Uncovering and explaining how our digital world is changing — and changing us.

AnchorFree — the company behind the popular VPN app Hotspot Shield — recently surveyed its users, asking them when they cared about privacy and security. And when it came to most of their activity online, like sharing photos to Facebook, the survey respondents said they didn’t care.

“But 30 percent of the time, almost everyone said they cared about their privacy enormously,” AnchorFree CEO David Gorodyansky said on the latest episode of Recode Decode. “That 30 percent was when it came to things like your healthcare, your finances and your family.”

From a consumer perspective, however, the problem is that ISPs and data-hungry companies like Facebook don’t discriminate based on what the user wants. They’ll hoover up any data that they legally can, which is why apps like Gorodyansky’s are so popular; Hotspot Shield has been downloaded more than 650 million times, he said.

However, he had a proposal for tech companies seeking to avoid government regulation: Turn off the vacuums for that 30 percent time in exchange for the valuable long-term trust of users who are turning against you.

“I don’t think there’s anybody in the world today that trusts Facebook,” Gorodyansky said. “I think they use ’em, it’s a great product, your friends are there and you want to hang out with your friends. But I don’t think anyone trusts them. That’s the thing.”

“If people are only concerned about protecting their data 30 percent of the time, it may not be a bad idea for these companies to say, ‘Look, let’s let people tell us when that 30 percent is and we won’t track them, for real,’” he explained. “‘And yes, our revenue will go down in the short term, but in the long term, our consumers are going to like us a lot more.’”

You can listen to Recode Decode wherever you get your podcasts, including Apple Podcasts, Spotify, Google Podcasts, Pocket Casts and Overcast.

Below, we’ve shared a lightly edited full transcript of Kara’s conversation with David.

Kara Swisher: Today in the red chair is David Gorodyansky, the CEO of AnchorFree, the maker of a virtual private network app called Hotspot Shield. It has 600 million users and Axios calls it “the most important mobile app you’ve never heard of.” We’ll talk about all of that and more. David, welcome to Recode Decode.

David Gorodyansky: Thanks for having me.

So, it’s a great time to be talking about security now, even though this is going to be airing later. There is a hearing tomorrow in the Senate about security and the lack of security on social networks. Obviously, everyone is concerned about the midterm elections and everything else. And most people are thinking really hard about how our technology is being misused, essentially, and hacked, and all kinds of different things. Not just hacked, but misused.

So, just give us a little background on your company, AnchorFree.

Sure. So, AnchorFree is one the companies that has been providing security and privacy for the masses over the last 10 years. We have about 650 million people that have installed our applications, across mobile devices and computers, and we grow by about 250,000 new downloads every day. Essentially, what we do for people is, our flagship app is called Hotspot Shield. It secures everything you do online, essentially making every app you use, every website you visit, as secure as your banking site or your banking app.

We’re used on public Wi-Fi, which is a big area where consumers have their identities and data stolen a lot. So, airports, coffee shops, hotels, in-flight Wi-Fi. We encrypt all the traffic from a mobile device or computer or phone and essentially secure it all.

The other thing we do is, we protect the users’ IP address, which is a unique number that your internet service provider assigns to you when you first connect to the web at home, or when you are connecting to Wi-Fi. And essentially we take that IP address, that unique number, and we throw it away. And so, it disrupts the ability of your internet service provider or random websites or hackers from tracking you across the web.

And understanding what you’re doing.

And understanding what you’re doing. They’re just seeing ...

They’re trying to collect data into what you wanna buy, what are you looking at, what are you seeing, so they can just have that data. Like a Comcast or a Verizon, or a Google.

Exactly. Well, until March of 2017, it was actually illegal for ISPs to collect and sell your data.

Right. Until then.

Yeah, as of March 2017, it’s now legal. They’re collecting and selling it without any problem.

Just like the Googles and the Facebooks, right?

Exactly.

Exactly.

And so, we’re protecting from that happening.

So, talk a little bit about the background now. When ... How did you start it?

So, my co-founder and I were both students when we started the company. We were 23 years old. And we were working out of coffee shops a lot and realized that Wi-Fi was unsafe and unsecure. We also realized that privacy as a whole was just gonna explode in the coming years, because billions of people are joining the internet on smartphones.

As a matter of fact, today we have 2.5 billion smartphone users. Over the next three years, we’re gonna have five billion. People are moving on from old Nokia feature phones to smartphones. And with ... We realized early on that privacy and security were gonna be super important for people. And so we started AnchorFree. In our minds, what we really wanted to do was solve a real billion-person problem. We wanted to essentially take control over information, over people’s data, away from corporations like Google and Facebook, hackers and governments. And give it back to the people.

And we felt like this would be something that really would be impactful at a huge scale, and essentially we started AnchorFree, launched Hotspot Shield. And most of our users, initially, were here in Silicon Valley using us. At Stanford, or wherever; on University Avenue, you need secure Wi-Fi. Until one morning we walked into our offices, and found a million Egyptians using our product. And we had no idea why.

Uh huh. They were all in your office?

They were ... none of them were in our office.

I’m teasing.

And we’ve never marketed in Egypt and we had no idea. We didn’t know anyone in Egypt. It turned out that the Arab Spring started, and Egypt blocked access to social media, and the only way people could get to information was through AnchorFree’s Hotspot Shield.

We looked at that and we thought, well, this is super interesting. Privacy and internet freedom are some of the most pressing human rights, technology issues, and also like moral issues. You know, providing freedom and privacy are right, are the right things to do. And we’re very idealistic and naïve. We’re 23 years old and we’re like, “Hey, we can devote our youth, our energy and our time to something that actually matters. And something that matters for a billion people.” Privacy and security could be a really good business, but it’s also important for the world, regardless of being good business. It’s just important for people. So, that’s how we started.

All right, so you ... but you have other things you do on the service, correct?

We do. We started initially with Wi-Fi security. Then we added internet freedom and privacy. And most recently we added protection from phishing, malware and spam. So it’s a more comprehensive security product, which protects consumers from most of their mobile security threats of today.

Where most of it happens on mobile. Although, you can do it on a computer.

Exactly.

Yeah, this has been sort of an area peopled by a lot of big competitors; Symantec, and others, over the years. So talk about how it’s morphed. Because obviously, it’s become a mobile issue. People are much more connected, almost always on. In computers, you weren’t always on, necessarily. You may’ve had it open at home, but it wasn’t used.

Right.

So, talk a little bit about how the challenges have changed. And how do you compete against ... Because there’s tons of these VPN sites. I’ve used them in China, I’ve used them lots of places. But not as a regular occurrence.

So, let me first start by saying that I think, and you know this really well, security and privacy threats are exponentially growing. You’re seeing things like Equifax getting hacked, you’re seeing Cambridge Analytica.

Well, that wasn’t a hack. It was a use.

Yes, that was selling of user data, right? All these vulnerabilities, of the Crack vulnerability, which was found last year in all Wi-Fi hotspots that people thought were secure and they weren’t. All these security and privacy challenges are just exponentially growing. And the companies, the biggest companies in the world around security, some of the companies you mentioned, are selling ...

McAfee.

A lot of the old-school security companies are selling, sort of, PC antivirus at Best Buy. Right? And we’re in 2018, and we’ve got massive security and privacy threats happening on our mobile phones. And so, we’re not seeing the old-school security companies addressing these challenges.

As a matter of fact, if you look at most of them, most of their revenue is coming from the old PC business and their mobile revenue is tiny. And so, we wanted ... we gotta set out on a path to build the next-generation security and privacy company that’s really gonna be for 2018 and for the future. And it’s mobile-centric, and it’s around protecting the privacy of your data that’s being collected by a bunch of third parties. It’s also about protecting users from phishing, which is a very big multi-billion dollar problem for consumers and businesses. And malware.

And so, we’re just not seeing a lot of solutions, we’re seeing a lot of challenges. So we believe we have the opportunity to build the next-gen security company.

Now you’ve raised how ... You’re a profitable company, correct?

We have been a profitable company for many years.

But, you’ve just raised an enormous amount of money. Can you talk about that a little bit?

Yeah. We raised a fairly sizable round. This is the fourth investment we have taken. And we’ve basically raised it for several reasons. One is really around what I was just saying, that there is an opportunity to build the next-generation security company that will secure the privacy and security of the next billion consumers and thousands of businesses.

To do that, we’re building new products to add to our ... to Hotspot Shield, to create a security and privacy suite. We’re also looking for M&A, some with new products that are gonna be geared towards protecting the security and privacy of the next billion people. We’re gonna build some, then we’re gonna buy.

And we believe that it’s really not about having one product, but a comprehensive suite, where the next group of consumers and businesses that are thinking about their privacy and security. They’re just gonna subscribe to this, or even use it for free. We always have a freemium model.

So you raised how much? How much did you raise in this round?

Close to $300 million.

And you had raised previously?

We raised $63 million before.

So, this was a big leap. And who is investing in this?

It’s a group of investors. The lead investor is WndrCo, which is a holding and investment company started by Jeffrey Katzenberg and Sujay Jaswa and Ann Daly. And the other investors include Accel. Accel Partners and several others funds.

Several others. And so, the idea is that you’ve gone along with a small amount of money, $63 million isn’t very much. And now you have to up the game, in this regard.

Yeah, essentially we want to build a product suite that a billion people will use for free and a hundred million people will pay for. And to do that, it’s a combination of products for security and privacy that we have to put together and build. And we’re looking at M&A as a pretty important focus area. We’re gonna be looking very carefully at interesting technologies that we can add to our suite.

Right, so talk about your business. How do you make money? And in the next section, we’ll talk about the risks people have and that you’re seeing and stuff like that. But talk about that.

Sure. So we generate revenue from a freemium business model, similar to a Dropbox or a Spotify. People download Hotspot Shield. They can start using it for free. And at certain points, we ask people to pay. We have users that use us for free forever. We have users that have been using us for five, six, seven years for free. But, at the same time, we have a percent of our users that are paying a subscription. It’s $12.99 a month or $75 a year. And that provides security and privacy for up to five devices.

A lot of businesses are also buying it. A lot of people are buying it for their families. CFOs are using us, people on Wall Street are using us. A lot of people use us to protect their health data.

But generally, it’s a freemium model where you get more and more services beyond a lower level of service. Correct?

Correct.

And what is the growth you’re seeing? Is it just as a VPN business, where people ... Where do you ... Or is it just different globally?

The growth we’re seeing is mostly around mobile security and privacy. We’re seeing, as I mentioned, 250,000 new users every single day.

So what are they looking for? What are they ...

They are looking for one of these four things. Either security and Wi-Fi. Privacy protection, even at home. You don’t want Comcast or whoever to see what you’re doing online. Protection from phishing, malware and spam. And also access to global content that may not be available in certain places, like the example of Egypt.

But I’ll tell you one interesting trend that’s happened over the last few years. Our usage has shifted heavily from being emerging markets-focused to being U.S.-focused.

Huh. So you’re going the opposite direction.

It’s very interesting, right? Typically, people start in the U.S., get market share.

Yeah. Right.

We’re very different. We’re a California-based company. All of our employees are here, and yet our usage for a very long time was primarily ...

Based in Egypt and China.

Exactly, emerging markets. Over the last two years, that has changed materially. We still are big in emerging markets and still are growing, but the U.S. is now like 50 percent of our usage. It’s just incredible.

And you’re feeling ... Why is that?

Couple of things. We saw a major spike when the FCC allowed ISPs to sell user data. We saw a major spike with the repeal of net neutrality. We saw a major spike in usage with the Crack vulnerability in Wi-Fi. Cambridge Analytica. All these things where people realized that, “Hey, my privacy is being compromised without my consent and my security is at risk.” All these things have caused major spikes.

And this is people in the U.S. who thought they were not ... They were not bought and paid for, essentially.

Exactly. Essentially, three years ago, people in the U.S. just didn’t care about privacy and security. And today that has changed in a fairly massive way. To a point that if you look in the App Store, what are the top 50 most-downloaded apps? You’ll see Facebook, you’ll see Twitter, and you’ll see a bunch of games.

Alex Jones, for a second. But, thank God that changed. But, go ahead.

You’ll see us.

Yeah.

There’s actually two apps that we own and operate that you’ll see in the top 50.

Which are?

Hotspot Shield and Betternet.

And what’s the second one do?

It’s essentially the same thing, only it’s targeting a younger demographic, more student focused. Hotspot Shield is more business professional focused.

I see. Okay. What do students need? That is more ... Hipper language?

Exactly. Different branding.

Okay.

But, it’s essentially almost every app in the top 50 apps on iPhone makes most of their revenue from selling data to advertisers. Right?

Right.

We make most of our revenue from protecting your data.

From advertisers and others.

From ISPs, from whoever. Right?

Right.

So, I firmly believe that the first three companies that essentially got to a billion people online were first Yahoo, then Google, then Facebook. I believe the next company that gets to a billion people online is going to be in the business of protecting your data.

From those people.

From those people. Those people are in the business of selling your data.

All right. That’s a perfect segue.

Let’s talk a little bit about what people should be worried about and what they shouldn’t. Maybe we’ll start on what they shouldn’t be worried about. What are some hype things that people should not think about?

We just surveyed our users and we asked them, “Do you care about privacy and security? And if so, when?” What we learned is that most people said that 70 percent of the time, they actually didn’t care about their privacy, they were happy to share pictures on Facebook or whatever. But 30 percent of the time, almost everyone said they cared about their privacy enormously. That 30 percent was when it came to things like your healthcare, your finances and your family.

People said, “Look, if I’m communicating with my friends and family, I want those conversations to stay private. If I’m doing some kind of financial transaction, logging into my bank, I want that to be private. If I’m researching things on WebMD or on Google around my healthcare, I want those things to be private, but other times I’m happy to be public and not be private.”

So, a lot of people have said, “Hey, are you going to disrupt business models of people that are ... of like Google and Facebook?” and I said, “I don’t think so.” Because essentially, I believe that there is a reason and an opportunity to provide privacy and security for billing people or more, and they may not need to be private and secure all the time. I think that if 70 percent of the time they’re like, “Look, we’re happy to share our data,” that’s fine. But that 30 percent of the time where people want to be private, they should have the ability to click a very easy button and protect themselves.

So, let’s talk about what’s at risk, what people don’t realize. When I was using a VPN, I still use a VPN, I was somewhere and still using it, he was like, “Don’t use that, they have” — I’m not going to name them, but they’re from China. Explain what the problems are with some of these things.

There’s a number of problems with using security products from companies that are not well known, or not known at all. In the VPN industry, specifically, there’s some well-known players, there is AnchorFree, there’s Symantec and McAfee and Kaspersky and Bitdefender, sort of like, people in the security space that you kinda know. Even Verizon just launched a VPN, right? Samsung launched a VPN and that’s fine, and there is like all these sort of …

Yeah, the people collecting your data, launching a VPN. Obviously.

Well look, let’s talk about that in a sec.

Okay.

Then there is completely unknown players, and so consumers and businesses have to do a little bit of research and say, “Hey, are these people transparent about how they collect and treat data? Do they share data with governments, do they …?” whatever else. There are VPN companies that are, um, like a lot of VPN companies don’t disclose who’s on their board, who’s on their management team, who are their investors, have they ever issued a transparency report?

There is an independent report that was published today, actually, from AV-Test, which is a German security auditor. They analyze the security space. They have been around for a long time, they’ve been analyzing antivirus products and other things. So they just issued a report on VPNs, and what they found was that most VPN companies shared no transparency. This is a trust and transparency report.

AV-Test specifically studied how transparent are these companies with their data-collection practices, and also who they are and their jurisdiction and all these things. They found that most of the industry didn’t disclose even their location, their management teams, their CEO, nothing. Pretty scary. One of them happens to be in China, which is even more scary. Then they studied who has issued a transparency report, and they found actually there is only three companies in the VPN space.

Explain what a transparency report would do.

A transparency report is a legal official statement, a document, which shows how many subpoenas or requests for information ...

From government.

From various governments around the world a company has received, and how much information have they shared.

Right.

When you’re thinking about security and privacy, it’s fairly important the products you use are run by companies that are transparent and they have transparency reports.

And will resist subpoenas, incorrect subpoenas.

Exactly, and will either resist, or even better, will just have no information to share because of the way they’re architected. See because resisting subpoenas, it’s a very hard game, especially for startups. The best way to protect user data is to not collect it, because then you don’t have to resist anything, you just have nothing to hand over.

This AV-test report found that only three companies in the VPN space, for both consumers and businesses, have issued transparency reports. Those three companies were Cisco, Avast and AnchorFree. Nobody else has issued a transparency report, and according to the transparency reports both Cisco and Avast shared information with law enforcement or with governments, different governments around the world. AnchorFree is the only company that hasn’t shared any information.

And why?

The reason is very simple.

You just don’t have it?

We just don’t have it. We’ve gotten over a hundred subpoenas over the last two years, we just have nothing to share.

Right, no matter what they’re asking for, you’re like ...

It’s very simple: The best way to protect user data is to not log it or store it.

Right.

So, if you don’t have it, you have nothing to hand over.

So it just passes through you, is really what’s going on.

Exactly.

So, what else should people be worried about? Let’s start with just regular case scenarios. One is don’t go with a VPN that’s based in China. That’s kind of basic.

Yeah.

Which Kara Swisher did, thank you very much. So get a company that is transparent about how it deals with subpoenas, how it deals with the information, that doesn’t collect information. That’s one. Two, what about in public spaces, using public Wi-Fi’s?

Super important to use VPN.

Tell people why, again and again. What do people do?

Every time you connect to a public Wi-Fi, it’s super easy … let’s say you are sitting at the airport and you’re connecting to the San Francisco airport Wi-Fi, it’s super easy for a hacker to pretend that he or she is the San Francisco airport Wi-Fi and you are actually connecting through that hacker to the San Francisco airport Wi-Fi, and they are seeing in plain text everything you’re doing, your passwords, your emails.

They won’t necessarily see your passwords if you don’t use them, correct?

Correct. They’re seeing whatever you’re doing.

Whatever you’re doing. Right.

The same thing if you’re using inflight Wi-Fi. A lot of us people that fly for business use Wi-Fi all the time and fly.

Yes, I did that last night.

Yeah, super easy for hackers to see what you’re doing. And so, even if the network is safe, it’s secure, it doesn’t matter because everyone is connecting with the same password. Right. So what we do is essentially, if you turn on Hotspot Shield, we encrypt your whole network. It just looks like a bunch of gibberish to the hacker. So even if a hacker is trying to inspect your traffic, and even if you by accident connect through a hacker machine to the Wi-Fi, it doesn’t matter because it’ll take them 10 years to decrypt whatever you’re doing.

Right, and pointless.

And pointless.

It’s most likely an email to your mother or something like that.

Exactly.

So, that’s one, don’t get on public anything. Which, people don’t listen to.

If you get on to public Wi-Fi, very simple …

Be protected.

Use protection, right, use protection when connecting to public Wi-Fi. Hotspot Shield is free, there is a free version, or others. The other thing is, you’re in the privacy of your own home, and your internet service provider is tracking what you’re doing. Another major challenge for people …

What do they track exactly, so people can know?

Everything, every website you visit, everything you do, the whole data stream. Now some of it may be useless, they may not care about your email to your mother, but there’s other stuff that may be useful. I’ll give you a practical example …

Look at or go to Amazon, look at or go to this.

Well here’s the worst possible scenario. A colleague of mine went to Stanford hospital, and the people at Stanford told him, “Look, if you’re going to be researching health-related things on Google or WebMD, make sure you use some kind of protection, because that information is sold to your insurance company and your premiums could go up.” That’s kind of the worst scenario of your data being collected by legitimate corporations without your consent.

It’s supposed to be anonymized, right? Not necessarily ...

Yeah, it’s supposed to be.

Yes, but they can guess, correct?

Yeah.

So, they can take information and piece it together, about you particularly, even though it’s supposed to be anonymized or put in a bulk, correct?

Totally.

But people can find them rather easily, from what I understand.

Very easily. Very easily.

The other big problem is ... You know, everybody is concerned about Facebook selling user data, but actually there is a bigger concern, which is Facebook buying user data.

Right, I’d love to talk about that, because they don’t, I mean, Mark Zuckerberg interestingly at the hearing said “we don’t sell your data,” what they do is combine it with lots of other things and then sell the insights.

Exactly. The concern …

That’s the more dangerous thing.

Exactly. Facebook could argue that if you go to Facebook and you “Like” certain things and you post certain things, you’ve sort of given Facebook that information. Whether you agree with that or not …

Right, signals.

But when you go to WebMD, you never gave Facebook anything, but if they buy that information and combine it with your Facebook profile, now they know not only the things you “Liked” on Facebook, they actually know basically your healthcare history, and that’s pretty scary. That’s a real concern.

That they piece it together, they did that with Acxiom, they were combining things, there were voter registration things, they can combine it with any other outside data, and it’s enough to really be able to track you rather anonymously, yet not, correct? So what that does is they can’t see any traffic, they can’t see any traffic.

If consumers or businesses start using Hotspot Shield, they can’t see any traffic.

All right, what else is a danger? You’re traveling abroad?

So, you’re traveling abroad, hackers, obviously, trying to see what you’re doing, trying to steal your data, you’re paying with PayPal from abroad, you’re doing other things. I mean, we see a lot of businesses, small- and medium-size businesses, using us. We recently launched Hotspot Shield for Business, for their employees that are traveling a lot, connecting in public Wi-Fi, to stay secure and private. Then there is phishing, so you know, people get emails, looks like it’s from your bank, you click on it and it actually looks like the banking site.

Yeah, it does.

You know, they ask for your login and password and they steal it, and they can log into your bank account. So we block 36 million malware and phishing domains that are updated daily.

So you can’t get to ’em.

Yeah, so if you click on an email that looks like it’s from your bank and it’s really a phishing site, we will block it and we will notify you. That’s sort of, when we’re talking the security and privacy challenges of the future versus the PC antivirus of the past, that’s really what we’re talking about. There are major concerns about data collection, by ISPs, by governments, by hackers. There are major concerns about Wi-Fi usage, which, everybody uses Wi-Fi. There are major concerns about phishing and there are major concerns about malware, and combining all that into one solution is what we’re trying to do here.

All right, so what’s the far-out problem that people should worry about? Those are things that people have heard of. What is the most, what is the latest thing?

The other major challenge is that we’re moving to a world where we’re going to have more than 25 billion connected devices through IoT, and my mattress today is actually a smart mattress.

What?

So I have a little thing called Sleep Tracker on my mattress, it reports back how well I sleep.

Alright.

Right. Our refrigerators are going to be smart.

Right, the Google homes and the Amazon Alexa ...

Exactly, the Nest thermostats, all these things.

I have a Nest thermostat in the home I just bought, I don’t know what to do with it.

Well, at least you didn’t buy the one from the Chinese company.

I didn’t, no, I put a bag on it already, I have a bag on it. It’s really a beautiful piece of art, actually. It’s a beautifully designed thing but ...

It’s probably listening to you.

Oh, it’s not going to be listening, it’s got a bag and a pillow on it, but go ahead, I’ll be taking it down, I’ll be taking it down.

Nice. But yeah, that’s ...

Like I need more Google in my home anyway.

Exactly. So that’s the thing, where your home is becoming smart and all this information is being reported through the internet to various places — your doctor, the store, whatever — and protecting all that information is extremely important. Like a crazy stat that I read is that 90 percent of all the data collected about us and known about us to date has been collected over the last two years.

Right, wow.

Which is a pretty crazy stat because if you think about the next five years, and we’ve got 25 billion new devices connected, we have five billion new internet users coming online. Our information is going to be exponentially larger. It’s going to be a convenience for a lot of us, it’s going to be convenient that we can get information about how well we sleep or what we eat and get your refrigerator to order milk when you’re running out. That’s all convenience. But it’s also a major, major concern, and a goldmine for hackers.

Right, 100 percent. And I think what people need to realize is they’re giving it away without a fight, you know, without even thinking about it.

Exactly, exactly.

It’s sort of like leaving their door open.

And you know what? It’s super-simple to protect yourself, that’s the thing. That’s what … I think what most people don’t understand is that it’s super, super simple to use a very easy security and privacy solutions to protect your data.

Let’s talk about the bigger picture of privacy. This has been something that’s been, you know, largely because of the recent things around the elections, which wasn’t really hacking, and it wasn’t really privacy, it’s just the misuse of these social platforms which have an enormous amount of data, and I think the focus has been on the enormous amount of data they have about people.

This time, it was sold to a group that then used it for election things. I think that we’ll have no way of knowing if it had an impact, but we have the vague sense that, yes, it absolutely did. There was false advertising on Facebook and Twitter, and some on Google and YouTube. There was fake news, which is a whole ‘nother problem.

There was the lack of transparency in ads, especially political ads. Let’s talk about the bigger picture. Of course, this country has pretty much done no discernible regulation of the internet in any way, in order to allow it to grow, which I think most people feel, it’s been a pretty good trade-off. But now, people are ... Those chickens are coming home to roost, I think, in a lot of ways. So talk to me about the bigger picture and where we are.

There’s an incredible amount of data that’s going to be available about us in the coming years, and whether it’s coming from our IOT devices …

In the last two years, yeah.

Or mobile phones or whatnot, and there’s a need to protect the data. Consumers deserve the right and businesses deserve the right to have very simple common-sense protection for their information. But at the same time, there’s a lot of forces out there that don’t want ...

No, why would you?

That don’t want privacy, and you know there’s a lot of you know, whether it’s governments around the world or corporations or hackers that have great incentives for our data to not be protected.

Right. There’s one group that just wants to steal our information so they can raid our bank accounts or raid our credit cards. That’s one, that’s the hackers.

Right.

Those have been around ... Bank robbers have been around since the beginning of time. That’s essentially what they are, but they’re just using more sophisticated means to do so. Or to take people’s profiles or whatever. Whatever nefarious uses.

Exactly.

The other is a group of people that wanna use it to affect elections, to create discord and all kinds of things. That’s the Russians or the Iranians or whoever. Even the United States in some countries. And then there’s governments who want to know everything about you in order to control you, if they’re more fascist governments that want that information. And then there’s the Facebooks and Googles of the world that just want to make a buck off of you.

Exactly.

So it’s coming from everywhere.

It’s coming from everywhere and there’s very few that are saying, “Hey how do we protect all of this data? And how do we really put the consumer or the business in control of their own information?”

Mm-hmm.

For me, having started AnchorFree when I was 23 years old and being very naïve and idealistic, this is both a business issue, a technology issue and a moral issue. I actually morally think that it’s the right thing to do, to provide people this basic human right of privacy where every user has the ability to click a button and protect their information.

Right.

But at a high level, I’ve been watching legislature ... This was maybe eight years ago, you probably remember there’s this thing called Do Not Track in Congress. It hung out there forever and nothing really happened.

Yeah, that sounds about right. What happened to the Honest Ads Act? That didn’t pass, right?

There’s all this kind of stuff. I’ll tell you, I had dinner in D.C. with the only FCC commissioner who voted against the repeal of net neutrality in the current FCC. And also Reed Hundt, who was the chairman of the FCC under Bill Clinton [and] has been on my board of advisers for quite some time. We’ve been discussing these issues and I kind of ... we’re very strong supporters of net neutrality. But kind of came at it and said, “You know what, let the policy makers do whatever they do. We’re going to provide a technological solution to this and we want a software development kit that essentially any app developer can integrate and preserve net neutrality.” It disrupts that ability for internet service providers to discriminate against their traffic because we anonymize the way the traffic looks.

You don’t know if it’s from ...

You don’t know if it’s Netflix, Twitter or YouTube. It all looks like AnchorFree and so you can’t discriminate. At a high level, I think that the technology industry needs to provide these technology solutions to privacy. Because I don’t know if governments will get there. Although Europe certainly has taken the first step, GDPR. Everybody argues it’s a huge annoyance. People had to change their practices, it’s a pain, right?

Mm-hmm.

But I do think it’s the right thing to do. I honestly do because it’s the first step in the right direction.

So Europe’s been the most stringent, in terms of putting the ...

They have.

And a lot of things. A right to not be known, which is very difficult. It does get in the way of these people’s businesses, pretty much. And their argument now is the more regulations, the better off for us, because we can maintain them while small players... That’s their new argument, just so you know. Okay, probably they’re right on that one, I have to say, it’s a good argument to make. So don’t put regulations in, and therefore we will eventually get overcome by other startups, that’s I think their general ... It’s a fascinating argument.

It’s interesting. Well, that’s great. So we’re going to try to overcome them.

Yes, exactly. So there’s that ... that’s one. Then there’s here in California, a privacy bill that not everybody’s happy with but it is certainly the most stringent in the nation in terms of protecting privacy. It doesn’t look like there’s going to be any movement in the U.S. government in terms of federal, correct? Am I wrong about that? I mean they threaten it.

I think there’s going to be a lot of bills. I don’t actually know, if anything’s going to pass.

Right. They threaten all kinds of things like content moderation bills, algorithm transparency bills, bills around ... That’ll be interesting. That’ll never pass.

Yeah. I personally support a lot of the stuff, but at the same time, sort of the grain of salt, in that being I actually think a lot of it is more philosophical than practical. Philosophically, you’re like California, into privacy, great. And then practically, you’re like, “I don’t know if this stuff ...”

Works.

“Is it going to work, is it going to pass?” And so I still think from where we’re sitting, we’re looking at a lot of global issues. Our business is built on this intersection of human rights, foreign policy and technology. And we’re looking at the world and we’re saying, “Look, we have more faith in ourselves providing technology solutions, like we did with net neutrality.”

Mm-hmm.

Because we got tired of talking about it with politicians and we just launched technology that actually enables any app developer for free to preserve net neutrality if they want to. And in the same way we’re just going to provide common-sense tech solutions to some of these most pressing global challenges. Hopefully people in businesses will adopt them. I mean, so far it’s certainly working.

Mm-hmm. So what do you imagine is going to pass? Is there any federal legislation? I don’t.

Yeah, I don’t. I don’t know.

Yeah. They’ll pass a ... The recent one is the idea that they should nationalize internet companies. That’s an insane one. That’s a Laura Ingraham inanity that I think will probably pass. But is there anything that you think has any chance? Any privacy bill?

I honestly don’t know. I would like to see more countries take the route that Europe has.

Mm-hmm. Are there any countries that are gonna do that?

I don’t know. I really don’t know.

Well, not China, we know that.

Exactly.

Yeah. Not Russia, not China. But none of them will, I don’t think.

I don’t think so.

Yeah. You might see some bills in certain countries where Facebook is having bad impacts, them passing bills to restrict the usage of things like that. But nothing else, really. What would be the perfect bill for you, for the U.S.?

I mean, ideally you’d have something where consumers would have to opt in if they wanted their data to be collected for some reason.

An Internet Bill of Rights, per se.

Right. And opt out when they didn’t and it’d be really simple. I mean, if it’s a 12-page privacy policy it doesn’t work. But if it’s like one button: I want to be private or I don’t want to be private. Something like that. Again, I just think there’s this massive opportunity in the private sector to provide solutions for privacy and security.

Right, if the government’s not gonna to do it.

I just think it’ll move a lot faster. We’ll continue to support these things.

What about self-regulation of some of these companies that make all their money? Like the Facebooks and Googles of the world. They keep saying they will have the control.

Well, you saw what happened to the Facebook stock around having to implement GDPR in Europe.

Right.

The European revenue suffered, like for real. So it’s very hard for them to self-regulate in a material way. Not in a PR type of way, but in a real way.

Yes, that’s a really good distinction.

They seriously lose revenue if they can’t sell private data.

Right.

I would argue that they’re thinking long term. If people are only concerned about protecting their data 30 percent of the time, it may not be a bad idea for these companies to say, “Look, let’s let people tell us when that 30 percent is and we won’t track them. For real.”

Mm-hmm.

“And yes, our revenue will go down in the short term, but in the long term, the trust in our brand ...”

Right. Yeah.

“Our consumers are going to like us a lot more.”

Absolutely, the product becomes less of a feeling you’re being tracked.

I don’t think there’s anybody in the world today that trusts Facebook. I think they use ’em, it’s a great product, your friends are there and you want to hang out with your friends. But I don’t think anyone trusts them. That’s the thing.

That’s the thing.

And if they wanted to earn that trust ... The same thing, actually, for governments. I don’t think there’s a lot of people that trust the government here, but I don’t know if that’s true for Europe. I actually think a lot of Europeans, a lot of Germans, will tell you they actually trust their government with their data because of these things like GDPR. I think if I was a government of some country and I wanted to earn that trust, in a post-Snowden world and stuff, I would go support things like GDPR because actually that earns trust.

Right. Where do you think it’s going now? As you were saying, last two years, we’ve gotten all this data downloaded about us. There’s more and more devices that people are embracing. And there’ll be more glasses, clothing, embedded technology in people. We’ll have some sort of phone in our ear at some point that we have, we just have. So the solution right now are these smaller companies that are making hay out of the abuses of the bigger companies.

As long as those companies have real technology and real architecture around those technologies to really protect the user, then yes. If those companies are sort of operations in a garage that are making a lot of noise and are actually not truly protecting user information, then they’re actually worse. Because they’re actually fooling people into believing that they’re protected when they’re not.

Really, I think there may be a couple of things that could happen. One, the big security companies wake up and start innovating. They haven’t innovated for a while because they’re mostly owned by private equity firms and all they’re doing is milking ...

Milking it, right?

Milking the cash.

Right.

But one scenario is that they wake up they’re like, “This is a big business opportunity. Let’s go innovate.” The second is startups like AnchorFree come around and disrupt the space, which we’re hoping to do. The third, that some of these big corporations will self-regulate in a real way, probably not.

Mm-hmm.

Simply because it seriously hurts their bottom line. That governments will sort of follow Europe? Maybe, but probably very slowly. And not in the next five years, I don’t think.

But the other thing is, security and privacy go hand in hand. You really can’t have one without the other. So if you really want to build really secure systems, but yet you still want to collect user data, that’s a challenge. Really, for the next billion people. I think the future is gonna be yes, you have all these hundreds of connected devices. Your life is always connected. But for that 30 percent of time where you want to be private? You’re just gonna have the security and privacy suite you’re gonna subscribe to just like you subscribe to Netflix. You’re just gonna have it.

Right.

And everyone’s going to have it. The next billion people. Every American’s gonna have it. And it’s just gonna protect you when you need that protection.

Yeah. It’s too bad we can’t just be protected. It’s kind of funny, it’s like hiring your own private security force when you should be ...

But you can, the great thing is that you can.

Right.

Like, you look in the app store and we’re right there in the top 50.

Yeah, yeah.

People are waking up and ...

And figuring it out.

They’re figuring it out.

It’s not a great realization.

So, to finish up, the thing we have to do is get yourself that kind of protection... Name the three things that people should do.

Definitely use Hotspot Shield for ...

Or someone else.

Or someone else. Use a security product to protect yourself at public Wi-Fi and protect your internet even at home and at work. Two, I would suggest using a good password manager.

I use 1Password.

Yeah, they’re great actually.

I still don’t understand it but go ahead.

So, that’s two. Three, there’s all kinds of things that you can opt out of like face recognition on Facebook. Which I really recommend people do.

Yeah.

A lot of people don’t really ...

What about on Apple?

Apple ...

It stores it on the phone.

Yeah, it’s local, so it shouldn’t be that much of a concern. But you can opt out of it if you’re concerned.

Yeah.

Certainly you can use Incognito on your browser. But again, like 87 percent of our usage is in apps.

Explain Incognito for people.

Incognito just means your browser is not gonna collect the websites you visit.

Right. Right.

But, that shouldn’t be mistaken that your IP address, which is the number your ISP gives you, will still be collected by all those websites.

Right, exactly.

Unless you use VPN.

Right, absolutely.

This has been really interesting with David Gorodyansky, he’s the CEO of AnchorFree, and he’s doing God’s work, as far as I’m concerned. If you really are worried about all the information these companies have on you, and you should be, please use his products and all the other security products that we have to protect ourselves with. Thank you so much for coming on the show.

Thank you, Kara.

Sign up for the newsletter Recode Daily Email (required) By signing up, you agree to our Privacy Notice and European users agree to the data transfer policy. Subscribe