[tschakkaMarc]

Yes, I’m defending it, because again: We took drastic steps to never send anything private (like checking within the browser whether the URL is unique or different if logged in or out and then never sending it, not to mention that there of course was no identifier and we made record linkage impossible, so no click profile, and much more). If in doubt we drop and don’t send. And again – there were tons of (pen) tests and scrutiny to make sure no private data point ever leaves your browser. It is built with the mindset “if it reaches our server, we should technically not be able to identify any single person or any surf pattern or any private URL” – this was and is also tested by many (privacy) researchers before and after the experiment. And again, all this was and is open source. This is way more than any industry standard, and I simply don’t know of any company that works with data that has a higher standard. Be our guest to validate it yourself. And please read our blog post Tuesday: we will explain how this is done. But if you simply oppose this (and similar methods from people who really care about privacy), you basically accept the status-quo of the worst data collectors, because no one else then will ever emerge (because you do need this kind of data to build a search).

[EDIT]: Just to clarify and not have anyone create the wrong idea - I defend my earlier point. But your question is loaded. Here's why: We do not collect browser history, which by definition implies being able to piece visited urls back to a profile in our servers. That is impossible - to us, each single URL comes as a detached datapoint - devoid of any information that can be used to aggregate them back to a user profile.

[garaetjjte]

I didn't say it is absolutely inappropriate to collect any user data, it could be ok after obtaining explicit user permission. Firefox experiment installed data collection add-on to random users without opt-in, and I still cannot understand why you thought that was good idea.

>That is impossible - to us, each single URL comes as a detached datapoint

IPs could be used to aggregate those datapoints, and you obviously cannot avoid receiving these. It is only promises that you or your proxy provider doesn't store them. (though maybe it is possible to implement P2P mangling network? encrypt UDP data packet, send to randomly selected peer discovered from DHT, peer delivers it to your server. Or directly send UDP packet with spoofed source address, but this is not possible for browser sitting behind NAT)

[tschakkaMarc]

There were extensive tests with opt-in before (Testpilot), but these are super biased towards techies/enthusiasts (by definition if you read HN or use Testpilot you’re not representative ...). At some point you need to both test and get data from more mass market and that would never work with opt-in. Hence the scrutiny about not even technically be able to do record linkage etc. And some of the measures you mentioned are/were applied (we post about this in the next days).

I also stick to my original point: those users who had cliqz had significantly more privacy than those without.

Having said that: I don’t think, you and me are that far away from each other. But: If we, who care about privacy constantly criticize or even shout at those who also care about privacy, those who build better products, but maybe don’t follow an idealistic “no data at all paradigm”, then we will always end with the worst data collectors, because non of the alternatives will ever have a chance (or people get frustrated and decide they can make more money at Google or ad tech).

By the way, we have a post about data and how we collect it in our blog today: https://www.0x65.dev/blog/2019-12-02/is-data-collection-evil... - you might find it interesting).

In any case thanks for challenging us. I don’t believe we’re perfect. But we’re trying!

[tschakkaMarc]

And here are all details how we remove all personal information with a technology we call Human Web: https://0x65.dev/blog/2019-12-03/human-web-collecting-data-i...

We love to get scrutinized and get feedback on this - we’re very serious about privacy.