Let’s Talk Privacy — CUJO AI Interview

Marcio Avillez, CUJO AI’s SVP of Business Development, chatted to Telecoms.com about a range of topics on privacy, from third-party trackers to consumers’ concerns about social media and many things in between.

  1. What kind of problems do third-party trackers and covert tracking present in general? In your view, what are the most pressing privacy issues online?

Internet users around the world, billions of them, are exposed to a technology that they do not fully understand, have little or no benefit from it, haven’t asked for it whatsoever, and due to which, they have to be concerned about how their data is used. On top of this, there is a cost to users down to the consumption of their device’s resources in relation to tracking workflows.

Third-party trackers represent the problem. When someone visits a website or uses an app, they have no intention to provide anything to any third parties. They have no other business in mind, except their primary purpose, for example, to buy shoes online. Instead, by visiting a single website, they’re invisibly connected to dozens of third-fourth-fifth party entities to a degree where no one can answer who has access to what aspects of your data.

I’d say that the most pressing issue with privacy today is the lack of policy – it’s not clear who holds responsibility for preventing users from unwanted tracking or where should people turn when they think that their privacy has been compromised. Now we all understand that adverts form part of the Internet economy and targeted ads draw higher revenues and pay for better content. But when it comes to 3rd party tracking, we have to ask one key question – Is the end user making an informed consent?

  1. You are developing privacy protection solutions on the service provider level instead of end user solutions like ad blockers. Is there a danger in shifting responsibility to users in terms of their data?

To be responsible for something means first being able to make an impact and affect the outcome. We don’t expect a regular person to perform their own surgeries, install their plumbing or take care of legal processes. Internet users are the recipients of a service, and the attributes of that service – in this case, user privacy – remain in the field of service providers, not the consumers.

We’ve carried out survey on Privacy and Online Tracking Perceptions this spring where we asked US respondents who, in their opinion, should be responsible for protecting them from tracking. The majority – 65.1% – think that it’s the Internet service providers.

We also asked several questions about privacy threats and known countermeasures. The responses clearly show one thing – privacy protection requires a systematic approach. A lot of users are neither motivated nor qualified to ensure it for themselves. There is a lack of knowledge regarding tracking and awareness is still relatively low.

I think it’s a great risk for businesses to provide a service knowing that it has a potential to be maliciously used against their customers, and not take all possible measures in order to help avoid those threats.

  1. How exactly does Incognito ensure privacy protection? Is it able to address end user concerns and expectations towards privacy?

CUJO AI Incognito protects consumers’ privacy by blocking the third-party tracking software that powers advertising sites. Because it operates on the network level, it works across all devices, browsers and apps while they’re used on that network. This way Incognito frees the consumer from installing and maintaining software on their myriad of devices.

Incognito is able to address end user expectations by empowering the Internet service providers to ensure their clients don’t have to undergo the hassle of trying to protect themselves with available means that only work on browsers (so apps keep tracking them), or installing and updating the blocking software on each of their devices.

  1. Do you sense a change coming in terms of how the public views ‘free’ social networking and entertainment sites?

Only a minority (7.6%) of our survey respondents said they think that tracking might be beneficial to them, for example, for allowing a more personalized browsing or app experience, like prefilling repetitive forms, saving choices, etc.

What is flawed in this idea is that these convenient features are available because of functional, or essential, website trackers – it’s a part of the website functionality and user experience, but third-party trackers have nothing to do with that. Their sole purpose is to gather user behaviour data for profiling them and using those profiles to target and monetize advertisements.

But those who tend to see tracking in a not-entirely-negative light are just a small part of Internet users. The majority thinks that tracking is never beneficial, and I would say they’re right.

However, social networking and entertainment sites users have no alternatives to choose from, it’s either use and be tracked, or don’t use at all. That’s why it’s essential to at least minimize the impact of tracking that they’re exposed to when using the ‘free’ services that have already become a daily habit.

Telecoms.com Annual Industry Survey 2018

Welcome to the 2018 edition of the Telecoms.com Intelligence Annual Industry Survey report. The findings from our signature survey continue to provide insights and foresight into the dynamic telecoms industry.

Once again well over 1,000 industry professionals from a broad array of backgrounds responded to the survey with their first-hand experience as well as their perspective views on the current status and future trends of the industry. As our customary practice, the report started with an overall industry landscape before we delved into six key areas pertinent to today’s telecoms industry: NFV, 5G, IoT, Digital Transformation, Security, and Test & Monitoring.

A few key findings from the survey:

  • 75% felt positive about the telecoms industry’s business outlook for 2019
  • 79% believed NFV is critical to their companies overall strategy
  • 61% believed emerging technologies and services are critical to telecom’s long-term success
  • 75% saw digital transformation as very important

Fill in the short form below to download your free copy now.

By downloading a copy of this report the information which you provide will be shared with the sponsor(s) for informative purposes and your mutual interest in the subject matter or similar subject matter (including initial follow-up regarding the content of this report).

The Network Strikes Back

2017 was the year when awareness about the need for greater cyber security went into the mainstream. Terms like ‘global ransomware attack’ made headline news, and each month reports of data breaches at companies such as Equifax, Uber, and e-Bay came out. Businesses and consumers started to really recognize the importance of privacy and security. They also started to see that security these days needs to be strong not only on a corporate level – but also within the home network.  

Because of course, networks these days are no longer the preserve of just the business world.  Even though the owners often don’t think of them as such, most consumer homes are now mini-LANs with multiple devices and device-types connected to a Wi-Fi router typically provided by the internet service provider or telephone company.

Today, the average middle-income family household in Europe or the USA is likely to have a mix of laptops, tablets, smartphones, televisions, set top boxes, games consoles, and all-in-one printer/scanners hooked directly or via wifi onto the home LAN. And it doesn’t end there because there are also other devices, such music players and fitness trackers for example, that link via Bluetooth to the LAN-connected devices as well.

Indeed, according to survey data from US company CUJO AI (www.cujo.com), the typical American household has an average of 21 connected devices on the home network.  The Internet of Things is here, and it’s in homes all over the country.

Rogue ones – the dangers of unprotected devices

In fact, those are pretty much just the standard devices.  In our gadget-centred society, video doorbells, connected refrigerators, home heating and energy control systems, baby monitoring devices, and virtual assistants are all sitting on home networks. In many cases these devices are largely unprotected – the laptop camera that can be used to snoop, or the virtual assistant that is listening and reacting to your conversations even when you are not ‘addressing’ it.  

Indeed, most of the time, homeowners don’t know exactly what devices are connected to their LAN at any given moment, and they certainly don’t know whether any of them are subject to an attack.  And the scary part is, that if someone or something attacks your home network via one unprotected device, there’s a strong chance they could infect other devices on the network or monitor your traffic and steal vital personal and financial data.

“The explosion of IoT devices into the consumer market has created a massive security hole,” says CUJO AI co-founder and CEO Einaras Gravrock.  “But it also creates an opportunity for internet service providers – an opportunity to differentiate their network offering not just by price, but by the added value of greater, visible, security.”

And security is a service that consumers show a willingness to pay for – according to global consulting firm PWC.   In its 2017 report ‘Smart home, Seamless life’ PWC found that 75 percent of smart-device owning consumers were willing to pay more for add-on security features, and that a similar number believe it is business, not government, that is best placed to provide the protection.  In the same year, identity management company Gigya published a report on the state of consumer privacy and trust with a headline statistic that 69 per cent of all consumers are concerned about the security and privacy of smart home devices.  

A fear among consumers, a willingness to pay more for protection and a belief that businesses are best placed to provide it, looks like a perfect storm for service providers.  The evidence for that perfect storm was underlined by a report that showed some 52 percent of consumers would pay more for a network provider that offered better data security.

Machine learning – a new hope

That service provider opportunity led CUJO AI to develop a cloud-based platform that would help ISP’s analyse home network data, provide increased security from cyber threats, and deliver valuable services to consumers via a dedicated service provider App.

Enabled by a simple firmware update to the existing home router, the platform can analyse the traffic the router is seeing, identify the devices that are live on the network, and monitor anonymized data to see which services are being accessed.  Using machine learning models and applying artificial intelligence in the cloud, the platform can then provide proactive security that draws on all the data it is seeing and interpreting.

“Our platform gets the big picture,” says Gravrock, “which means it can spot trends and identify threats as they occur. But it can also translate that down to individual actions for any of the connected homes – even down to isolating or restricting a device that is compromised.”

While the cloud-based platform crunches the data across all the home networks for big picture intelligence, the consumer app gives the lead householder real time data on home network usage.  It uses recognisable names for devices – Suzy’s smartphone; Josh’s tablet; family room games console etc – and provides advanced parental controls such as a lights-out curfew.

It seems clear that home network security shouldn’t just be left to the consumer and their devices; the network itself needs to be the focal point guarding against attack.  Service providers that add security to their portfolio can establish and trade off the trust engendered to sell, for example, device security add-ons to protect a smartphone when it’s not at home.

The dark-side hacking community are nothing if not resourceful and will always seek the weakest link. By protecting it at source, service providers can ensure the force is strong in the home network as well.


New Approach to GDPR: Using Machine Learning to Enhance Privacy

The General Data Protection Regulation (GDPR) will come into effect on the 25th of May. Although this particular law applies to European Union, it does not only concern businesses registered there: every entity that has EU clients will have to comply with it.

GDPR has no precedent. However, it could become a worldwide gold standard of privacy laws. In such case, these recommendations may soon extend to those operating without any EU customers, especially in the current context of data breaches and insufficient privacy features.

Security & Privacy Concerns

More people are connected about privacy than ever before. With the rise of the Internet of Things, it is estimated that 8.4 billion devices are currently connected online, with 49% of the world’s population using the internet. That number is only going to increase.

While that has positive implications, such high level of connectivity also has a negative side to it. In the light of the ongoing Facebook data privacy scandal, the Equifax breach, and the Uber data breach, people get more aware and concerned about their privacy and security online.

64% of Americans have experienced a data breach personally, and nearly half (49%) feel that their private information is less secure than five years ago. That number grows to 58% in the population aged 50 and above. In this kind of environment, laws similar to GDPR could gain rapid popularity in the US, too.

Key Restrictions Presented by GDPR

The General Data Protection Regulation brings quite a few changes. A major difference is that a business will risk paying fines up to 4% of annual global turnover, or €20 million.

Businesses will be required to notify their users of a breach within 72 hours, provide access to their data and information on where and why it is processed. Option for erasing user data will have to be provided, amongst other modifications.

Privacy by Design is also introduced, which means that only the data absolutely necessary to carry out duties can be held and processed. It also requires that those needing to process that data have as little access to it as possible.

Machine Learning: Seeing More with Less

As the market for enhanced security and privacy grows, General Data Protection Regulation only adds fuel to this fire. Due to its far stricter regulations, ensuring privacy should become the main concern for any business that has clients from European Union.

Machine learning-driven solution can provide effective service without exposing PII (personally identifiable information that can lead to learning a person’s identity, such as the name and the surname, or the IP address in combination with the physical address)

Machine Learning models can effectively analyze huge data sets in real time to detect specific patterns, anomalies, and trends. There is no need to analyze every single packet and look into the data portion of the packet (where all the sensitive information and, potentially, PII is being stored).

In addition to that, minimal human interaction is required to supervise it. It works well with GDPR’s requirement to avoid the overabundance of officials dealing with sensitive data. That’s because Machine Learning uses algorithms to analyze patterns in data, therefore minimizing the need for human supervision and PII exposure.

According to GDPR, the person has the “right of explanation.” It’s a right to know what kind of data is used by a business about a person, and why. The anonymization of data along with the necessary explanation of what purpose this collection has can ensure compliance.

Of course, businesses should ensure that no unnecessary data is kept and utilized.  However, the main issue with excessive data keeping is unfair and biased profiling, as well as using it to take advantage of clients. Ultimately, a beneficial service that uses data ethically should have few issues, if any.

Machine learning should be looked at as one of the most viable solutions to the current issues of security, privacy, and end-user protection that we are facing today. In general, people are becoming more aware of the risks that being online may present, and that calls for viable solutions that are concerned with improving on those issues.


CUJO AI is the leading artificial intelligence company providing network operators AI-driven solutions, including AI security, advanced device identification, advanced parental controls, and network analytics. CUJO AI Platform creates intuitive end-user facing applications for LAN and wireless (mobile and public wifi), powered by machine learning and real-time data.

Learn more at cujo.com


New DNS Encryption Tools Accelerate Privacy Online

Brand new Domain Naming Service (DNS) Cloudflare is gaining firm ground among internet users. Unlike many other DNS providers, Cloudflare positions itself as strictly privacy-oriented service.

According to CUJO AI data, it has acquired nearly 4% of the total DNS market since its launch on April 1st and now stands as the fifth most popular DNS provider. Moreover, Google and Apple announced that they will start encrypting DNS traffic. What does that mean for the internet privacy?


DNS (Domain Naming Service) turns the website address you enter into a computer-recognizable IP address. This way a user can access the content they were looking for online.

Even though that content might be encrypted, the user’s IP is not, and neither is the DNS traffic. Cloudflare and it’s alternatives (OpenDNS, Google Public DNS, and Quad9 amongst others) allow for the encrypted traffic what would ensure that it’s impossible to spy on the websites visited by the home user.

Even though CUJO AI data suggests that only a minority of DNS traffic, is currently encrypted, we see a steady trend that more endpoints are willing to engage in, so-called DNS-over-TLS. Apple is planning a DNS over TLS feature for devices running iOS 11 and above, while Google is extending its DNS over TLS support to the mobile OS, meaning Android devices are getting an extra layer of security.

Considering that such big players are entering the game and that Cloudflare managed to get a lot of attention along with a significant market share so quickly, we can fully expect that the trend will just grow stronger.

Security vs. Privacy: a Modern Dilemma

DNS encryption, however, creates additional security risks. One of the most common cybersecurity methods is DNS blacklisting. It relies on analyzing unencrypted traffic, finding known-bad websites and blocking them.

DNS blacklisting databases are updated every 12 to 36 hours. It is not the best security method even now when the traffic is not encrypted. It will become obsolete once a universal DNS encryption takes place.

Machine-learning based threat detection is the solution that is referred to as the more effective alternative. It works in real time employing algorithms that become more accurate by the minute.

Its strength lies in the fact that it is proactive. Instead of using databases that can have incorrect or expired information, such security measures learn the network behavior and identify malicious patterns.

That way even completely new threats that have not been registered on any databases yet can be identified, and the end user can be alerted. Early intervention is crucial since some malware can cause irreparable damage, such as permanent file corruption or sensitive information theft.

While traditional security vendors rely on DNS blacklisting services to provide security solutions, CUJO AI uses artificial intelligence algorithms and behavioral analysis to ensure network security. CUJO AI machine learning algorithms learn from huge datasets and create behavioral patterns out of them.

They list what kind of behavior is known-good and how a malicious behavioral pattern looks like. The algorithms compare the usual network and device behavior with the known-bad and known-good behavior. If it notices unusual or potentially malicious behavior, it blocks it and notifies the user.

It should also be noted that highly focused spear-phishing or whaling attacks do not leave a significant footprint on the internet and are rarely included in the Cyber Threat Intelligence databases. Nevertheless, machine-learning methodology can detect such malicious activity by design.

Privacy Is a Growing Concern for Americans

Two-thirds of Americans think current laws are not enough to protect their privacy, and 61% would like to do more themselves in order to ensure it. However, many are not confident on how to go about it.

Privacy by design is no longer just a concept, either, as only the data absolutely necessary for the completion of duties can now be held and processed.

General Data Protection Regulation (GDPR) is currently setting the precedent for user privacy treatment, and it is very likely that it will become the future gold standard. The best way to comply with it is to automate the vast majority of data processing, which is a task that can also be achieved by machine learning.

In fact, GDPR encourages that to some extent by stating that access to personal data should be limited to those “needing to act out the processing.” Ensuring that only machines handle that data is a viable solution, albeit one that needs to be worked on.


CUJO AI is a pioneer of consumer IoT and network security since 2015, combining AI with real-time threat intelligence. The company is providing network operators AI-driven solutions, including AI security, advanced device identification, advanced parental controls, network analytics, and more.

CUJO AI Platform creates intuitive end-user facing applications for LAN and wireless (mobile and public WiFi) security. Network operators that deploy CUJO AI solutions on their infrastructure provide personalized customer experience, offer advanced protection, and ensure seamless device management.