„Mo‘ Data Mo‘ Problems“: Cliqz and Mozilla talk about data privacy

Munich-based Cliqz GmbH and Mozilla have launched a joint series of events on data protection, online security and web technology. Anyone who is interested is free to register and participate. The first Meetup titled “Mo’ Data Mo’ Problems” took place at the Munich premises of the Start-up Accelerators Wayra last night and covered unsafe US cars, Frankenstein’s monster, and secret trackers on the web.

Jean Paul Schmetz, founder and CEO of Cliqz, started with a round of Powerpoint-Karaoke. Last-minute, he jumped in for Co-CEO Marc Al-Hames, who was down with the flu. Schmetz explained the dangers with which Internet users are confronted every day to an audience of about 400 people on the ground and connected via Livestream. He drew a comparison with the US automobile industry who introduced a fancy-style car to the market in the 1960s named Chevrolet Corvair However, due to the bad design of the chassis the car was almost impossible to control. After numerous fatal accidents, the consumer protection attorney Ralph Nader accused the Corvair in his book “Unsafe at Any Speed” of a “dangerous driving behavior”. Just like the US car makers did not worry about the security of their customers, many online providers today do not take care of the security and privacy of their users, Schmetz said. The main reason for this is that data drives money, because data-driven ads are much more successful than others. User profiles are therefore the currency of the Internet.

According to Cliqz’s study “Tracking the Trackers“, on almost a quarter of German websites there are more than ten third-party trackers who track user activities on the web to create comprehensive user profiles and to deliver targeted advertising. Among the largest tracker operators in Germany are Google, Facebook, AppNexus, Criteo and Amazon. Their tracking scripts also hide on banking or clinic pages to some extend. Facebook uses social media buttons, cookie tracking and plug-ins to even collect data from non-users on third-party websites. This can become dangerous since only a handful of data about which websites a person has visited is sufficient to clearly identify them. Internet users have practically no chance to protect themselves from the omnipresent data collection by trackers – there is no possibility to opt-out.

Web site operators and app developers are often unaware that they share their users’ data with third parties when they integrate this kind of tracking services into their pages or apps. Konark Modi, software engineer at Cliqz, raised the question: “How can we stop data from becoming Frankenstein’s Monster?” Stop collecting data altogether can not be the solution, because every provider needs some data to improve the user experience, for example. Therefore, the mindset must change in the way data is collected.

One approach is to move data aggregation from the server to the client side, i.e. to the user’s device. In this way the user keeps full control of his data. At the same time, there is no longer the risk that hackers or authorities can access databases with millions of user profiles. Following the Privacy by Design principle, Cliqz uses this type of client-side data aggregation for its browser, for complex systems such as its search engine, anti-tracking or anti-phishing. Following the same principles, it even developed an Google-Analytics-like analytics software prototype with just 200 lines of code (demo: http://site1.test.cliqz.com/).

Sam Macbeth, another software engineer at Cliqz, provided a deeper technical insight into tracking methods and various anti-tracking measures. His presentation “The online data grab: online tracking and how to stop it” revealed the extent of data collection which is often underestimated by users and website operators. Simple countermeasures such as blocking third-party cookies often don’t lead to the desired success and also cause site breakage. The latter also applies to browser extensions that block tracking requests completely. With its anti-tracking, Cliqz is pursuing a more dynamic approach with algorithm-based evaluation of tracking requests. It filters out data values that allow identification of the user, overwrites it with random information, and sends it back to the tracker. This method has the advantage of reducing site breakage and working independently of the tracking method used. It also protects you from new tracking methods or specific measures to circumvent anti-tracking. You can find detailed information about Cliqz’s anti-tracking technology in a Techblog article.

Conclusion: Developers have a responsibility toward Internet users. Before integrating any third-party tool into their website or app, developers should evaluate its privacy properties. Even better are self-hosted solutions or tools that use a client-side data aggregation.

You missed the event or would like to review all the presentations? No problem! Find a recording of the Livestream in our YouTube channel.