Whenever discussion starts about how to hide from the tracking code that follows users around the Web to serve them targeted ads, recommendations soon pile up for a browser add-on called Ghostery. It blocks tracking code, noticeably speeds up how quickly pages load as a result, and has roughly 19 million users. Yet some of those who advocate Ghostery as a way to escape the clutches of the online ad industry may not realize that the company behind it, Evidon, is in fact part of that selfsame industry.

Evidon helps companies that want to improve their use of tracking code by selling them data collected from the eight million Ghostery users who have enabled a data-sharing feature in the tool.

That makes Evidon, which bought Ghostery in 2010, something of an anomaly in the complex world of online advertising. Whether in Congress or at the Web standards body W3C, debates over online privacy typically end up with the ad industry and privacy advocates facing off along clearly demarcated lines (see “High Stakes in Internet Tracking”).

Evidon straddles both sides of that debate. “This is not a scheme,” says Scott Meyer, Evidon’s cofounder and CEO and formerly a senior figure in the New York Times Company’s online operations, when asked about that dual role. He says there is no conflict in offering a tool that helps users hide from the ad industry while also helping that same industry.

“Anything that gives people more transparency and control is good for the industry,” says Meyer, who says it’s fine with him that most Ghostery users opt not to share data with Evidon. Meyer points out that those who want to block online advertising are unlikely to respond to it, making Ghostery use good for both sides. Meyer also says that Ghostery users are presented with clear disclosures about how the company uses their data if they opt in. However, MIT Technology Review found that it was possible for a user to opt in without seeing the disclosures.

Evidon sells two main services based on the data it collects. One allows website operators to see which tracking code, from which companies, is active on their site and how it affects the speed with which its pages load. The other provides ad companies with figures on how common the tracking code from different companies is around the Web.

The first of those services is particularly important, says Meyer, because website operators often don’t know what tracking code is being used on their visitors. “The ecosystem of how an ad gets delivered to a webpage is incredibly complex,” he says, “and you need real user data to see if companies are doing what they said they did.”

Although website owners control which ad networks can put content on their pages, those networks often draw on code from third parties, which itself may pull in further code.

“It’s usual for the operator of a website to say, ‘These 10 companies on my site I know about and these 10 I didn’t,’ ” says Meyer. Companies also use Evidon’s data to check whether the code they want to deploy is present on every page. The majority of Evidon’s analytics customers are large retailers and brands, he says.

Not everyone sees Evidon’s business model as conflict-free, though. A major source of business for Evidon is selling data that helps ad companies ensure their compliance with AdChoices, a self-regulatory program supposed to help people opt out of targeted ads. Some experts say AdChoices is confusing to consumers, and it has been criticized by U.S. and E.U. policymakers. “Evidon has a financial incentive to encourage the program’s adoption and discourage alternatives like Do Not Track and cookie blocking as well as to maintain positive relationships with intrusive advertising companies,” says Jonathan Mayer, a Stanford grad student and privacy advocate active in efforts to thrash out a standard “Do Not Track” feature for Web browsers (see “Ad Men and Browser Geeks Collide Over Web Protocols”). Mayer hasn’t tested Ghostery recently, but says that it has previously offered “quite effective privacy protections if configured correctly.”

Meyer says that Evidon’s dual role will continue, and says the company is now working on a similar service to unmask the ad tracking built into many mobile apps. This month it acquired Mobilescope, a project started by privacy researchers that lets a smartphone user see the data that apps transfer and flags when sensitive data such as an e-mail address is transmitted (see “How to Detect Apps Leaking Your Data”). Techniques that profile a person’s use of apps on his phone to figure out how to target him with ads are booming, says Meyer, and so far it is mostly impossible to detect. “Nobody has any visibility into what happens in these apps,” he says.

Evidon plans to release an improved version of Mobilescope later this year, and will eventually add an opt-in data-sharing capability similar to the one offered by Ghostery.

This story has been updated with further comment from Scott Meyer of Evidon, and to clarify why users may not be aware of the company’s data-sharing practices.