Privacy is an innately precious and increasingly rare thing. In an era where much of the world lives online, sharing their photos, identification documents, and bank accounts with the ether, the opportunities for corporations to quietly siphon off your data and for hackers to make a quick buck is ever-growing. Seems important, doesn’t it?
Lawmakers, activists, and academics all seem to think so, though no one can quite agree on how to enforce protections and even when they do, a multi-billion dollar fine is at most a hand-slap for Silicon Valley. Big Tech is the Big Bad Wolf that snoops on your data and makes you the product. This dawning realization has given birth to a bevy of privacy-focused companies, like search-engine DuckDuckGo and browser Brave, which tout themselves as tracker-free alternatives but have yet to make even a mouse-sized pawprint next to Silicon Valley’s sasquatch-like tracks.
As if the day-to-day creepiness of the internet weren’t enough to worry about, you also have outright malicious actors. According to IBM, the global average cost of a corporate data breach is $4.4 million — and in the US the average is $9.4 million. While it’s harder to gauge just how much money gets stolen from individuals when personal details leak online, the impact can be financially devastating even if the overall numbers are smaller than losses suffered by corporations.
So given all that, how much would the average person actually be willing to spend to keep Zuckerberg and co. out of their lives, not to mention hackers? Pierre Valade, founder of privacy app Jumbo, has spent two years trying to get consumers to pay monthly subscriptions to protect their privacy. Now Jumbo, which has raised $30 million to date, is pivoting away from that freemium model.
Until the end of last month, free users of the Jumbo app got some basic tools like 2-factor authentication (2FA) and notifications if their email featured in a leak, whereas paid subscribers got extra features like being able to delete social media posts older than a certain date, plus identity theft insurance. On January 31 Jumbo blew up its paywall, making all its features free for consumers, and will instead be selling a paid product to companies. The hope is that growing a large, devoted consumer base will help Jumbo sell an enterprise version of its service with additional features.
We sat down with Valade to ask how, in the era of surveillance capitalism, you can make privacy profitable.
The following interview has been edited for clarity and concision.
So in 2019, you decided to set this company up. What made you think this is something that was good for business? Jumbo’s website says it wants privacy for everyone, but there are lots of nonprofit organizations and advocacy groups that want the same thing. Why did you think: privacy, that’s where the money is?
I didn’t really think “this is where the money is,” because I’m usually coming more from the idea of products I want to see happening in the world, for myself, and potentially millions of other people, and that’s always how I pick my ideas. I felt in 2019 that privacy was becoming more and more top-of-mind for most people, but there wasn’t a tool that would let you easily manage your privacy.
The business aspect of it came later, when we started to introduce the subscription in 2020. We were working as a subscription business for over two years, and the change we’re making today is because we realized that at the end of the day, by charging people directly for the value of the product, we got up to about 25,000 paid customers.
It was just completely limiting the scale of how many people can actually use our product. It used to be $100 a year, which is not cheap. There was a better business opportunity, to go and charge businesses instead of charging consumers because usually, when you charge businesses for security or privacy products, they are more likely to pay, and you’re more likely to keep them as a customer for a long time.
You said that you hit a threshold of about 25,000 paid subscribers. When you started launching your subscriptions, were you surprised by the number where it plateaued? Because the lesson here to me seems to be that people just are not that willing to spend money to keep their online hygiene up to scratch.
I see it a bit differently, I think that $100 a year is an expensive subscription. I don’t know if it’s because people don’t care, I think there are a lot of very critical tools that it’s just hard to get people to pay for. I would bet that even if people care a lot about using Facebook, or let’s say Instagram or WhatsApp, I would bet that if those tools had even cost $1 a year for users, their growth would have been significantly reduced. There’s a huge gap as soon as you ask people to put their credit card down and pay for something, and it’s even higher when it’s $100 a year.
Why do you think companies will be willing to spend where consumers weren’t? The benefits of the app still seem quite consumer-based, it’s not like you’re offering the companies free insurance. So why do you think they will be willing to shell out for employees when they’re not seeing a structural benefit?
I think there is a structural benefit, which is when you make the employees safer in your company, you actually are making the company safer. The company cares about protecting the employee on their own individual accounts, and on their own individual emails, because that’s actually a vector of attack.
So what you’re selling is the idea that individual privacy is a part of cybersecurity now, unavoidably.
Absolutely, and it’s beyond privacy. Last year we had a couple of conversations with companies and the exercise we were doing even before going into the conversation with them was basically acquiring [data from] data brokers, and we would get a lot of information about an executive in a company. We would get their email, their personal email, their phone number, sometimes their address where they live — and that’s annoying right? For companies to have that information out there in data broker data bases.
Are there any services, websites, or apps that you just avoid because your work with privacy has made you hyper-aware of exactly how the internet functions and what it collects about you — or to rephrase that question: do you see anyone else engaging in internet habits where you think “oh God no, don’t do that”?
The thing I think most people should get into is really password managers. I use the one from Apple actually, in Safari, I think it does the job. I think getting more people to use password managers and have unique passwords on every website is very important.
And the other one that is maybe a bit more niche, a lot of people have a lot of extensions on Chrome, and I think people should be worried about what extension they install on Chrome because most of their extensions can actually see everything you do. Including the content of a website that’s behind a password, so it could be your work application, or it could be your bank account. I don’t use any extensions for example on Safari, because I’m very worried about those extensions leaking information or being hacked.