I want to know what kind of data are sent back to Cliqz owners when customers using it. So I spent some time to play with it. I used mitmproxy, a free and opensource tool to monitor all internet activities from Cliqz.
Here are some summaries:
- You start Cliqz, it immediately connects to cliqz to retrieve and send some data.
- You search on google, the requestion is sent to cliqz at the same time.
Due to the data transparency statement from Cliqz, I can confirm that they do like they said. However, it is creepy to know that your online behaviors are spying online in real-time. Whatever you search are sent back to cliqz right away!
I did the same test on Firefox but did not see the similar patter. This does not say that Firefox is better, just says that my method mentioned above does not work on Firefox. Or at least they do it in an implicite way.
So the question is back to Google Chrome. How is it with this Google – the big brother?
During the time I played with Cliqz and mitmproxy, i learnt about SSL spinning. A technique of embedding certificate inside the application, by doing this, web browser or application can detect man-in-the-middle attack (this is method of mitm – it installs a certificate), this technique is used by twitter, google search, but not on Bing. To by pass for research purpose, is easy. I do not write the details here because Google has all the answer ().