How does the "coin flip" (randomized response) protocol let people answer a sensitive yes/no question privately?
Each person flips a coin: heads → answer truthfully; tails → flip again and answer randomly. The server gets noisy answers but can't trust any single one.
* Randomized response: the coin-flip branches that make any single answer deniable. *
For a sensitive question (e.g. "Have you used AI tools for coursework?"), instead of sending your true answer, your device runs a protocol:
- Heads (50%) → send your true answer.
- Tails (50%) → flip a second coin: heads → "No", tails → "Yes" (a random answer).
So the server receives: 50% true answers, 25% random "Yes", 25% random "No". Any individual "Yes" might just be the result of random coins, not their real behaviour. This technique is randomized response (Warner, 1965) — the foundation of local differential privacy.
Tip: The noise is added before the data ever leaves your device, so you never have to trust the server with your true answer. That's "local" DP.
Go deeper:
Randomized response (Wikipedia) — Warner's 1965 survey method, the mechanism the coin-flip story is built on.