We rely on the whitelist to block all new threats, putting us ahead of domain-based blacklists. The server side checking is just to create a grade for privacy which you can look at for informational purposes as you browse.
We don't need to send any information to our service to protect you from bad sites because that is handled locally. The browser history already exists so the load on your machine is the same with or without Apozy. We use the headers to make it efficient for a large number of sites - 1M+
Using the extension without opting in means you don't see site privacy grades but you're still protected using a Trust on First Use model of security created with your browsing history.
The reason why we're better at that than an AdBlock is because we use a whitelist approach. When using a whitelist, all the newest sites and attacks are blocked by default. AdBlock will always be slightly behind on that. Additionally, AdBlock won't protect you from inputting your credentials into a phishing site if you somehow end up on a bad site. As a side benefit, since we don't scan the DOM, we don't slow anything down!
There is no data collection by default. Everything is opt-in. The only information we communicate is what you opt into. The browser history stays in your browser and is not sent to Apozy.
If you're opted into privacy scoring it sends only the FQDN of the current site to our service. We conduct privacy scoring on the server side because it would slow down the browser otherwise. If you're opted into community protection, CSP violations are sent with the URL. This allows us to detect undiscovered malicious sites and share them back to the community.
Currently we have no plan to share any information to monetize on the consumer end. We make money by enabling businesses to control fine grain permissions on corporate rollouts.
Thanks! We're working on device support across the board, improved privacy scoring, and toying with the idea of adding Google's Perspective - https://www.perspectiveapi.com.
Site comparison is done natively using Chrome's history APIs. As far as representations for each site, we don't need to scan the DOM because our extension relies on native sandboxing via CSP headers.
Browsing habits are analyzed locally. We only collect data if privacy grades or community protection is enabled via opting in. For those features we only collect the bare minimum to conduct analysis and the dataset is anonymous.