Dawn Song, a Berkeley computer-science professor and MacArthur fellow, is a fan of cloud computing. She also thinks it needs a major rethink. “The cloud and the internet have fundamentally changed our lives mostly for good,” she says. “But they have serious problems with privacy and security—users and companies lose control of their data.”

Outsourcing data storage and processing over the internet has given companies new flexibility and consumers the power to hail rides, find dates, and socialize from a slab of glass in their pocket. The same technologies have also enabled data theft, corporate prying on our personal lives, and new forms of election manipulation.

Song says her startup, Oasis Labs, can curtail some of those problems with the help of blockchains, the new form of cryptographically secured record-keeping inspired by the digital currency bitcoin. Oasis announced $45 million in funding this week, from a mixture of big Silicon Valley VC funds and cryptocurrency investors. Song and one of her cofounders have already tested some of their ideas by helping install new privacy safeguards at Uber, the ride-hailing unicorn whose troubled past includes security incidents.

Oasis Labs cofounders, left to right: chief privacy officer Noah Johnson, chief operating officer Bobby Jaros, chief executive Dawn Song, and chief technical officer Raymond Cheng. Elena Zhukova/Oasis Labs

In 2014, Uber was rocked by allegations that executives and employees spied on customer movements, using tools such as a map dubbed “God View.” Two years later, the company settled with New York state’s attorney general and promised to protect rider location data. Oasis grew in part from a 2017 project in which Song and two grad students, one of whom became a cofounder of the Berkeley startup, helped Uber add a more sophisticated privacy safety net.

The Berkeley researchers helped build and deploy an open source tool that limits how much employees can learn about individual customers by analyzing rider data. It’s based on a technique called differential privacy, designed to protect individuals’ identity even when data allegedly has been anonymized. It’s also used by Apple to collect data from iPhones without risking customer privacy. In Uber’s system, employees can query a database, for example, to summarize recent rides in a particular area. Behind the scenes, algorithms assess the risk that the request will leak information about individuals, and they inject random noise into the data to neutralize that risk. Ask about recent rides in a large city, and little or no noise will be needed; ask the same for a specific location, say the White House, and much more randomness will be added to obscure traces that might represent specific individuals.