An API engine that enables secure data aggregation and analysis using homomorphic encryption.
Create your own survey, generate a participation link, and download the access file for decryption.
Upload your access file to decrypt and analyze the aggregated survey results.
Traditional web-service surveys collect responses from users, which are then aggregated and analyzed by the service provider in cleartext. This means that responses are at risk of misuse by the provider, with only organizational policies as a deterrent. An "Encrypted Survey" addresses this issue by encrypting responses using homomorphic encryption, allowing the provider to aggregate and analyze data without accessing individual answers. This ensures user privacy while still enabling meaningful data analysis. The current implementation is highly experimental (including the homomorphic encryption part) and is intended only to demonstrate the concept. It is not suitable for production use, as it does not yet address all privacy concerns and has several limitations.
Currently, it is not possible to encrypt free-text responses or other auxiliary data (such as user IDs, timestamps, etc.). While individual responses are encrypted, the provider can still access and analyze auxiliary data, which may contain sensitive information. This is a limitation of the current implementation, but future versions will introduce mechanisms for encrypting auxiliary data and free-text responses. For a solution to be scalable for millions of there is some brainstorming to be done, and we are open to suggestions. The current implementation is designed to handle simple surveys with fixed options, such as multiple-choice questions, but it does not yet support more complex survey structures.
While the confidentiality of responses is preserved, the survey creator still has access to the aggregated results. This means that, although individual responses are protected, aggregate results can still leak information about individual answers. This can (and will) be addressed in the future with output privacy mechanisms. Even without these, encrypted surveys are a significant improvement over traditional surveys, as they prevent the provider from accessing individual responses.
Even if response confidentiality and output privacy are ensured, metadata privacy remains an issue. This includes information such as the number of responses, submission times, and other potentially sensitive data that could be used to infer information about respondents. The current implementation does not address this, but future development will consider optional data contribution mechanisms over Tor and evaluate other proxy-related solutions, such as OHTTP (Oblivious HTTP) or similar protocols, to enhance metadata privacy.