polypoly Logo
Henrik Chulu

We as a data privacy community have failed completely

Thorsten Dittmar, founder of polypoly

polypoly envisions a future where personal data is kept not in the data centres of giant tech monopolies, but with the users themselves.

polypoly has the humble goal of rebalancing global power in the digital world. The company wants to take power away from the mainly US and China-based internet giants and place the sovereignty over personal data with the individual users, while creating an equitable market for the companies that make use of it.

This is in sharp contrast to the neo-feudal nature of the contemporary digital world. If they succeed, personal data will no longer be held inside the castles of giants in the cloud. It will be stored locally on devices presided over by the users who can decide for themselves how it is used, and how algorithms get to make administrative decisions based on that.

The company completely does away with the centralised model for technology infrastructure. In its place, polypoly proposes a model where service providers have to ask for permission to process data algorithmically on the users’ own devices, and where users can interact with each other in the same way in a peer-to-peer distributed system.

To make this vision a reality, the company is laying the foundation of a shared digital infrastructure that, in the end, will be cooperatively owned by its users.

“I was just about to retire and now I have this wild project”

Thorsten Dittmar, who founded polypoly, explains what led him to set this quixotically ambitious project in motion.

“My wife and I had been running a social impact investment fund for several years, and we were both travelling a lot. We decided to stop travelling so much, and the original idea was to go to France and, well, ‘retire’ is not really the right word, but settle down. Find a nice house somewhere in the countryside. But then, I got into researching Cambridge Analytica,” he says.

In late 2016, it was revealed that the political mercenary company Cambridge Analytica had used massive amounts of personal data from Facebook, harvested from 87 million user accounts, working clandestinely to swing both the Brexit referendum as well as the US presidential election that year.

As more and more has been revealed about the company’s practices, the story continues to shock the world far outside of both the political and technology communities. For Thorsten, the revelation hit especially hard.

“I’ve had a long history with the early hacker scene since the 70s and 80s. The real shocking thing with Cambridge Analytica was that the revelations weren’t really new for us. It was well known that people were doing these things and also that, for years, there have been techniques out there to protect your data. At the end of the day, these techniques are not used,” he says. In his opinion, the responsibility for this state of affairs lies squarely with the hackers.

“We as a data privacy community have completely failed to support regular people. We were nerds creating tools for other nerds. We were so proud of it that we forgot to build stuff for people who haven’t studied computer science and who aren’t interested in computers, but just want to use them,” he says.

In the wake of the revelations of Cambridge Analytica’s massive abuse of personal data for political and economic gains, Thorsten set out on a mission to put some of the insights of his hacker and business networks to good use. The main result of this initial research was the founding of polypoly.

“I was just about to retire and now I have this wild project,” he says.

Data privacy is not a technical problem

Both in the narrow, specific cases, but also in the bigger picture, problems with security and privacy in the digital world do not necessarily stem from technology. Today, if you get hacked, there is a high likelihood that it will not be because a vulnerability in your device or software is exploited.

In most cases, the hacker will use so called ‘social engineering’. This means taking advantage of a psychological vulnerability in the person in front of the computer, rather than a technical bug in the software running on it. This could be exploiting your curiosity to get you to open an email attachment infected with malware, or exploiting a lapse in attention to get you to put your password into a fake version of a website you use.

More than 90% of all successful cyberattacks start with social engineering, mostly in the form of phishing emails where the recipient is tricked into clicking a link and revealing credentials or opening an attachment containing ransomware.

“You can divide cybersecurity into two parts, a very small one and a very large one. The small part is very horrible. It’s when the NSA and other intelligence services attack your data privacy. But, at the end of the day, that’s not really the main problem for most people. It doesn’t make it less bad, but it’s a problem for a small amount of people. The large part is the problem of companies or business-driven hackers, where it’s always about the return on investment. For the NSA, return on investment doesn’t matter,” says Thorsten.

polypoly was founded on the premise that data privacy at its roots is an economic problem. It has more to do with business models and market incentives than with server configurations and end-to-end encryption.

“It is still cheaper for companies to do things in the wrong way than to do them right. As soon as the return on investment is higher when doing things right, a lot of things will be fixed, because what companies do is optimise their revenue,” he says.

With this in mind, Thorsten set out to research a solution that creates a common interest between consumers and industry, looking for a way to create a new relationship that is valuable to both parties.

A home for the user’s data owned by the user

polypoly has not yet launched their ‘polyPod’. But when they do, it promises to turn the relationship between the users and providers of digital services on its head, by fundamentally changing the model of how personal data is accessed and exploited.

The polyPod is, on the one hand, a repository of the user’s personal data kept locally on the devices of the user. For most people, this digital shadow currently lives on the servers of tech giants who make their profits by mining this data with the purpose of making you click on advertisements.

On the other hand, the polyPod is also a platform that companies can program features on. This makes it possible to offer digital services that make use of the data on polyPods without it ever leaving the user’s device. The polyPods use a special purpose integrated development environment.

This allows companies to build features that interact with user data without collecting it. Instead of the user sharing data with a company that uses algorithms to crunch it together with a hoard of other people’s data, the company will send the algorithm to the polyPod that processes the user’s data locally.

To make sure that power over their data stays in the hands of individual users, polypoly plans to make its infrastructure cooperatively owned, once it has been rolled it out. This economic model has a long history, especially in the Nordics, for example in Denmark, as an effective way of running public utilities. In the end, polypoly has the vision of becoming a public utility, not only in scale but also in its form of governance.

“I see polypoly’s future as a public utility for digital services with a long-term business case. It’s not a normal startup, where we need to grow exponentially and exit at the right moment to become billionaires. The goal is to do good business by empowering users,” says Thorsten.