[solso]

>> You can collect data from users and still do not compromise their privacy

> This is definitionally false. The very collection of data compromises one's privacy, by nature of it having been collected.

That's not definitionally false, if it sounds false to you is because you have an implicit assumption that does not apply.

Data from users does not imply user sessions on the collector side (session as a set of multiple data points belonging to the same user).

If sessions are collected, then, privacy is impossible to guarantee. We are well aware of that, having worked on this problems for almost 20 years. But that's precisely what Cliqz never did. All messages from our users are record-unlinkable for us, meaning that we have no way to reconstruct any session.

If you are interested, check the HumanWeb posts on https://0x65.dev/ or the papers https://0x65.dev/pages/dissemination-cliqz.html

[yellowapple]

> That's not definitionally false, if it sounds false to you is because you have an implicit assumption that does not apply.

That "implicit assumption" is awareness of what "privacy" and "data collection" mean, and it very much applies (arguing otherwise is revisionist). Ergo: "definitionally false".

In particular:

> Data from users does not imply user sessions on the collector side

Yes it does, because otherwise collecting that data is pointless. Further:

> All messages from our users are record-unlinkable for us, meaning that we have no way to reconstruct any session.

Not if a malicious actor (which may or may not include a future or even current version of you) taps into the locally-stored tracking data. The very existence of that data and its collection thereof is a fundamental security and privacy risk. Just because you ain't currently siphoning it to remote servers doesn't mean malware can't do so, or that a "critical security update" can't reprogram the Cliqz browser/addon to do so.

That is: whether the aggregation happens client-side or server-side does not change the basic fact that the aggregation is happening, and that aggregated data remains a juicy target (and to make matters worse, even if you did want to safeguard that data, it's effectively outside your control). That very aggregation itself is therefore a violation of my privacy.

And this is all taking Cliqz' claims at face value. We could certainly dig further into how we're supposed to take your word that you are indeed discarding unique identifiers (including IP addresses). We could (and should) certainly do the same for other sites claiming to discard such identifiers, but given DuckDuckGo (for example) ain't in the business of peddling sleazy-looking adware¹ (to my knowledge at least), I'm at least slightly more inclined to take their word for it.

I'll give Cliqz credit for at least trying to address these issues in the hopes of finding a creative solution that gives advertisers what they want without egregious privacy violations, but - having read the papers before, and reading them again - I'm still pretty thoroughly unconvinced. I'd much rather not have tracking at all, like how newspaper and magazine ads work (barring some substantial leap in technology, newspapers and magazines never tracked my "engagement" with the ads within or how long my eyeballs were looking at them or how quickly I turned the page or what have you).

----

¹: https://cliqz.com/en/cliqz-angebote