Firefox is deploying Prio, a privacy-preserving framework that lets browsers track aggregate data without being able to separate out individual values. Prio was developed by Cyber Initiative co-Director Dan Boneh and CS graduate student Henry Corrigan-Gibbs. Read more about Prio here: page
Prio aggregates flow
tl;dr The basic insight behind Prio is that for most purposes we don’t need to collect individual data, but rather only aggregates.
Prio, which is in the public domain, lets Mozilla collect aggregate data without collecting anyone’s individual data. It does this by having the browser break the data up into two “shares”, each of which is sent to a different server. Individually the shares don’t tell you anything about the data being reported, but together they do. Each server collects the shares from all the clients and adds them up. If the servers then take their sum values and put them together, the result is the sum of all the users’ values. As long as one server is honest, then there’s no way to recover the individual values.