Secret sharing is a method for maintaining the security of data that involves breaking up a piece of information into specially formulated parts. That way, if someone gets hold of only one part, they learn nothing about the original piece of information.
Prio uses secret sharing to break individual data points—such as whether you chose to change your browser homepage from the default setting—into secret shares and then sends those to two different servers. Even if an attacker is able to take over one of the two servers, the attacker still cannot recover any individual’s data point.
To produce the aggregate value of interest, the servers each sum up their shares and then exchange these sums. By combining the sums, the servers can learn the final aggregate statistic—what percent of people changed their browser homepage from the default—without leaking any other information about the individual pieces of information involved.