I've developed a real-time mood tracker called MoodMap that focuses on privacy and global performance. The primary goals are to collect data anonymously from around 190 countries while ensuring zero Personally Identifiable Information (PII) storage, maintaining low latency across the globe, and keeping costs low as I'm currently using a free tier.
My high-level approach includes deploying at the edge for data ingestion, implementing ephemeral session logic without persistent identities, using a minimal data model that captures categorical inputs along with timestamps, and aggregating geographic data before storage.
For privacy and security, I've opted for strict measures like no cookies, no user accounts, no client-side tracking, temporary anti-spam fingerprinting, anonymization at the ingestion point, and rate limiting at multiple levels.
I'm looking for advice on a few questions: Are there any obvious risks of deanonymization? What could be better methods to prevent spam without relying on user identities? Is edge ingestion the right choice in this scenario? And how can I effectively manage real-time data aggregation globally? I'd love to hear your thoughts and learn from those who've tackled similar projects.
2 Answers
Interesting project, definitely a non-trivial build! You’re spot on about the complexity of architectural choices between latency and isolation. Share more about that if you can; it'd help generate more useful insights!
What a fantastic project! I really admire your focus on privacy and a minimalist approach. Edge ingestion can be beneficial for rate limiting and preventing abuse chats, but you might also want to think about the specifics of performance since the data packets are tiny. Caution is key when it comes to deanonymization risks, especially if you’re using small geographic or time buckets—low counts could unintentionally reveal identities. Consider applying minimum thresholds or k-anonymity techniques to address this. Regarding spam, using short-lived tokens or batching events together can save costs and streamline your process. Overall, keeping it minimal seems like the right call for your type of application.
Thanks so much for the insightful feedback! I hadn’t thought deeply about the k-anonymity challenge you mentioned, but it makes sense. I’m currently only aggregating by country, but I can see how low submissions might expose trends. Your idea for batching is brilliant too—avoiding per-event writes could definitely save on resources. Appreciate it!
Glad you liked the feedback! Yes, with little to no city data, I think focusing on thresholds is key. Exploring how we batch could be a game-changer!
Thanks! I'd be happy to dive deeper into those details. What specific aspects are you most interested in?