Similarweb | Vendor Intelligence

How This Briefing Works

This report opens with key findings, then maps the gaps between what Similarweb discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Analysis pending. Findings will appear here once intelligence collection is complete.

Disclosure Gaps

Claims vs. Observed Behavior

2 gaps

pending

UNKNOWN

They Claim

“Awaiting scanner verification”

Observed Behavior

Runtime behavior of Similarweb tracking scripts on customer websites has not yet been observed via BLACKOUT scanner

pending

HIGH

They Claim

“Big Star Labs relationship”

Observed Behavior

The exact technical and corporate relationship between Similarweb and Big Star Labs requires further forensic investigation to confirm the full scope of shared data collection infrastructure

Customer Impact

What This Means For You

Organizations face significant competitive intelligence exposure through Similarweb's platform. Competitors, investors, and analysts can access detailed estimates of your website traffic, engagement metrics, traffic source breakdown, audience demographics, top pages, and geographic distribution. For publicly traded companies, this data can influence investor sentiment and competitive positioning analyses. For B2B companies, competitors can identify your demand generation channels, monitor campaign launches via traffic spikes, and detect strategic pivots from content and traffic pattern shifts. The risk is compounded by the passive nature of the data collection: even if your organization never uses Similarweb, your visitors' browsing data may still be contributing to your competitive intelligence profile through ISP partnerships and extension networks you have no visibility into.

Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

Recommended Actions for Similarweb

→- Audit and remove Similarweb browser extensions from all corporate-managed endpoints and enforce browser extension allowlisting policies. - Review ISP agreements for clauses permitting clickstream data resale; negotiate data exclusion or opt-out provisions. - Check your organization's Similarweb profile to understand what competitive intelligence is currently exposed about your web properties. - Block Big Star Labs-associated extension identifiers at the endpoint management level if your organization uses Chrome policy management. - Consider implementing traffic obfuscation strategies for sensitive web properties if competitive intelligence leakage is a material concern.

Negotiation Leverage

→Leverage: Similarweb's documented connection to Big Star Labs and the 2026 Chrome extension investigation creates significant regulatory and reputational exposure. The company's SEC filings acknowledge dependence on browser extension data collection, making this a disclosed business risk. If your organization subscribes to Similarweb, use this as leverage to negotiate data handling terms.
→Key questions for Similarweb: (1) What is the exact corporate and technical relationship between Similarweb and Big Star Labs? (2) Can you guarantee our organization's visitor data is excluded from traffic estimates available to competitors? (3) Which ISP partners contribute data to your platform, and what consent mechanisms are in place for end users? (4) What client-side scrubbing is applied to browsing data before it enters your analytics pipeline, and has this been independently audited?
→Protections: Require contractual data exclusion provisions for enterprise accounts. Demand disclosure of all data collection entities affiliated with Similarweb. Include audit rights regarding data about your web properties. Negotiate notification requirements for changes in data collection methodology or partnerships.

Runtime Detections

1 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C08Cross-Domain Sync

Identity stitching

IOC Manifest

15 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK

*mpps.similarweb.com/mpp.js*

Tracking script

TRACK

mpps.similarweb.com/mpp.js

Auto-extracted from scan

Ecosystem

Ecosystem & Supply Chain

Similarweb operates one of the most extensive clickstream data collection ecosystems in the industry. The company's contributory network includes its own branded browser extensions (Similarweb for Chrome, Firefox), plus connections to Big Star Labs, identified by researchers as an extended arm of Similarweb controlling extensions with 3.7 million installations. Beyond extensions, Similarweb partners with ISPs and maintains a network of data contributors including mobile app SDKs and consumer applications. The company's SEC filings confirm dependence on third-party distribution platforms for its data collection products. Similarweb competes directly with Semrush, Ahrefs, and Comscore in the competitive intelligence space. The February 2026 Chrome extension investigation placed Similarweb alongside entities including Google, Kontera, Blocksi, Alibaba Group, and ByteDance in the broader ecosystem of extensions exfiltrating browsing data.

Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

15 detection signatures across scripts, domains, cookies, and network endpoints