Security and privacy are often presented as a trade-off: accept more monitoring, get more safety. But a great deal of the “monitoring” in consumer security tools isn’t there to protect you — it’s there to fund the product by collecting and selling data about what you do online. That’s a business-model choice, not a technical necessity.
The hidden cost of “free”
When a tool is free and the company still profits, the data is often the product. Browsing history, search terms and behavioural profiles are valuable, and some “protective” extensions and apps quietly build and sell them. The irony is sharp: a tool you installed to stay safe can become its own privacy risk.
You don’t have to accept that bargain. The key question to ask any security tool is simple: what do you collect, and why?
How protection can work without watching you
Effective threat detection doesn’t require building a profile of you. It’s possible to design protection around a principle of data minimisation — collecting only what’s strictly needed to detect a threat, and nothing about your identity or habits:
- Analyse the page, not the person. To decide whether a page is phishing, what matters is the page’s structure and behaviour — not who you are or where else you’ve been.
- Decide locally where possible. Much of the judgement can happen on your device, in the moment, without shipping your browsing history to a server.
- Don’t retain what you don’t need. A check can happen and be forgotten. Protection doesn’t require a permanent log of your life.
- Never sell activity. The simplest privacy guarantee is a business model that doesn’t depend on monetising your data in the first place.
Why this matters more than ever
Attacks increasingly target people directly — the human element appears in roughly 60% of breaches, per Verizon’s 2025 analysis. [1] That means protection has to sit close to where you work: in your browser and inbox. Precisely because that’s such an intimate vantage point, it matters enormously that the tool watching for threats isn’t also watching you.
A protective layer with deep access and a data-harvesting business model is a privacy accident waiting to happen. The same layer, built to minimise data and never sell it, gives you the safety without the surveillance.
Protection with privacy by design
SafeToOpen blocks threats in your browser and inbox without monitoring or selling your browsing. Read our approach to privacy.
Our Privacy Promise →What to ask before you install
- Is the company’s revenue based on subscriptions, or on data?
- What exactly is collected — and is it tied to your identity?
- Is the analysis done locally where it can be?
- Is anything sold or shared with advertisers?
- Are the answers clearly published, or buried?
The takeaway
“To protect you we must watch you” is a business model dressed up as a law of nature. Strong, modern protection can analyse threats — even brand-new ones — while collecting the minimum about you and selling none of it. Security without surveillance isn’t a compromise. It’s how it should work.