Abstract: In an example embodiment, a machine learning algorithm is used to train an engagement score model to calculate an engagement score for a particular member indicating a probability that the particular member would increase engagement with the social networking service if provided with statistical information about confidential data submitted by other members. Member usage information is obtained corresponding to a first member of a social networking service. Then a plurality of features are extracted from the member usage information corresponding to the first member. This plurality of features is inputted into the engagement model to obtain an engagement score for the first member. It is then determined whether or not to provide statistical information to the first member about confidential data submitted by other members based on the engagement score for the first member.

Abstract: In an example embodiment, a submission of confidential data is received from a user via a first computerized user interface. An identification of the user is obtained, and details regarding the submission are stored in a submission table. Then a request to display, to the user, statistical information derived from confidential data from users other than the user, is received from a second computerized user interface. Based on information stored in the submission table, a determination is made that the request to display, to the user, statistical information derived from confidential data from users other than the user should be granted. In response to the determining, the statistical information derived from confidential data from users other than the user is displayed via the second computerized user interface.

Abstract: In an example embodiment, an attribute interference model is trained by a machine learning algorithm to output missing attribute values from a member profile of a social networking service. In an attribute inference phase, an identification of a member of a social networking service is obtained. A member profile corresponding to the member of the social networking service is retrieved using the identification. The member profile is then passed to the attribute inference model to generate one or more missing attribute values for the member profile. A collection flow, defined in a user interface of a computing device, is modified based on the generated one or more missing attribute values, the collection flow defining a sequence of screens for collecting confidential data. The modified collection flow is then presented to the member in the user interface to collect confidential data from the member.

Abstract: In an example embodiment, a method for protecting against timestamp-based inference attacks in a computer system is provided. A timestamp corresponding to a time when confidential data is submitted to the computer system by a user is recorded. A modification value based on a frequency of submissions of confidential data to the computer system is selected. The timestamp is altered by adding the modification value to the timestamp.

Abstract: In an example embodiment, confidential data submitted by a user and one or more attributes of the user are obtained from one or more submission tables in a confidential information database. It is then determined that the one or more attributes of the user correspond to a first slice. In response to the determining, a count associated with the first slice is incremented. The count associated with the first slice is compared with a first threshold. In response to a determination that the count associated with the first slice transgresses the first threshold, the confidential data and the one or more attributes are added to a backend queue. Then, extraction, transformation, and loading (ETL) of the confidential data in the backend queue is performed and the confidential data is placed in an ETL table, in the confidential information database corresponding to the first slice.

Abstract: In an example embodiment, a submission of confidential data is received from a user. A first service is queried using an identification of the user to obtain a member profile corresponding to the user in a social networking service. One or more primary attribute values are identified from the member profile. The one of the primary attribute values are used to query a second service to obtain a derived attribute value corresponding to the one or more primary attribute values. The confidential data, one or more of the primary attribute values, and the derived attribute value are stored in a first submission table in a confidential information database. Then the one or more of the primary attribute values and the derived attribute value are used to classify the user into one or more slices.

Abstract: In an example embodiment, a method for protecting against confidential data-based inference attacks in a computer system is provided. A first confidential data value is received. Then a modification value is selected based on a level of privacy specified for the computer system. Then the first confidential data value is altered by adding the modification value to the first confidential data value.

Abstract: In an example embodiment, an attribute interference model is trained by a machine learning algorithm to output missing attribute values from a member profile of a social networking service. In an attribute inference phase, an identification of a member of a social networking service is obtained. A member profile corresponding to the member of the social networking service is retrieved using the identification. The member profile is then passed to the attribute inference model to generate one or more missing attribute values for the member profile. A collection flow, defined in a user interface of a computing device, is modified based on the generated one or more missing attribute values, the collection flow defining a sequence of screens for collecting confidential data. The modified collection flow is then presented to the member in the user interface to collect confidential data from the member.

Abstract: In an embodiment, a submission history table is maintained by tracking an identification of each user making a submission of a confidential data value and a timestamp of when the corresponding submission was made. A first confidential data value submission is received from a user having a first identification. Member usage information for the user having the first identification, are retrieved based on the first identification. The submission history table is referenced to determine a length of time since the user having the first identification last made a submission of confidential data. It is determined that the user having the first identification is not permitted to submit confidential information based on the member usage information and the length of time since the user having the first identification last made a submission of confidential data. In response to the determining, the first confidential data value is discarded.

Abstract: In an example embodiment, an attribute interference model is trained by a machine learning algorithm to output missing attribute values from a member profile of a social networking service. In an attribute inference phase, an identification of a member of a social networking service is obtained. A member profile corresponding to the member of the social networking service is retrieved using the identification. The member profile is then passed to the attribute inference model to generate one or more missing attribute values for the member profile. A collection flow, defined in a user interface of a computing device, is modified based on the generated one or more missing attribute values, the collection flow defining a sequence of screens for collecting confidential data. The modified collection flow is then presented to the member in the user interface to collect confidential data from the member.

Abstract: In an embodiment, a submission history table is maintained by tracking an identification of each user making a submission of a confidential data value and a timestamp of when the corresponding submission was made. A first confidential data value submission is received from a user having a first identification. Member usage information for the user having the first identification, are retrieved based on the first identification. The submission history table is referenced to determine a length of time since the user having the first identification last made a submission of confidential data. It is determined that the user having the first identification is not permitted to submit confidential information based on the member usage information and the length of time since the user having the first identification last made a submission of confidential data. In response to the determining, the first confidential data value is discarded.

Abstract: In an example embodiment, a method for protecting against incorrect confidential data values in a computer system is provided. A machine learning algorithm is used to train a confidential data value quality score based on metrics extracted from member profile and member usage information in a social networking service. The confidential data value quality score model is then used to output an estimated quality score for submitted confidential data values.

Abstract: In an example embodiment, a submission of confidential data is received from a user. Then, the confidential data is encrypted using a first public key generated as part of a first public key-first private key pair. The encrypted confidential data is stored in a first column of a first submission table in a confidential information database. An identification of the user is encrypted using a second public key different than the first public key, the second public key generated as part of a first public key-first private key pair. Then, the encrypted identification of the user is stored in a second submission table in the confidential information database. The first private key is provided to a first component to decrypt the confidential information, without providing the second private key to the first component.