Activism and entrepreneurship in favor of digital rights and data privacy on the Internet

22/10/2021, por Angel

Activism and entrepreneurship in favor of digital rights and data privacy on the Internet

Sofía Prósper and Santiago Saavedra

co-founders of Tráckula and IUVIA

We interview  Sofía Prósper and Santiago Saavedra, the creators of the Tráckula, Association which fights for digital rights, technological sovereignty and privacy on the Internet. They are currently also the founders of IUVIA, a Galician star-tup that plans to decentralize the cloud. Sofía, an architect by training, 5 years ago jumped from buildings to the world of technology. She has worked as a disseminator on art and technology at the Espacio Fundación Telefónica. Santiago is a computer engineer very involved in the world of free software since 2009. Both are awarded by the Data Protection Agency in 2018 and also creators of the podcast Nada que Esconder and co-editors of the Techtopías newsletter.


Tell us how IUVIA was born and what is the philosophy behind

IUVIA was born as a consequence of wanting to get ourselves out of centralized cloud services. Wanting to protect our own data, the most sensitive, the photographs of a life, the information we have on our computer, our email. We realized that there were practically no alternatives other than setting up your own server, and that is not available to everyone. In other words, the conclusion was that no matter how much a person was aware of privacy, they had no accessible alternatives to be able to change their data management habits.

With this, we began to raise awareness about what was happening, and we set up a project, Tráckula, which became an association, and from there many people encouraged us to stop talking about the problem and do something to change it.

The truth is that we have not stopped talking about the problem, our podcast “Nada que Esconder”, but IUVIA as a project begins when a group of 5 people (Genoveva Galarza, Pablo Castro, David Pello, Santiago Saavedra and myself ) we applied to the European Next Generation Internet-LEDGER program by winning a grant to research and develop the technology and study commercial viability.

The 16 European teams of the Ledger-Next Generation Internet program


The IUVIA philosophy has a lot to do with our slogan, Own your data, be free, be the owner of your information, be free. As the English saying goes “There ain’t no such thing as a free lunch”, and when you use free services on the Internet you are paying with something. Sometimes with your privacy, sometimes with your attention. Our philosophy is to be clear: we offer you a product for a price. A product without small print, without losing your privacy, safe and without ads. On the other hand, the proliferation of “SaaS”, or Software as a Service, generates a dependence on centralized technologies with monopolistic tendencies, which we believe is very harmful for the consumer. Our intention is that both companies and individuals can enjoy the comfort of the cloud but in their own home or office, encrypted, and with secure access from anywhere in the world.



How do you go from being an architect and illustrator to co-founding a project focused on data protection and privacy? What can you tell us about Trackula?

This is a very good question! I love embarking on projects of different kinds and since I left my degree I have been very active, working as an architect in different studios, working at the same time as an illustrator for some brands and I have even illustrated a children’s story for the Planeta publishing house … But that is another story.


Sofía Prósper Illustration


In 2017, and without neglecting architecture and illustration, the projects in which I began to get involved were increasingly related to technology and its dissemination. That year Santiago Saavedra (my partner at IUVIA) and I presented to the MedialabPrado Visualizar’17 Migrations program a project called Trackula to analyze data migrations through the web. The idea was to represent in a didactic, close and even artistic way the leakage of personal data and subsequent profiling that we all suffer every time we go from one website to another. The result was a plugin for Firefox that allowed to view this and make it accessible to any user. In this link you can see one of the presentations we made:


Original Trackula team during Visualizar’17 at Medialab Prado


As a result of the repercussion that Trackula had, we decided to go ahead with the disclosure on privacy and turn it into an association from which to organize different initiatives around digital sovereignty


In recent years, different institutions, and society as a whole, have focused on the management, ownership, storage and use of our personal data on the internet. Do you think there has been a change of mentality in citizenship? Are we really aware of what and who accesses and uses our personal data for? How could society be sensitized and made aware in this regard?

Although the practices of exploitation of our privacy have occurred since the mass adoption of smartphones around 2009, it was not until the explosion of the scandal of Cambridge Analytica With Facebook in 2018 and its publication in the New York Times that citizens are beginning to react. It is understandable since until that moment there were no historical examples that would allow a reliable warning of what was happening, privacy activists dedicated ourselves to preaching in the desert, as doomsayers of an evil that apparently was never going to affect the democracy or society. In 2018 everything changes, we suddenly realize the influence that the practices of large technology companies can have on the democratic elections of a country like the US with the result of a Donald Trump elected as president.

We have to say that in 2018 something else happens, the European General Data Protection Regulation (GDPR) begins to be applicable. We assume that readers will remember the wave of emails received from platforms for which we no longer remembered having created an account or the cookie management panels every time we enter a website. Anyone who has a smartphone or who browses the web stops perceiving the use, treatment, management and exploitation of their data as an alien reality.

Multiple surveys over time are showing more and more mistrust regarding the use that companies make of the data they collect from their users. For example, the Special Eurobarometer 503, talks about the attitudes that Europeans take towards the impact of digitization in daily life and we can see that 8 out of 10 Europeans are indeed aware of the impact that social networks and Internet platforms have about the elections. Which is a very substantial evolution towards greater distrust in three years (Eurobarometer 460).


Inpfographic on Attitudes towards the impact of digitalization survey on daily lives


Now, despite the fact that citizens actually perceive data capitalism and surveillance, they often feel overwhelmed, powerless, without alternatives.


“We not only need to raise public awareness about privacy and data, we need coordinated decision-making by public and private institutions and accompanying legislation in the defense of our privacy as a fundamental right of the individual.”


Companies often justify the collection of personal data from users to improve the browsing experience, how much truth is there? Is it possible to balance privacy and accessibility on the internet? Do you think we will have to choose between the two?

Of course, observing the behavior of users on a system is a useful way to find and fix problems. But this is leading us to a mechanism where users of technological tools are subjects of technology testing, and where not only the essential data is collected and used for the bare minimum. When the software was distributed on CDs and it was not possible to assume that everyone had an Internet connection, what came out on the CD had to work, and for this all those studies “of experience and improvement of the product” were carried out before launching it. , in the company’s own facilities, with the informed consent of the participants, and limited in time and space to the interactions that took place there.

With the democratization of broadband access, more and more software began to be produced with less testing, and betas of products so minimal that they are not yet viable are released. This lowers the costs of having these tests, but in return we are in a process of constant espionage that over time has been seen to have many more uses than originally planned.

Whether we like it or not, this dynamic generated an economy and opened a new market, that of the attention and trade of personal data in the absence of coordinated global legislation on data protection. Europe already had data protection regulations (and Spain also before the EU Directives), but since they were written as Directives they did not have a homogeneous application and the legal scope was more limited. With the GDPR, the scope of fines for companies outside the EU that offer services to European citizens is expanded (hence the million-dollar fines for Google or Facebook).

Currently the market is in a new process of adaptation, but the reality is that this market is very large with a large lobby that supports it, and with the speculation that there was about the advertisements on the Internet and the money invested in it, the big capitals They are trying to slow the advance of legislation to keep their bets.

The new package of European legislation for digital services (the DSA / DMA / DGA) seems to follow the line of the Regulation and expand it not only to data protection but to the underlying issue: the regulation of the digital services market.


The official launch of IUVIA is scheduled for autumn 2021. What is your type of client, what demand and what use do you want to give to the services that IUVIA offers?

Indeed, we will appear on the Kickstarter crowdfunding platform with special prices for the first people to support us. We will inform all the people who want to leave us their email in We are targeting the campaign to two kinds of public: on the one hand, to SMEs, organizations and groups of people who are interested in keeping their data private and encrypted, in particular to that can be an added value for them or their clients.


Santiago Saavedra and Sofía Prósper, founders of IUVIA

With IUVIA they can work collaboratively online, with shared documents, calendar and email server with the possibility of having a corporate email address for each employee / partner.

On the other hand, individuals or families who are not willing to throw the phone into the river and give up the comfort and productivity that the use of online services gives them but who are concerned enough about their privacy to consider us a solution. The use that this type of client seeks is to be able to have backup copies of their computers and mobiles, including contacts and calendar, their own email server and future capabilities. IUVIA will also offer a decentralized marketplace, that is, an app store or repository from which to download other applications such as photo galleries, code repositories such as Gitlab or finance managers.


If IUVIA does not sell the personal data of its customers, How will it work, and how will it support itself financially?

Our intention is to do it honestly: we sell a product and a service in exchange for a price, we want to be clear with our public, and have a clear conscience to set prices that can sustain our costs. We ourselves will not be able to access the information or services that users have on their IUVIA devices.

Despite the fact that some of the big technology companies make us think otherwise, and it seems that the data market is the only one that works in technology, selling a product for money is still the traditional way of supporting itself financially. In fact, these same companies are already returning to the previous paradigm, Google Photos has begun to be paid, YouTube already has a premium version that may be giving us a glimpse of the future of the platform and Gmail with Google Drive has more and more space limitations. Maybe the data model, after all the legislative changes, is no longer so profitable.



IUVIA works by using open source. Why and what is the importance of using these open source elements?

For several reasons. The philosophical, which is that human knowledge belongs to all of us, and we should be able to understand how things work, and allow ourselves to collaborate and share our collaborations without repercussions.

For our customers, to give them the ability to audit the system so that they can see, and for independent experts to be able to confirm, that what we do is what we say, and also, for them to have greater certainty of being able to repair their device in local computer stores, without having to depend solely on us.

The pragmatics is also that it allows us that different organizations and people can collaborate in a project (contributing to IUVIA, or we contributing to other projects by incorporating their technology and making them part of the platform) without necessarily having money, contracts and lawyers involved, which makes it much more agile and easy to understand the relationship between everyone, and also, we all benefit from that collaboration. In addition, we believe that this makes the entire infrastructure more robust. By helping in the development of better open-source pro-privacy alternatives, inside and outside IUVIA, we will be improving the ecosystem, and that is good for everyone, whether they are our clients or not.


In 2018 you received the Emilio Aced research award from the Spanish Data Protection Agency. How do you remember it and what did this recognition mean for your work?

The work awarded by the Spanish Data Protection Agency was precisely the theoretical and above all practical exercise of the Trackula plugin. As an anecdote of the awards ceremony, we found it extremely interesting to be able to speak with Mar España, the Director of the Agency, since just that year the GDPR was implemented and they were in the process of transposing the European regulation into the national standard. There were many doubts about how to bring the theoretical and legislative part into the technical one, and we were able to chat with her hand in hand.

Awards such as that of the Agency, what they mean for your work and for your career, they are a podium from which to speak, and a recognition that what you are doing and how you are doing it makes sense, and above all, that you deserve to be heard. For me, as a woman in the world of technology with an eternal impostor syndrome, it helped me precisely to want to continue on this path. It was very rewarding.


Delivery of the AEPD Emilio Aced Research Award in 2018


In recent years, threats in cyberspace have multiplied: coordinated hacker attacks, use of ransomware … How is the security of our data guaranteed with IUVIA? Why is the use of a decentralized network important?

When the attacks are coordinated, we move in a terrain of many shades of gray. As in physical security, on the Internet it is also a continuum: there is no perfect defense. Any company that wants to convince you otherwise is trying to deceive you. What we can do is dedicate our best efforts, knowledge and investment in research to improving the quality of our defenses. And we are doing this, the operating system that runs in IUVIA is specially designed to “cage” each application independently, so that even for example if a vulnerability were discovered in the email server, it would be very difficult to jump from there to obtain information from, for example, your backup copies, or your contacts.

Decentralization is important because it entails a technological change in which we stop having a few custodians of a monopolistic technology, on which our data and services depend, and instead we replace it with a standard that allows us to talk to each other, regardless of where are those data and services.

For example, when Google’s authentication services went down for around 1h at the end of 2020 not only could you not access Gmail: many people use the “Sign in with Google” in other web services, which therefore indirectly they were also affected.

The more you centralize your dependency on critical services, the easier it is to break the system, what are called “single points of failure.” By decentralizing services and data, you avoid these points by design, and make the entire infrastructure more robust.


IUVIA official site-

Facebook: @IUVIA 

Twitter: @iuvia_






Get the latest articles, interviews and videos in your inbox

By clicking on "Subscribe" you accept our Terms and conditions and our Privacy policy