Building a Browser Extension That Collects Nothing
Every browser extension privacy policy says “we don’t collect your data.” Most of them are lying, or at best, being creative with definitions. Shield was built to actually mean it, and that constraint shaped every architectural decision.
No backend, no telemetry, no phone-home
Most extensions need a backend for analytics, user accounts, feature flags, A/B tests, and crash reports. The backend is where data collection creeps in, even when you call it “anonymous telemetry.”
Shield’s free tier has no backend. Zero server calls. The extension loads, runs locally, and never phones home. You can verify this yourself by installing it, opening DevTools, and watching the Network tab. You won’t see a single outbound request.
That single constraint cascades into everything else we build.
What we gave up
We don’t know how many people use Shield. We don’t know which features they use, what sites they visit, or what their average privacy score is. Most product teams would consider this unacceptable.
When Shield crashes, we don’t get an error report. There’s no Sentry, no LogRocket, no error boundary that phones home. Users have to tell us what happened, and we lose information because of it. We’ve accepted that tradeoff.
We can’t roll features out to 10% of users and measure impact. Every user gets the same build because A/B testing requires tracking users, and we don’t track users.
We can’t personalize, recommend features based on usage patterns, or surface tips based on browsing behavior. Every user gets the same experience.
We also can’t prove our user count to investors. If we ever raise funding, that’s a real handicap.
How we improve without analytics
We rely on user feedback, bug reports, feature requests, and public reviews. These are slower feedback loops than analytics dashboards, but they don’t require surveillance. When you can’t rely on data to tell you what’s working, you have to think harder about what should work.
Storage stays local
Shield stores privacy scores, site history, and tracker counts in chrome.storage.local. This data never leaves your browser. It can sync across Chrome instances if you have Chrome Sync enabled (that’s Chrome’s feature, not ours), but it never touches our servers because we don’t have servers.
The storage cap is Chrome’s limit of roughly 10MB. We keep the last 100 sites and 200 tracker entries, which is enough for a useful dashboard without growing indefinitely.
The one exception
Shield Premium ($4.99/mo) needs to know that you paid. Stripe handles payment processing and collects your name, email, and billing address to take payment and meet tax law; card data never touches Symvek, and Symvek’s own servers store only an opaque billing ID and your license key as a one-way hash.
To confirm a subscription is active and to enforce the per-account device limit, the Premium extension checks the license against our server. It sends a one-way hash of the license key and a hashed device identifier, and nothing else: no browsing history, no URLs, no page content, no identity. The result is cached and the check runs periodically rather than on every page load, and if our server is unreachable the extension keeps working through a grace window instead of locking you out. This is the one network call Shield makes to a Symvek server, and it exists only because a paid tier has to know it is paid. The device limit is what stops one key being shared across the internet, which is why the check lives on the server rather than purely in the extension. The free tier makes no such call at all.
Why it’s worth it
If a privacy tool collects your data, it is not a privacy tool. It is privacy theater.
Plenty of browser extensions collect user data, so “we collect less than competitors” is not a meaningful value proposition. “We collect nothing” is.
The architecture constraint forces better design. When you can’t phone home, you have to build things that work offline, every time, without exception. Zero collection isn’t a limitation; it’s the product.