2026-08-13 –, Room 5
We have long wanted to be able to count unique clients using Julia and various packages, but privacy concerns have prevented us from doing so. A new protocol combining two magical technologies—HyperLogLog cardinality estimation and RSA public key encryption—allows accurate estimation of client counts while provably preserving anonymity. This protocol, dubbed "HyperLogLog Over RSA" is now built into Julia's Pkg client, allowing us to finally get reliable client counts.
This talk walks through the problem of anonymous client counting, how having each client generate a unique random ID serves as a gold standard in terms of functionality but has terrible privacy properties. We introduce HyperLogLog, a brilliant technique for estimating cardinalities of unique values in small, fixed memory. It also provides a good first cut method for anonymous client counting, but has two major flaws:
- HLL has good privacy on average but some clients are uniquely identifiable—it is not uniformly anonymous.
- HLL values are trivially forgeable: a malicious client can arbitrarily inflate estimates with a fixed amount of effort.
We discuss how to address these two issues and incrementally arrive at a design where HyperLogLog values are randomly generated by each client in already encrypted form, so the client can neither decipher nor bias its HLL value. If this encrypted value were sent every time, it would uniquely identify a client, so a crucial trick of this protocol is that each client can randomize the value it sends in such a way that any two clients with the same HLL are indistinguishable, thereby preserving privacy. This is combined with "sharding" HLL values based on the package being requested, so that clients cannot be tracked across packages, and uniform anonymity is restored across packages.
Julia co-creator and JuliaHub/Dyad co-founder: https://juliahub.com