Our CompEd 2025 paper describes the problem solved by these tools.
In brief, the tools allow a researcher to run a classroom study in a class taught by a (different) instructor, in which students give voluntary consent for their data to be used but with the assurance that their decision whether to consent cannot possibly affect their grade in the class.
In particular, the tools allow submitting and retrieving classroom-based research study data such that:
- The instructor of the course never learns who consented, even after the course ends
- The researcher has access to student data, but cannot link data to any particular student's true identity
- No one other than the researcher or instructor has access to any of the data
There are three files in html_forms/, each containing a single form for a different task:
researcher.html- The form to create an "experiment" as a researcher. This form generates a private key and a "passcode" (a shared secret combined with the public key).facilitator.html- The form to upload data as an instructor (or 'facilitator'). This form requires the passcode generated fromresearcher.html.analyzer.html- The form to download pseudonymized data. This form requires the private key generated fromresearcher.html.
Note: All of the above forms require a common endpoint URL and experiment name
We host an endpoint serving both these forms and the backend code at https://anonymization.nelson-lojo.workers.dev/:
researcher.htmlfacilitator.htmlanalyzer.html- Backend: https://anonymization.nelson-lojo.workers.dev/experiment
The below scripts are configured:
npm run dev # serve the application locally for debugging
npm run provision # provision a worker and KV store
npm run deploy # deploy code and forms to cloudflare workers