This 99% of what I needed to know, thank you very much.
So I see data in 3 ways.
Let us start with “Good” data. This is data that CF needs to perform its job, the same as a Brinks armoured truck. Those drivers know what they need to know, and do not sell, trade, share, or have access or the ability to divulge the information about the delivery, client particulars, etc. The bank pays Brinks to do their job and expects them to not own, sell, or share any information about the bank with anyone. No scorecard “research” cookies unless its used to provide a service to me.
Now there is “bad” data. This is data that CF could sell, share, or “anonymise” for export for compensation from another party. This is what we do not want. Making data anonymous for analysis internally is understood, using it externally and making it anonymous to sell is not a feature we want. Imagine if Brinks had a cheaper model where for less money, they would sell anonymised data about who uses the bank, how large the cash drops are, and so on. This is not ideal, and this mentality leads to a zero sum game where one competitor can buy another company’s data. This is why we do not use google products, they are useless. We built our own survey server, so no need for google surveys. We built our own email servers and added 3 gateways, so no need for “free” email service while we have our own. We will not trade our clients data for a smaller up-front cost, as we acknowledge that client privacy in the long run is worth protecting.
This brings us to the “Grey” data. We do clearly understand that data gathered from our customers will be put in a pot, mixed up with all the clients, and under analysis will be used to help other cloudflare users, in such cases as bot detection, rogue ips blocks, and whatever else one could imagine to be mutually harmful to the community. This data usage also helps my company and that’s ok. This is the same as Brinks sharing data with the FBI that concerns bank robbers.
I am not comfortable with CF learning my customers habits of what they buy, sell, and do online, and it’s that data that I would want separated and isolated so that if/when cloudflare is acquired, sold, or merges with another company, my company’s data goes with our company for export, and thus that data is not accessible to the new parties. We want to know how we would be able to take it with us.
We would not want brinks to install a camera system, facially recognise all of our customers, observing how much money my customers deposit, withdraw, or reading our customer’s IDs and checking their registered vehicles against a database to see where my customer went anytime in their lives for the purpose of CF selling that data in that form to other parties.
Again, I stress its ok to synthesise protection mechanisms based on what CF learns about bad actors in to a positive tool. It is not ok to simply sell any data relating to my customers that could be disseminated by a competitor to gain the upper hand.
We understand that any company can buy 10 tranches of “anonymised” data (like the data CF would possess) and create an accurate profile of an entity. So the term anonymous loses it meaning when it is applied to data gathering because once we put it all in a pot, the value of connecting the dots (the CF data pool) is worth more than the pieces (my data for example).
“True privacy” is the way the world used to function, and is what people are now asking for now. They want the right to be forgotten. It is possible to do such, however it requires advocates like me and knowledgeable people like yourself to look at what was and be able to untangle the technogibberish that has erased the clear definition of privacy in to a sub-part of a 200+ page TOS amongst the 200+ companies people use daily transparently.
So I seem to understand what you are stating here is that my company’s data won’t be gathered to be sold as a product that could harm my company i.e. opposition research. My personal data as the person who registered this product will also be kept private, not sold in any way shape or form, anonymised or not.
As a all conclusive summary, we understand the CF service is based on gathering data, processing it in a proprietary way, and selling protective services to us all using the knowledge gleamed from my company’s and everyone else’s data, nothing more.
If this is the scenario, I will put my tinfoil hat back in a box. Otherwise, I have to wear it while I go shopping for a service that clearly will protect my personal privacy and my customers.