As a data protection company, we always adhere to these three principles when developing our products and operating our services:
- Data Economy: We only process and store the data that we really need for the processing of the respective process.
- Privacy by Design: Data processing is always carried out according to the “Privacy by Design” principle, whereby we always pay attention to a high level of data protection already during the development of a function.
- Privacy by Default: All configurable functions are preset so that they generate, save or transfer as little data as possible.
Data processing when using the eBlocker
A basic design principle of the eBlocker is not to record any usage data during operation of the eBlocker and in particular not to send any usage data whatsoever to the manufacturer (eBlocker GmbH) or any third party that goes beyond the unavoidable data that is generated as part of normal Internet communication. Even for the unavoidable data, eBlocker may provide the user with options to control the scope, recipient or time of transmission. The development of the eBlocker was guided by the following principles:
- Avoid data storage on the device.
- All eBlocker-specific services of the device work autonomously without additional cloud servers. This means that there is no direct or indirect data outflow from the device to eBlocker GmbH or other third parties.
- For unavoidable Internet connection data (DNS queries, routing), the eBlocker offers the user additional options to at least control which servers receive this data.
The following sections explain some important aspects in more detail.
The eBlocker filter functions work independently
The pattern recognition and filtering functions of the eBlocker are completely self-sufficient and do not use any cloud services. These include tracker and ad blocking filters, malware filters and parental control filters. Therefore, no information about the accessed websites is sent to eBlocker GmbH or a third party.
The eBlocker itself does not save any connection data
The eBlocker also does not store any connection data on the device itself. There are the following exceptions:
- The device’s own DNS server – like any other server – has a cache that stores the last queried domains in order to optimize response times. The retention time corresponds to the TTL time of the DNS responses, typically a few minutes. There is no interface to selectively read this cache.
The DNS cache can be emptied manually at any time via the administration interface. The user can switch off the eBlocker DNS server at any time.
- To optimize the filter functions, filter results for called domains can be stored locally in the eBlocker. This data is stored encrypted by the eBlocker. There is no interface to read them specifically.
- To analyze and troubleshoot SSL connection problems, the user can enable recording of SSL connection problems. Recording can be enabled individually for each device in the home network. In the event of an SSL connection problem, the device concerned, the time and the domain addressed are saved and displayed by the eBlocker in the administration interface. These recordings can be deleted manually at any time and will be deleted automatically after seven days.
- A similar feature allows you to record all SSL connection data of a device for a maximum of 15 minutes, also for analyzing and resolving SSL connection problems. This recording function stops itself after 15 minutes at the latest and only records the SSL connection data of a single device in the home network.
Distribution of DNS queries
One of the unavoidable connection data that occurs when establishing Internet connections is the DNS query for the resolution of Internet domains. Here the eBlocker offers the user the possibility of specifying several external DNS servers and selecting them accordingly so that the queries are distributed evenly over all DNS servers, so that none of these servers can create a complete profile of the queries. The user is free to choose the DNS servers, the number is not limited. In addition, DNS requests can optionally be sent over the Tor network (even if the rest of the traffic is not routed over Tor).
Obframe routing data
To prevent the user’s Internet provider from receiving detailed connection data via the routing of Internet requests, the eBlocker offers the user the option of encrypting the entire Internet communication of individual devices or the entire home network via Tor or an OpenVPN-enabled VPN provider. The eBlocker GmbH is not involved in the communication at any time. The user has the free choice of any VPN provider. When routing via Tor, the countries of the exit nodes can be freely defined by the user.
Analysis of the SSL traffic
The core of the eBlocker works with a technology in which the data packets are examined for patterns of data collecting services. This pattern analysis can only be performed if the data traffic is decrypted in the eBlocker. If the user also wants eBlocker protection for SSL connections (via https), the SSL function must be explicitly activated on the eBlocker. When activated, a Root-CA certificate unique to each eBlocker is generated in the respective eBlocker. In order to decrypt encrypted connections, the eBlocker then forms the end of the end-to-end encryption of an SSL connection. It validates the website certificate and the revocation lists instead of the browser. The eBlocker Root-CA certificate has to be integrated into the browser or the operating system of the end device once in order to encrypt it again to the end device of the user. The eBlocker then uses its Root-CA certificate to sign the website certificate to secure the encryption to the end device. The Root-CA certificate has a validity period of three years. The user can generate a new Root-CA certificate at any time, in which the validity period (12/24/36 months) can be freely determined.
Data storage when purchasing an eBlocker
If an eBlocker is purchased from a retailer, the user only contacts eBlocker GmbH when the eBlocker is activated. Accordingly, the e-mail address used for activation is the only date known to eBlocker GmbH for this user.
If the eBlocker or an update license was purchased via the eBlocker online shop, the online shop system will additionally record and store the delivery address (only for device shipping), billing address and e-mail address.
In addition, data may be collected for payment processing purposes, but is never stored in the online shop system: All online payment transactions are processed via standard interfaces of online payment systems (Paypal, Stripe), so that eBlocker GmbH is at no time in possession of data such as credit card number or account number of the customer. In particular, such data is not stored in databases or on servers of eBlocker GmbH.
The reversal of a purchase also takes place via the systems of the above-mentioned online payment systems, whereby anonymous tokens are used for this, which are used by the respective payment provider for payment in the case of reversal. The only exception is the purchase by prepayment with manual transfer to the account of eBlocker GmbH: Here the customer must be asked for his bank details in order to be able to refund the purchase amount. These bank account details are only used for manual returns and are not stored in a database of eBlocker GmbH.
Further details on data processing on the website (in particular on tracking) can be found in the data protection declaration of the website: https://eBlocker.org/de/datenschutz/
Data storage when the eBlocker is activated
The e-mail address entered during activation is used exclusively to check the applicant’s authorization in the event of a license reset (i.e. release of a license for transfer/sale). In particular, the e-mail address provided during activation will not be passed on to third parties and will not be used for other purposes such as sending advertising.
Data storage when updating the eBlocker
In order to act autonomously (see above), the eBlocker must be regularly supplied with updated patterns, filter lists and other data. For this purpose, the eBlocker has a function for automatic or manual updating. The user can decide for himself whether the eBlocker automatically checks for updates once a day at freely selectable times via a retrieval from an eBlocker cloud server, or whether he wants to carry out this check manually.
To receive updates, the eBlocker must have a valid license and an associated X.509 certificate with associated private key. This certificate is uniquely assigned to the activated eBlocker, but does not contain any user data. In particular, neither the e-mail address, nor an IP or MAC address of the user.
When checking for updates, only this certificate is transferred to validate the update authorization. The update server stores a reference to this certificate and the corresponding activated license as well as the time of the request.
These update requests are the only data that eBlocker GmbH collects and stores centrally during the operation of an eBlocker.
The IP address used for the update request is written to the server log files for technical reasons. However, it is not systematically evaluated and, in particular, is not stored in a database or otherwise linked to the above-mentioned update data or other user data.
Data storage for support cases
Customers can contact eBlocker Email Support with any questions they may have. All information provided by a customer in the context of a support request is voluntary. The support data are stored in the support system of a corresponding provider (Zendesk, GDPR-compliant), additionally in the e-mail archive of eBlocker GmbH with corresponding legal obligations for storage. The support requests are not systematically linked with the data of the online shop, the activation data or the update requests.
eBlocker diagnostic report
To support the analysis of technical problems, the eBlocker support will ask the user to create an eBlocker diagnostic report and to send it by e-mail or to add it to the support system.
This diagnostic report contains a specially created diagnostic file with information about the local network of the user: number and type of network devices, their local IP address and MAC address, the external IP address of the user as well as further data about the current configuration of the eBlocker.
In addition, the diagnostic report contains some additional log files that can provide information about the use of the eBlocker.
All files are simple text files that are packed into a compressed tar archive. The user can view these files at any time before sending them to eBlocker Support.
Source code view by security expert
eBlocker GmbH is happy to grant security experts access to the source code of the eBlocker at any time if an NDA (Non Disclosure Agreement) has been agreed.