← Back to blog
Privacy March 31, 2026

Building a Browser Extension That Collects Nothing

Every browser extension privacy policy says “we don’t collect your data.” Most of them are lying, or at best, being creative with definitions. Shield was built to actually mean it, and that constraint shaped every architectural decision.

No backend, no telemetry, no phone-home

Most extensions need a backend for analytics, user accounts, feature flags, A/B tests, and crash reports. The backend is where data collection creeps in, even when you call it “anonymous telemetry.”

Shield’s free tier has no backend. Zero server calls. The extension loads, runs locally, and never phones home. You can verify this yourself by installing it, opening DevTools, and watching the Network tab. You won’t see a single outbound request.

That single constraint cascades into everything else we build.

What we gave up

We don’t know how many people use Shield. We don’t know which features they use, what sites they visit, or what their average privacy score is. Most product teams would consider this unacceptable.

When Shield crashes, we don’t get an error report. There’s no Sentry, no LogRocket, no error boundary that phones home. Users have to tell us what happened, and we lose information because of it. We’ve accepted that tradeoff.

We can’t roll features out to 10% of users and measure impact. Every user gets the same build because A/B testing requires tracking users, and we don’t track users.

We can’t personalize, recommend features based on usage patterns, or surface tips based on browsing behavior. Every user gets the same experience.

We also can’t prove our user count to investors. If we ever raise funding, that’s a real handicap.

How we improve without analytics

We rely on user feedback, bug reports, feature requests, and public reviews. These are slower feedback loops than analytics dashboards, but they don’t require surveillance. When you can’t rely on data to tell you what’s working, you have to think harder about what should work.

Storage stays local

Shield stores privacy scores, site history, and tracker counts in chrome.storage.local. This data never leaves your browser. It can sync across Chrome instances if you have Chrome Sync enabled (that’s Chrome’s feature, not ours), but it never touches our servers because we don’t have servers.

The storage cap is Chrome’s limit of roughly 10MB. We keep the last 100 sites and 200 tracker entries, which is enough for a useful dashboard without growing indefinitely.

The one exception

Shield Premium ($4.99/mo) needs to know that you paid. This is the one place we collect information: your email via Stripe and a license key.

The license key is HMAC-signed and validated entirely offline. After the initial purchase, the extension never calls our server to verify your subscription because the key encodes its own validity. A determined person could share their key, and we accept that tradeoff because the alternative is phone-home license verification, which would mean the extension calls our server on every startup.

Why it’s worth it

If a privacy tool collects your data, it is not a privacy tool. It is privacy theater.

52% of browser extensions collect user data, so “we collect less than competitors” is not a meaningful value proposition. “We collect nothing” is.

The architecture constraint forces better design. When you can’t phone home, you have to build things that work offline, every time, without exception. Zero collection isn’t a limitation; it’s the product.

← Back to blog