OSTERN 2016 DATUM FULL
Suddenly we have the full history of that persons search queries! On top of that, perhaps one of the queries contain personal identifiable information (PIII) that puts a real name to the user X. With this data, we could build a session for a user, let’s say user with then anonymous UID X, user=XXX, queries= The problem is, that some of this additional use-cases are extremely privacy sensitive. This data in fact can be used to solve many other use-cases. By doing so, in the example, we would find that the query ”firefox hq address” seems to be problematic. SERP=/q=trump for president, UID=Y, TIMESTAMP=2016.Ī simple script would traverse the file(s) checking for the repetitions of the tuple UID and query within one hour interval. SERP=/q=facebook cristina grillo, UID=X, TIMESTAMP=2016. SERP=/q=firefox hq address, UID=X, TIMESTAMP=2016. The data that we would collect with the server-side aggregation approach would look like that. It is then straightforward to implement a script that finds the bad-queries we are looking for. We would also need to keep a timestamp and a UID so that we know which queries were done by the same person. We would collect URLs for search engine result pages, the query and search engine can be extracted from the RUL. Let’s first start with the typical way to collect data: the server-side aggregation, We want to show you why the industry standard approach has privacy risks. There are several approaches to collect the data needed for quality assesssment. That would be a good signal that Cliqz’s results for query q need to be improved. Simply observe the event in which a user does a query q in Cliqz and then, within one hour, does the same query on a different search engine. It is easy to do if the user’s help us with their data. A very legitimate use-case, let’s call it bad-queries. Since Cliqz is a search engine we need to know for which queries our results are not good enough. Let us illustrate it with an example (a real one), This is a strong departure from the industry standard of data collections. Consequently, aggregation of user’s data in the server-side (on Cliqz premises) is not technically feasible, as we have no means to know who is the original owner of the data. How? Because any user-identifier that could be used to link records as belonging to the same person are strictly forbidden, not only explicit UID’s but also implicit ones. The Human Web basically is a methodology and system designed to collect data, which cannot be turned into sessions once they reached Cliqz. But still, the session is there, stored somewhere, and trust that it is not going to be misused is the only protection we have. Will Google Analytics try to de-anonymize the data? I bet not. For instance, Google Analytics data can be used to build sessions that can sometimes be de-anonymized by anyone that has access to them. This linkage leads to sessions, and these sessions, are very dangerous with regards to privacy. messages, records, come from the same user. Record linkage is basically the ability to know that multiple data elements, e.g. The fundamental idea of the Human Web data collection is simple: to actively prevent Record Linkage. The Human Web is our proposal for a more responsible and less invasive data collection from users.
OSTERN 2016 DATUM FREE
As someone once said, if you do not like reality feel free to change it. It is not enough for us, should not be enough for our users either. We are not comfortable with only a promise based on a Terms of Service and Privacy Policy agreement. We use our own products, and consequently, our own data is collected. This is not something that we want to be part of, if only for selfish reasons. In the current model the user has little control. Finally, companies can unilaterally decide to change their privacy policies. Companies can go bankrupt and the data auctioned to the highest bidder. Unethical employees can dig on the data for personal interests.
Governments can issue subpoenas, or get direct access to the data. Legal obligations aside, there are many ways this trust model can fail. We want to depart from the current standard model, where users must trust that the company collecting the data will not miss-use it, ever, in any circumstance. This data, provided by Cliqz users, is collected in a very different way than typical data collection. Human Web is a methodology and system developed by Cliqz to collect data from users while protecting their privacy and anonymity.Ĭliqz needs data to power the services it offers: search, tracking protection, anti-phishing, etc.
Not removing this gist for historical reasons. We recommend to read the article on Cliqz Tech blog, the content is more up to date there. Konark Modi, Alex Catarineu, Philipp Claßen and Josep M.
0 kommentar(er)
