkedIn	2020		Yes
Labor Market Insights[11]	LinkedIn	2020		Yes
COVID-19 Community Mobility Reports[12]	Google	2020		Unknown
Advertiser Queries[13]	LinkedIn	2020
U.S. Broadband Coverage Data Set[14]	Microsoft	2021		Unknown
College Scorecard Website	IRS and Dept. of Education	2021		Unknown
Ohm Connect[15]	Recurve	2021
Live Birth Dataset[16] [17]	Israeli Ministry of Health	2024		Yes

Production software packages

These software packages purport to be usable in production systems. They are split in two categories: those focused on answering statistical queries with differential privacy, and those focused on training machine learning models with differential privacy.

Statistical analyses

Name	Developer	Year Introduced	Notes	Still maintained?
Google's differential privacy libraries[18]	Google	2019	Building block libraries in Go, C++, and Java; end-to-end framework in Go,.[19]	Yes
OpenDP[20]	Harvard, Microsoft	2020	Core library in Rust,[21] SDK in Python with an SQL interface.	Yes
Tumult Analytics[22]	Tumult Labs[23]	2022	Python library, running on Apache Spark.	Yes
PipelineDP[24]	Google, OpenMined[25]	2022	Python library, running on Apache Spark, Apache Beam, or locally.	Yes
PSI (Ψ): A Private data Sharing Interface	Harvard University Privacy Tools Project.[26]	2016		No
TopDown Algorithm[27]	United States Census Bureau	2020	Production code used in the 2020 US Census.	No

Machine learning

Name	Developer	Year Introduced	Notes	Still maintained?
Diffprivlib[28]	IBM[29]	2019	Python library.	Yes
TensorFlow Privacy[30] [31]	Google	2019	Differentially private training in TensorFlow.	Yes
Opacus[32]	Meta	2020	Differentially private training in PyTorch.	Yes

Research projects and prototypes

Name	Citation	Year Published	Notes
PINQ: An API implemented in C#.	[33]	2010
Airavat: A MapReduce-based system implemented in Java hardened with SELinux-like access control.	[34]	2010
Fuzz: Time-constant implementation in Caml Light of a domain-specific language.	[35]	2011
GUPT: Implementation of the sample-and-aggregate framework.	[36]	2012
\epsilon KTELO: A framework and system for answering linear counting queries.	[37]	2018

See also

• Differential Privacy
• Secure multi-party computation

References

1. Web site: OnTheMap. onthemap.ces.census.gov. 29 March 2023.
2. Book: Machanavajjhala . Ashwin . Kifer . Daniel . Abowd . John . Gehrke . Johannes . Vilhuber . Lars . 2008 IEEE 24th International Conference on Data Engineering . Privacy: Theory meets Practice on the Map . 277–286 . April 2008 . 10.1109/ICDE.2008.4497436. 978-1-4244-1836-7 . 5812674 .
3. Web site: Erlingsson . Úlfar . Learning statistics with privacy, aided by the flip of a coin .
4. Book: Erlingsson . Úlfar . Pihur . Vasyl . Korolova . Aleksandra . Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security . RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response . November 2014 . 1054–1067 . 10.1145/2660267.2660348. 2014arXiv1407.6981E . 1407.6981 . 9781450329576 . 6855746 .
5. Differential Privacy Team . Learning with Privacy at Scale . Apple Machine Learning Journal . December 2017 . 1 . 8 .
6. Ding . Bolin . Kulkarni . Janardhan . Yekhanin . Sergey . Collecting Telemetry Data Privately . 31st Conference on Neural Information Processing Systems . December 2017 . 3574–3583. 2017arXiv171201524D . 1712.01524 .
7. Web site: Tezapsidis . Katie . Uber Releases Open Source Project for Differential Privacy . Jul 13, 2017.
8. Johnson . Noah . Near . Joseph P. . Song . Dawn . Towards Practical Differential Privacy for SQL Queries . Proceedings of the VLDB Endowment . January 2018 . 11 . 5 . 526–539 . 10.1145/3187009.3177733. 1706.09479 .
9. Book: Abowd . John M. . Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining . The U.S. Census Bureau Adopts Differential Privacy . August 2018 . 2867 . 10.1145/3219819.3226070. 9781450355520 . https://digitalcommons.ilr.cornell.edu/ldi/49 . 1813/60392 . 51711121 . free .
10. 2002.05839 . Rogers . Ryan . Subramaniam . Subbu . Peng . Sean . Durfee . David . Lee . Seunghyun . Santosh Kumar Kancha . Sahay . Shraddha . Ahammad . Parvez . LinkedIn's Audience Engagements API: A Privacy Preserving Data Analytics System at Scale . 2020 . cs.CR .
11. 2010.13981 . Rogers . Ryan . Adrian Rivera Cardoso . Mancuhan . Koray . Kaura . Akash . Gahlawat . Nikhil . Jain . Neha . Ko . Paul . Ahammad . Parvez . A Members First Approach to Enabling LinkedIn's Labor Market Insights at Scale . 2020 . cs.CR .
12. 2004.04145 . Aktay . Ahmet . Bavadekar . Shailesh . Cossoul . Gwen . Davis . John . Desfontaines . Damien . Fabrikant . Alex . Gabrilovich . Evgeniy . Gadepalli . Krishna . Gipson . Bryant . Guevara . Miguel . Kamath . Chaitanya . Kansal . Mansi . Lange . Ali . Mandayam . Chinmoy . Oplinger . Andrew . Pluntke . Christopher . Roessler . Thomas . Schlosberg . Arran . Shekel . Tomer . Vispute . Swapnil . Vu . Mia . Wellenius . Gregory . Williams . Brian . Royce J Wilson . Google COVID-19 Community Mobility Reports: Anonymization Process Description (Version 1.1) . 2020 . cs.CR .
13. 2002.05839. Rogers. Ryan. Subbu. Subramaniam. Sean. Peng. David. Durfee. Seunghyun. Lee. Santosh Kumar. Kancha. Shraddha. Sahay. Parvez. Ahammad. LinkedIn's Audience Engagements API: A Privacy Preserving Data Analytics System at Scale. 2020. cs.CR .
14. 2103.14035 . Pereira . Mayana . Kim . Allen . Allen . Joshua . White . Kevin . Juan Lavista Ferres . Dodhia . Rahul . U.S. Broadband Coverage Data Set: A Differentially Private Data Release . 2021 . cs.CR .
15. Web site: EDP. EDP. 29 March 2023.
16. 2405.00267. Hod. Shlomi. Canetti. Ran. Differentially Private Release of Israel's National Registry of Live Births. 2024. cs.CR .
17. Web site: Live Birth Dataset (Hebrew). data.gov.il. 2 May 2024.
18. Web site: Google's differential privacy libraries . . 3 February 2023 .
19. Web site: Differential-privacy/Privacy-on-beam at main · google/Differential-privacy . .
20. Web site: OpenDP. opendp.org. 29 March 2023.
21. Web site: OpenDP Library . .
22. Web site: Tumult Analytics. www.tmlt.dev. 29 March 2023.
23. Web site: Tumult Labs | Privacy Protection Redefined. www.tmlt.io. 29 March 2023.
24. Web site: PipelineDP. pipelinedp.io. 29 March 2023.
25. Web site: OpenMined. www.openmined.org. 29 March 2023.
26. Web site: Gaboardi . Marco . Honaker . James . King . Gary . Nissim . Kobbi . Ullman . Jonathan . Vadhan . Salil . Murtagh . Jack . PSI (Ψ): a Private data Sharing Interface . June 2016.
27. Web site: DAS 2020 Redistricting Production Code Release . . 22 June 2022 .
28. Web site: Diffprivlib v0.5 . . 17 October 2022 .
29. 1907.02444 . Holohan . Naoise . Braghin . Stefano . Pól Mac Aonghusa . Levacher . Killian . Diffprivlib: The IBM Differential Privacy Library . 2019 . cs.CR .
30. Web site: Radebaugh . Carey . Erlingsson . Ulfar . Introducing TensorFlow Privacy: Learning with Differential Privacy for Training Data . March 6, 2019.
31. Web site: TensorFlow Privacy . GitHub. 2019-08-09.
32. Web site: Opacus · Train PyTorch models with Differential Privacy. opacus.ai. 29 March 2023.
33. McSherry . Frank . Privacy integrated queries . Communications of the ACM . 1 September 2010 . 53 . 9 . 89–97 . 10.1145/1810891.1810916 . 52898716 .
34. Roy . Indrajit . Setty . Srinath T.V. . Kilzer . Ann . Shmatikov . Vitaly . Witchel . Emmett . Airavat: Security and Privacy for MapReduce . Proceedings of the 7th Usenix Symposium on Networked Systems Design and Implementation (NSDI) . April 2010 .
35. Haeberlen . Andreas . Pierce . Benjamin C. . Narayan . Arjun . Differential Privacy Under Fire . 20th USENIX Security Symposium . 2011.
36. Book: Mohan . Prashanth . Thakurta . Abhradeep . Shi . Elaine . Elaine Shi . Song . Dawn . Culler . David E. . GUPT: Privacy Preserving Data Analysis Made Easy . Proceedings of the 2012 ACM SIGMOD International Conference on Management of Data . 349–360 . 10.1145/2213836.2213876. 2135755 .
37. Book: Zhang . Dan . McKenna . Ryan . Kotsogiannis . Ios . Hay . Michael . Machanavajjhala . Ashwin . Miklau . Gerome . Proceedings of the 2018 International Conference on Management of Data . EKTELO: A Framework for Defining Differentially-Private Computations . June 2018 . 115–130 . 10.1145/3183713.3196921. 1808.03555 . 9781450347037 . 5033862 .