Similarweb's controversial route to Wall Street

Some experts claim the Israeli web analysis company's past practices violated user privacy, before tougher EU regulations and Google policies were implemented.

In recent years, Similarweb (NYSE: SMWB) has become the leading measurement tool for the activities of websites and apps. The company's successful Wall Street IPO in May put the Israeli unicorn on the map and its high-profile billboard ad campaign introduced hundreds of its employees to passersby in Tel Aviv.

However, an investigation by "Globes" found that up until 2017, in order to gather data about the popularity of websites and apps, Similarweb engaged in controversial practices that violated the privacy of users. Actions taken by Google and changes in privacy laws in Europe compelled Similarweb to diversify its data sources and purchase statistical information about user figures from partners like cybersecurity companies and telecoms, which enabled it to grow and eventually become a publicly-traded company.

The Tel Aviv-based company's search engine allows measuring the performance of every website and to understand the behavior of its users. Similarweb lets you understand how many users visit, where they are located, and the situation compared with rivals. To a great extent, Similarweb has become the main measurement tool on the Internet.

This has enabled the company to be very successful in business terms. Similarweb raised $232 million as it grew from investors such as Viola, Haim Saban, Moshe Lichtman, Udi Recanati and Yossi Vardi. The company has almost doubled in size over the past two years and currently has 900 employees. Similarweb's Wall Street IPO in May was at a company valuation of $1.6 billion, though since then the share price has fallen 10%.

The company's research reports are quoted throughout the web and its product, a subscription to the databank ranking sites and apps, serves decision makers worldwide in market research, locating potential customers or companies for investment. Despite all this, Similarweb's success in its early years between 2007 and 2017 can be attributed to its information gathering strategy, which included distribution of a range of software programs that violated the terms of Google and Mozilla, which made the Firefox browser, until they removed them from the web.

These practices, which were implemented until 2017, probably have a connection to Similarweb's success in becoming synonymous with Internet research - a brand that in the past belonged to the Alexa ranking engine.

Similarweb began as a supplier of applications for user seeki8ng to create recommendations. Its first application, Similar Sites, provided recommendations of other sites to users and earned major popularity. Only subsequently did the company switch the concept to presenting site rankings and developed the Similarweb application, which in time became the company's name.

Looking over user's shoulders

In 2017, Similarweb acquired a browser extension called Stylish for a bargain price, which allowed users to change the backgrounds of websites. Similarweb had identified an opportunity. In 2018 an American cybersecurity expert Robert Heaton found that Stylish was collecting data on users Internet history on its browser. He claimed that a controversial code had been installed by Similarweb, which allowed it to receive surfing data simultaneously on 1.8 million users.

At the same time, the privacy policy of the extension was changed with a declaration that claimed that the aim of monitoring users was to improve continued use of the extension itself, so that it could learn what type of backgrounds were best suited to which sites and thus make it able to recommend to users to change the background accordingly. Immediately after the report by Heaton, and following criticism from users, Google and Firefox removed the extension from its stores, claiming that it violated their terms.

According to Heaton, the code tracked the full web address, instead of providing just domain names and even collected the Google searchers of the user from their browser. The extension did at least allow users to ask to remove themselves from these collection capabilities and reports by the application. After being removed, Similarweb published the extension anew, without containing the code which contradicted Google and Mozilla's terms.

Even before that in 2016, cybersecurity researchers at Northeastern University found that the Chrome extension linked to Similarweb had collected details of eight million users. The research was published on the site of the US Federal Trade Commission as part of its consumer protection activities and were harshly critical of the behavior, calling it a software spying on users and among other things transferring their web-use history, key search words typed into the search engine and even their history on internal web sites.

The research even located a library of free chrome extensions, which were advertised in the Google store under the name upalytics.com, which tracked users in real time on every site that they looked at. The research also found a connection between Upalytics and Similarweb and a range of related sites such as secureweb24.net, simiolarsites.com, all of them sponsored under the same cloud account and under a service which hid the ownership of who was receiving the data. The research claimed that the aim of the network of sites was to track user behavior on Chrome extensions.

The 42 Chrome extensions featured by the research, including a software for filtering the details of the users' history, were programmed for reading text and to download clips from Facebook, were installed eight million times.

"What is outrageous is that some of these extensions pretend as if they help secure the device with applications such as protection against phishing attacks or filtering content," wrote the researcher Michael Weissbacher.

Among the extensions that the research identified were Do It, a personal motivation and empowerment extension by the actor Shia LaBeouf, which interrupts users and calls out motivational slogans. Another extension blocked video ads. The extension declared that it does not disturb the user experience with ads, something which happens in most other extensions.

A senior source at Similarweb said, "At the same time in the middle of last decade, the rules of what was allowed and prohibited were not clear, and our ability to control our partners on the web was limited. Some of them operated in a way that we would not have expected of them. When Google entered the market, we could control with greater transparency and these phenomena stopped."

Setting out on a new path

Between 2016 and 2019, there were a number of changes in Similarweb's environment, which force it to change the way in which it collects data from users. It began with a change of policy from Google about the distribution of extensions in its Chrome store, which prohibited, for example, collecting data from users in certain ways or restricting their ability to undertake extra actions beyond the declared aim for which the app was opened.

This change harmed not only Similarweb but also a range of Israeli companies who had developed extensions including Coduit, Babylon, Webpick and Superfish. In 2018, the EU's General Data Protection Regulation (GDPR) came into effect, transforming the industry with binding service rules from news sites to Google and Facebook about declaring user privacy and details collected about users.

Similarweb, which had already reached a critical mass of users and proven to Google that its products brought added value to users, designed its products according to the new internal regulatory demands of Google as well as Apple and Mozilla. Today, Similarweb still offers popular applications like Stylus, SimilarWeb and Similar Sites but these comply with the EU regulations and Google's policies and require a specific approval from users regarding data collection from the browser.

During that same period of a change in direction, and at a time when a solution was required for monitoring traffic on mobile phones, market sources claim that there was a temporary fall in the credibility of data. Even today, the information presented many times is approximate data, computing data from dozens of sources, so that it represents an estimation and is a relative rather than absolute number.

Data exchange with Check Point

Similarweb also began partnering with information providers about user habits in various areas including telecom providers and cybersecurity companies like Check Point Software Technologies Ltd. (Nasdaq: CHKP). Unlike with the distribution of applications, these were more expensive deals, for which Similarweb had to pay.

Similarweb's information sources are currently dispersed over four fields: users who agree to share their browsing data on various browsers including Similarweb extensions; extracting data directly from web 'crawlers,' sensors that receive information automatically during Google searches, using Wikipedia, search stores and apps and more; data partnerships with credit card companies, telecom providers, cybersecurity companies and content delivery networks (CDNs); and software allowing websites to share data with Similarweb for marketing needs.

One of those companies is Check Point, which earlier this year signed an agreement to provide Similarweb with aggregated information about the most popular sites in certain countries, while in exchange Check Point will receive names of new domains and can assess the level of their security. "Globes" has been informed that as part of this contract, Check Point explicitly requested that the agreement would not include the Stylish extension and any information transferred between the two companies would not be connected to it.

The senior source in SimilarWeb said, "Even today Similarweb receives information from browser extensions. However, if the app stores decide to remove them for whatever reason, this would have a minimal impact on the performance of the measuring system."

Similarweb said in response to this report," We are talking about repeating foreign reports from 2016 that back then were groundless and were refuted many years ago. The only place where they still exist are in Google back searches and Globes newspaper this evening. Similarweb has one of the strictest compliance and supervision systems in the world and after being thoroughly checked out the company held its IPO on the NYSE several weeks ago."

Check Point declined to comment on the report.

Similarweb

Area of activity Ranking the performance of websites and apps.

History Founded by Or Offer in 2007 as SimilarGroup. IPO in May 2021 at a company valuation of $1.6 billion.

Facts and figures The company has 900 employees, raised $176 million in its IPO and $232 million in private financing rounds.

Something more Similarweb's first application was called Similar Sites and recommended to users similar sites to the one they were currently looking at.

Published by Globes, Israel business news - en.globes.co.il - on July 4, 2021

© Copyright of Globes Publisher Itonut (1983) Ltd. 2021

Twitter Facebook Linkedin RSS Newsletters גלובס Israel Business Conference 2018