Meet CLISK – A team which goes beyond the portability right by developing an open-source personal robot system, to get your data, on your request, from your device. Learn more from this interview with Paul Tran-Van.
Can you briefly introduce yourself and your team?
Cozy Cloud was funded in 2012 in France and since then develops the Cozy platform, a user-centric and privacy-focused open-source platform. It aims at giving back users their personal data so they can use it under their own terms. All the team members have been working at Cozy Cloud for many years and share the same core values in open-source software, user privacy and empowerment.
The team firmly believes that true user empowerment cannot be achieved without easy-to-use and efficient software, without compromising on security and privacy. The CLISK project is a natural evolution of the Cozy platform, that enable data sovereignty for the users over their data. Our motto is “You will stay because you can leave”, as any citizen should have the right and capacity to store and move her data in any place under her control, with her own policies.
What is your motivation to work in the data portability field?
Nowadays, our personal data is scattered across many silos over the internet. Thanks to the GDPR, one can now ask for its own data to a third-party in the name of data portability. However, we argue that this right is currently broken: the GDPR does not specify portability modalities and there is no incentive for a third-party to ease the life of the users expressing their rights.
This generally results by sending an email to each provider, sometimes with an identity proof, and wait for a response within a month, which is, most of the time, unsatisfied. We believe that it is unmanageable for the common citizen and a better solution should be envisioned.
In simple words, what challenges does your project address?
Our proposal objective is to go beyond the portability right by developing an open-source personal robot system, to get your data, on your request, from your device. We call this concept CLISK, for CLIent-Side Konnectors. A konnector is a piece of software that mimic user interaction on a website to get her own data, on her behalf. Typically, an Amazon konnector retrieves all the bills stored in the user account, a Blablacar konnector get the car sharing history, etc.
Those konnectors run on the user device, without any server support. This way, all requests are legitimate and avoid common robot issues such as IP blocking, scraping protection, etc. This is no longer a third-party the user mandates to exercise her portability right, this is a local “user agent” run by the user herself, to enforce her data sovereignty.
What solution are you developing?
We are developing a mobile application on both iOS and Android, that is both useful to run client-side konnectors and to display and manage the retrieved data. Our solution is open-source and we expect the community to contribute on konnectors to add new brands thanks to documentation and tooling.
The mobile app includes credentials management to avoid asking for user input at each execution.
To this end, we worked on managing efficiently and securely the user credentials in the mobile keychain, allowing users to easily access all their encrypted passwords and auto-fill the login fields for the known vendors. Finally, we are working on a simple – yet powerful – permission dashboard, that displays all the access rights granted on the user data and the history of all data access.
What are the next steps?
The main next steps will include the following actions:
- Make a public release of the mobile app.
- Improve the konnectors experience to make it as smooth as possible.
- Implement a complete Cozy Pass integration into the mobile app, so the user credentials are kept into an encrypted and synchronized vault between all the devices.
- Develop the developer tooling to ease external contributions
- Develop new business opportunities based on this solution.