The other day I was chatting with my friend about Quantopian and he expressed his disbelief that they don't see our code. While I trust Q, the question did come up as to what controls are in place at Quantopian so that a random employee cannot access our code?
Can someone from Quantopian kindly prove us some insight on how they achieve this?
It's legal issue, not a technical one. I'm quite sure that from a technical perspective it's totally possible for Q to see your code.
Hello Pravin,
I'm going to start with some things that you already know for the benefit of other readers.
We are committed as a company to protect your intellectual property and to keep it private. We do not look at your code except for specific, rare exceptions that are explained in our terms of use. The exceptions include when a community member's algorithm is believed to be threatening our site security or we need to comply with any legal or regulatory requirements. Also, of course, sometimes members explicitly grant us permission to look at their code for technical support or other reasons.
Your code is on our servers. That's a necessary and important part of how Quantopian works. We provide clean data sources, computing power, code execution, broker integration, education, support, and more. Quantopian does all of these things without looking at your code. That's all possible because of the way our platform is implemented.
For this all to work, it requires trust. We've known from the very beginning that trust is vital. If we were to lose the trust of our community, our business would fail. We work to earn your trust every day. We commit to be transparent and open in how we do business. We are open about who we are (Find us on LinkedIn! See who we know in common) and about what we do.
For long-term community members, that will all sound familiar. And Pravin asked a different question that I'd like to answer. "What controls are in place at Quantopian so that a random employee cannot access our code?" I interpret that question to be about what internal controls we have in Quantopian for our internal employees. The controls are multi-layered, as most security systems are. Here are some of the relevant ones:
We regularly evaluate and improve these protocols. As our team, our community, and our product has evolved, we've made a number of improvements. One of the improvements that we've got in-progress right now is a way to give community members more control and visibility of their interaction with support. We're working on a way to give access to one algorithm at a time, that is granted for an explicit period of time, and can be revoked by the community member. That will be a further protection for community members.
I hope that helps to answer your question.
The material on this website is provided for informational purposes only and does not constitute an offer to sell, a solicitation to buy, or a recommendation or endorsement for any security or strategy, nor does it constitute an offer to provide investment advisory services by Quantopian. In addition, the material offers no opinion with respect to the suitability of any security or specific investment. No information contained herein should be regarded as a suggestion to engage in or refrain from any investment-related course of action as none of Quantopian nor any of its affiliates is undertaking to provide investment advice, act as an adviser to any plan or entity subject to the Employee Retirement Income Security Act of 1974, as amended, individual retirement account or individual retirement annuity, or give advice in a fiduciary capacity with respect to the materials presented herein. If you are an individual retirement or other investor, contact your financial advisor or other fiduciary unrelated to Quantopian about whether any given investment idea, strategy, product or service described herein may be appropriate for your circumstances. All investments involve risk, including loss of principal. Quantopian makes no guarantees as to the accuracy or completeness of the views expressed in the website. The views are subject to change, and may have become unreliable for various reasons, including changes in market conditions or economic circumstances.
Thanks Dan. I trust Quantopian else I wouldn't be spending so much time here. I guess this industry is paranoid and your answer helps a lot in comforting anyone with similar questions.
Dan -
What about the client side? There's a vulnerability there, too. Is there anything about the code that runs in the browser that ensures that there are not leaks? I guess if you are using https, it is as secure as anything else that is cloud-based.
Grant
Grant - The bullets I listed earlier were particularly relevant for the specific question Pravin asked about "random employees accessing code." For browser security, I'd write a different list. Some of the relevant additional ones:
The material on this website is provided for informational purposes only and does not constitute an offer to sell, a solicitation to buy, or a recommendation or endorsement for any security or strategy, nor does it constitute an offer to provide investment advisory services by Quantopian. In addition, the material offers no opinion with respect to the suitability of any security or specific investment. No information contained herein should be regarded as a suggestion to engage in or refrain from any investment-related course of action as none of Quantopian nor any of its affiliates is undertaking to provide investment advice, act as an adviser to any plan or entity subject to the Employee Retirement Income Security Act of 1974, as amended, individual retirement account or individual retirement annuity, or give advice in a fiduciary capacity with respect to the materials presented herein. If you are an individual retirement or other investor, contact your financial advisor or other fiduciary unrelated to Quantopian about whether any given investment idea, strategy, product or service described herein may be appropriate for your circumstances. All investments involve risk, including loss of principal. Quantopian makes no guarantees as to the accuracy or completeness of the views expressed in the website. The views are subject to change, and may have become unreliable for various reasons, including changes in market conditions or economic circumstances.
Thanks Dan -
I'd also contribute that over the years, my impression is that Quantopian has been very proactive and transparent about security concerns.
Generally, my impression is that information security is a super-challenging area of IT, particularly when you have everything wired up to the cloud. Good luck!
Grant
The material on this website is provided for informational purposes only and does not constitute an offer to sell, a solicitation to buy, or a recommendation or endorsement for any security or strategy, nor does it constitute an offer to provide investment advisory services by Quantopian.
In addition, the material offers no opinion with respect to the suitability of any security or specific investment. No information contained herein should be regarded as a suggestion to engage in or refrain from any investment-related course of action as none of Quantopian nor any of its affiliates is undertaking to provide investment advice, act as an adviser to any plan or entity subject to the Employee Retirement Income Security Act of 1974, as amended, individual retirement account or individual retirement annuity, or give advice in a fiduciary capacity with respect to the materials presented herein. If you are an individual retirement or other investor, contact your financial advisor or other fiduciary unrelated to Quantopian about whether any given investment idea, strategy, product or service described herein may be appropriate for your circumstances. All investments involve risk, including loss of principal. Quantopian makes no guarantees as to the accuracy or completeness of the views expressed in the website. The views are subject to change, and may have become unreliable for various reasons, including changes in market conditions or economic circumstances.
