there are obviously measures in place to ensure the added noise is statistically homogeneous. the changes don't affect the final aggregates significantly, just enough to avoid saying much *about any individual person*.

know how you can buy "anonymized" data from data brokers and drill down until it's not anonymous anymore and in many cases point to the exact person? differential privacy would prevent that kind of thing.

If someone actually wanted to achieve political objectives by tampering with census data, there are better means than tampering with homogeneous statistical fuzzing.

Not really, it has to be random in a predetermined fashion to be considered differential privacy. It is reversible in the way that someone shouting over an aicraft producing white noise is intelligible.

I guess someone could fiddle with the noise, but then why not nudge the originals? Or more insidiously, control what is published?