Statement regarding the attack on Diffix by Imperial College Scientists

The attack as described by the scientists at Imperial College London is purely theoretical. It was never actually carried out and based on our measurements on real databases, the conditions under which it could work are so rare as to be practically non-existent. The vulnerability never-the-less will be addressed in our next update to Diffix. Transparency and being open to contributions from the community, as mentioned by the team from Imperial, is something we have always considered crucial for the further development of Diffix. … read more

May 4, 2018 by Felix Bauer

Report on the Diffix vulnerability announced by Imperial College London and CU Louvain

On April 18 researchers from the Imperial College London and CU Louvain published a vulnerability of Diffix. Diffix is the anonymization algorithm jointly designed by the Max Planck Institute for Software Systems (MPI-SWS, www.mpi-sws.org) and Aircloak GmbH (www.aircloak.com), which markets an anonymization product based on Diffix. The vulnerability was posted on the academic paper archival system arXiv here. A couple [...] … read more

April 27, 2018 by Paul Francis

The Seven Core Principles of Privacy by Design

As both the risks and opportunities of data increase, there is a corresponding increase in pressure on companies to build what’s known as “Privacy by Design” or PbD into their data practices. This idea comes from Ann Cavoukian, the former Information & Privacy Commissioner of Ontario. With the notorious GDPR set to take effect in May of 2018, privacy by design will become a legal requirement (rather than a nice to have) for any business subject to the new regulation. … read more

February 6, 2018 by Felix Bauer

Announcing the first ever bug bounty program for a privacy protection solution

Today we are announcing our “Aircloak Privacy Challenge” at the IAPP’s Privacy. Security. Risk. 2017 conference. This unique bounty program rewards privacy professionals, researchers and hackers who manage to break the company’s patented privacy protection methodology, with a total of 15,000 USD. Applications for the challenge to re-identify anonymized data start today. … read more

October 16, 2017 by Felix Bauer

Announcing our Seed investment

Today we are announcing our $1.3M equity investment from Speedinvest and Constantia New Business with existing shareholders Max Planck Innovation and Elephant & Castle Capital joining the round. Berlin, San Francisco, October 3, 2017 Various technology developments have led to the birth of Big Data; organizations collecting, analyzing and sharing increasing amounts of information — much of it unstructured and [...] … read more

October 3, 2017 by Felix Bauer

(Differential) Privacy at the End of the Rainbow

If you are a privacy professional interested in anonymity, then you’ve probably followed the Wired article “How One of Apple’s Key Privacy Safeguards Falls Short”. It’s the story of how some researchers reverse-engineered Apple’s proprietary implementation of differential privacy and found that the setting of the privacy loss parameter is not in the safe region. … read more

September 28, 2017 by Paul Francis

Tableau meets Anonymized Insights

Tableau is loved by data analysts for the ease with which it allows them to generate insights and gain clarity from rich and complex data sets. However up until now Tableau has fallen short when the data being analyzed contains personal information or is otherwise sensitive to the point of the analyst not being permitted to query it. Aircloak Insights, [...] … read more

September 23, 2017 by Sebastian Probst Eide

Read Aircloak co-founder’s perspective on IAPP’s Privacy Tech Blog

In the last year or so Apple, Google and Uber all announced that they too are using Differential Privacy. Given recent publicity around differential privacy, we may soon see differential privacy incorporated as part of commercial data masking or data anonymization solutions. But what does it really mean being Differentially Private — and what are the questions you should ask? … read more

August 17, 2017 by Paul Francis

MyData 2017 Workshop Abstract: Technical Issues and Approaches in Personal Data Management

Many analyses require results only about aggregate data, not individual personal data. Such analyses can in principle be done over anonymized data. If user data is strongly anonymized in the GDPR sense, then it is by law and in fact not personal data. Personal data management systems should therefore exploit the benefits of anonymization whenever and wherever possible. … read more

August 8, 2017 by Paul Francis