1. BLENDER: Enabling Local Search with a Hybrid Differential Privacy Model 2017 DifferentialPrivacy Usenix
    Brendan Avent, Aleksandra Korolova, David Zeber, Torgeir Hovden, and Benjamin Livshits
    [View PDF on usenix.org]
    [Show BibTex Citation]

    @inproceedings {203630,
    author = {Brendan Avent and Aleksandra Korolova and David Zeber and Torgeir Hovden and Benjamin Livshits},
    title = {{BLENDER}: Enabling Local Search with a Hybrid Differential Privacy Model},
    booktitle = {26th {USENIX} Security Symposium ({USENIX} Security 17)},
    year = {2017},
    isbn = {978-1-931971-40-9},
    address = {Vancouver, BC},
    pages = {747--764},
    url = {https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/avent},
    publisher = {{USENIX} Association},

We propose a hybrid model of differential privacy that considers a combination of regular and opt-in users who desire the differential privacy guarantees of the local privacy model and the trusted curator model, respectively. We demonstrate that within this model, it is possible to design a new type of blended algorithm for the task of privately computing the most popular records of a web search log. This blended approach provides significant improvements in the utility of obtained data compared to related work while providing users with their desired privacy guarantees. Specifically, on two large search click data sets comprising 4.8 million and 13.2 million unique queries respectively, our approach attains NDCG values exceeding 95% across a range of commonly used privacy budget values.