Aircloak Announces First Ever Bug Bounty Program for its Privacy Protection Solution

Share Article

Aircloak – a leader in the field of privacy-enhancing technologies – announced today its “Aircloak Privacy Challenge” rewarding privacy professionals, researchers and hackers who manage to break the company’s privacy protection methodology. Applications for the challenge to re-identify anonymized data start today.

Aircloak, in joint research with the Max Planck Institute for Software Systems, designed Diffix, a new privacy analytics methodology that achieves a strong level of anonymity while maintaining a high level of information content in the data, and is simple to deploy and to use. Marketed as Aircloak Insights, Diffix is the only technology confirmed by a European data protection authority to deliver GPDR-level anonymization for all data types and use cases. It is deployed by financial institutions and communications providers worldwide.


“At Aircloak we believe that data security is best served through methods and implementations that are transparent and that can withstand public scrutiny. This is why Aircloak made its methodology public and available for review when Aircloak Insights was launched," says Felix Bauer, co-founder and CEO of Aircloak.

Now Aircloak is taking this a step further through its Aircloak Privacy Challenge initiative, a bounty program incentivizing participating “attackers” to find weaknesses in its anonymization methodology. For this purposes Aircloak will make its platform available. Attackers are encouraged to try to “single out” users while suppling their own data sets to attack, or use one of the data sets supplied by Aircloak. The attacker may assume substantial prior knowledge of the data set.

Starting today participants can apply at or email challenge(at)aircloak(dot)com. The Challenge is scheduled to go live in November 2017, and will run for 6 months. Total rewards of $15,000 are available for successful attackers, with individual bounties ranging from $100 to US$ 5,000 depending on the number of users that can be singled out and the amount of prior knowledge assumed. Higher bounties are paid when the attacker can single out more users with less prior knowledge.

“With a whole array of increasingly complex ‘GDPR solutions’ out there, customers are having a hard time knowing whom to trust. Unfortunately, this market still often operates by a “security through obscurity” principle, an idea we don’t agree with at all. Using the Challenge, we actually publicly demonstrate how well or system protects privacy to customers and regulatory bodies. At the same time, it helps us uncover and address potential issues very early on, in a safe sandbox environment without the risk of compromising actual private customer data in a live operational setting.”, Bauer concludes.

About Aircloak
Aircloak was founded in 2014 by Felix Bauer (CEO), Sebastian Probst Eide (CTO) and Prof. Paul Francis to commercialize and build on privacy protection research done at the Max Planck Institute for Software Systems. Today the company has licensed its solutions to financial services organizations, communications providers and healthcare organizations.

For more information please contact
Felix Bauer, CEO,
Gormannstr. 14
10119 Berlin, Germany
T +49 176 800 22 606

Marcel van der Heijden
VP Business Development
M: +1 831 56 0630

Aircloak(R) and the Aircloak logo are (registered) trademarks of Aircloak GmbH

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Marcel van der Heijden
+1 8315660630
Email >

Felix Bauer
+1 831 566 0630
Email >
Visit website