Data privacy is not a technical problem
polypoly polyVerse

polypoly aims to rebalance digital global power in the digital world. It wants to take power away from the mainly US and China-based internet giants and place sovereignty over personal data back with the individual users, while creating an equitable market for companies to make use of that data.

his is in sharp contrast to the neo-feudal nature of the contemporary digital world. If they succeed, personal data will no longer be held inside the castles of giants in the cloud. It will be stored locally on devices presided over by the users who can decide for themselves how it is used – and how algorithms get to make administrative decisions based on that, or not.

The company completely does away with the centralised model for technology infrastructure. In its place, polypoly proposes a model where service providers have to ask for permission to process data algorithmically on the users’ own devices, and where users can interact with each other in the same way in a peer-to-peer distributed system.

To make this vision a reality, the company is laying the foundations for a shared digital infrastructure that, in the end, will be cooperatively owned by its users. 

“I was just about to retire, and now I have this wild project” – Thorsten Dittmar

Thorsten Dittmar, who founded polypoly, explains what led him to set this quixotically ambitious project in motion.

“My wife and I had been running a social impact investment fund for several years, and we were both travelling a lot. We decided to stop travelling so much, and the original idea was to go to France and, well, ‘retire’ is not really the right word, but settle down. Find a nice house somewhere in the countryside. But then, I got into researching Cambridge Analytica,” says Thorsten. 

In late 2016, it was revealed that the political intelligence company Cambridge Analytica had used massive amounts of personal data from Facebook, harvested from 87 million user accounts, then worked clandestinely to swing both the Brexit referendum as well as the US presidential election that year.

As more and more has been revealed about the company’s practices, the story continues to shock the world far outside of both the political and technology communities. For Thorsten, the revelation hit especially hard.

“I’ve had a long, history with the Chaos Computer Club [Europe’s largest voluntary association of hackers]. I was one of the first members. The real shocking thing with Cambridge Analytica was that the revelations weren’t really new for us. It was well known that people were doing these things and also that, for years, there have been techniques out there to protect your data. At the end of the day, these techniques are not used,“ he says.

In his opinion, the responsibility for this state of affairs lies squarely with the hackers.

“We as a data privacy community have completely failed to support regular people. We were nerds creating tools for other nerds. We were so proud of it that we forgot to build stuff for people who haven’t studied computer science and who aren’t interested in computers, but just want to use them,” he says.

In the wake of the revelations of Cambridge Analytica’s massive abuse of personal data for political and economic gains, Thorsten set out on a mission to put some of the insights of his hacker and business networks to good use. The main result of this initial research was the founding of polypoly.

“I was just about to retire, and now I have this wild project,” he says.

Data privacy is not a technical problem

Both in the narrow, specific cases, but also in the bigger picture, problems with security and privacy in the digital world do not necessarily stem from technology. Today, if you get hacked, there is a high likelihood that it will not be because a vulnerability in your device or software is exploited.

In most cases, the hacker will use so called ‘social engineering’. This means taking advantage of a psychological vulnerability in the person in front of the computer, rather than a technical bug in the software running on it. This could be exploiting your curiosity to get you to open an email attachment infected with malware, or exploiting a lapse in attention to get you to put your password into a fake version of a website you use.

More than 90% of all successful cyberattacks start with social engineering, mostly in the form of phishing emails where the recipient is tricked into clicking a link and revealing credentials or opening an attachment containing ransomware.

“You can divide cybersecurity into two parts, a very small one and a very large one. The small part is very horrible. It’s when the NSA and other intelligence services attack your data privacy. But, at the end of the day, that’s not really the main problem for most people. It doesn’t make it less bad, but it’s a problem for a small amount of people. The large part is the problem of companies or business-driven hackers, where it’s always about the return on investment. For the NSA, return on investment doesn’t matter,” says Thorsten.

polypoly was founded on the premise that data privacy is at the roots of it, an economic problem. It has more to do with business models and market incentives than with server configurations and end-to-end encryption.

“It is still cheaper for companies to do things in the wrong way than to do them right. As soon as the return on investment is higher when doing things right, a lot of things will be fixed, because what companies do is optimise their revenue,” he says.

With this in mind, Thorsten set out to research a solution that creates a common interest between consumers and industry, looking for a way to create a new relationship that is valuable to both parties.

A home for the user’s data, owned by the user

polypoly has just launched the first phase of its ‘polyPod’. And now that they have, it promises to turn the relationship between the users and providers of digital services on its head. For starters, users will be able to see how their data is exposed and traded, often unknowingly, in the current data economy.

Forthcoming releases of the polyPod will provide a repository of the user’s personal data kept locally and securely on their devices. For most people, this digital shadow currently lives on the servers of tech giants who make their profits by mining their data with and repurposing it to make you click on advertisements.

On the other hand, the polyPod will become a platform that companies can program features on. This will make it possible to offer digital services that make use of the data on polyPods without it leaving the user’s device. The polyPods use a special purpose integrated development environment.

This allows companies to build features that interact with user data without collecting it. Instead of the user sharing data with a company that uses algorithms to crunch it together with a hoard of other people’s data, the company will send the algorithm to the polyPod that processes the user’s data locally.

To make sure that power over their data stays in the hands of individual users, polypoly plans to make its infrastructure cooperatively owned. This economic model has a long history, especially in the Nordics, for example in Denmark, as an effective way of running public utilities. In the end, polypoly has the vision of becoming a public utility, not only in scale but also in its form of governance.

“I see polypoly’s future as a public utility for digital services with a long-term business case. It’s not a normal startup, where we need to grow exponentially and exit at the right moment to become billionaires. The goal is to do good business by empowering users,” says Thorsten.