Hi, Marc from Cliqz. This one haunts us (in HN and also in my dreams). Let's first get one thing clear: It was a terrible blog post. Second: The 1% who had Cliqz installed were actually safer than the ones without. Why? If you use a (most) browsers every keystroke in the URL bar gets send to Google. This is how autosuggest works. This was and is the case with Firefox also. Cliqz in the functionally implemented in Firefox was not that different. Except - it comes with privacy by design: We actually proxied those requests to not get the IP, we take special measures to not collect private data in the first place. And all this was tested and scrutinized a lot before and after the test. And if you don't trust it or believe it, it also happened to be open source. In the end, you were better off with Cliqz than without. Third (and maybe most importantly): If you don't support anyone who "collects" data, even if they do it in the most transparent way, without collecting any private information, in fact going a long way to delete all PII, open-source and with privacy by design, someone who has no business model built on collecting profiles, then you only criticize Google, but will never have an alternative or only alternatives that white label those that do collect all data. Because building a search without data is impossible. We were hoping that together with Firefox we would build a better solution. For some reasons this didn't work out, but lack of privacy was never one of them (lack of a business model more so, because sending every key press to some is more profitable than others, regardless of how private each is). In fact, our way of doing things is much more private than most people out there who claim to be private. This includes most browsers and search engines. And all of this is open source, so verifiable. And while we speak about it: In our blog https://0x65.dev we will over the next 24 days publish pieces on what we do and why we do it and why it is important, data collection and anonymization will be a big part of this. Last not least: All this is clearly not your fault, so my rant might be inappropriate, but as I said, this thing haunts us for the wrong reasons. (Me and the team are happy to answer any questions).

Obviously using search engine sends search queries to it.. okay. But that experiment was sending most of browsing history, without explicit opt-in. Collecting browsing history from users of popular browser without asking them is just evil. (and it seems you still defend that decision)

Yes, I’m defending it, because again: We took drastic steps to never send anything private (like checking within the browser whether the URL is unique or different if logged in or out and then never sending it, not to mention that there of course was no identifier and we made record linkage impossible, so no click profile, and much more). If in doubt we drop and don’t send. And again – there were tons of (pen) tests and scrutiny to make sure no private data point ever leaves your browser. It is built with the mindset “if it reaches our server, we should technically not be able to identify any single person or any surf pattern or any private URL” – this was and is also tested by many (privacy) researchers before and after the experiment. And again, all this was and is open source. This is way more than any industry standard, and I simply don’t know of any company that works with data that has a higher standard. Be our guest to validate it yourself. And please read our blog post Tuesday: we will explain how this is done. But if you simply oppose this (and similar methods from people who really care about privacy), you basically accept the status-quo of the worst data collectors, because no one else then will ever emerge (because you do need this kind of data to build a search).

[EDIT]: Just to clarify and not have anyone create the wrong idea - I defend my earlier point. But your question is loaded. Here's why: We do not collect browser history, which by definition implies being able to piece visited urls back to a profile in our servers. That is impossible - to us, each single URL comes as a detached datapoint - devoid of any information that can be used to aggregate them back to a user profile.

I didn't say it is absolutely inappropriate to collect any user data, it could be ok after obtaining explicit user permission. Firefox experiment installed data collection add-on to random users without opt-in, and I still cannot understand why you thought that was good idea.

>That is impossible - to us, each single URL comes as a detached datapoint

IPs could be used to aggregate those datapoints, and you obviously cannot avoid receiving these. It is only promises that you or your proxy provider doesn't store them. (though maybe it is possible to implement P2P mangling network? encrypt UDP data packet, send to randomly selected peer discovered from DHT, peer delivers it to your server. Or directly send UDP packet with spoofed source address, but this is not possible for browser sitting behind NAT)

There were extensive tests with opt-in before (Testpilot), but these are super biased towards techies/enthusiasts (by definition if you read HN or use Testpilot you’re not representative ...). At some point you need to both test and get data from more mass market and that would never work with opt-in. Hence the scrutiny about not even technically be able to do record linkage etc. And some of the measures you mentioned are/were applied (we post about this in the next days).

I also stick to my original point: those users who had cliqz had significantly more privacy than those without.

Having said that: I don’t think, you and me are that far away from each other. But: If we, who care about privacy constantly criticize or even shout at those who also care about privacy, those who build better products, but maybe don’t follow an idealistic “no data at all paradigm”, then we will always end with the worst data collectors, because non of the alternatives will ever have a chance (or people get frustrated and decide they can make more money at Google or ad tech).

By the way, we have a post about data and how we collect it in our blog today: https://www.0x65.dev/blog/2019-12-02/is-data-collection-evil... - you might find it interesting).

In any case thanks for challenging us. I don’t believe we’re perfect. But we’re trying!

And here are all details how we remove all personal information with a technology we call Human Web: https://0x65.dev/blog/2019-12-03/human-web-collecting-data-i...

We love to get scrutinized and get feedback on this - we’re very serious about privacy.