When an online service is free, you are probably the product that’s being sold.
When an online service is free, you are probably the product that’s being sold. That’s the common refrain that echoes around the myriad free services and apps that many consumers have grown accustomed to downloading and installing, without considering the privacy implications. When it turns out that those services are tracking and selling personal data, consumers often get a stark reminder that nothing, in fact, is free.
As such, the internet lit up with outrage April 23 after The New York Times published a sprawling profile of Uber CEO Travis Kalanick, revealing that the company has been buying data on emailed Lyft receipts, which were collected directly from consumer email accounts. Uber bought the data from Slice, an analytics firm, which collected the receipts from its customers’ email accounts through a newsletter service it owns, which is called Unroll.me.
Unroll.me is an app that gathers up all of its users’ email subscriptions and consolidates them into one regular digest, to keep their inboxes clean. To do so, of course, it requires full access to read all of its users’ emails. This operation is paid for, at least in part, by mining data from those emails and selling it, anonymized, to companies like Uber. Unroll.me says so right in its privacy agreement:
We may disclose, distribute, transfer, and sell such messages and the data that we collect from or in connection with such messages; provided, however, if we do disclose such messages or data, all personal information contained in such messages will be removed prior to any such disclosure.
Check Your Gmail Permissions
The revelation that Unroll.me is mining and selling such data is a good reminder to check your email permissions. If you use Gmail, checking which services have access to your account, and what kind of access they have, is simple. Follow this link, and you’ll see a list of the third-party apps that have access, and what level of access that is. From there, you can remove access for any app or service you don’t want.
When considering whether to use apps and services in the future, there are some things you can look out for to avoid being mined. For one, services have to ask for permission to access any of your email or social accounts. When they do, major email and social services typically tell you exactly what kind of information you’re giving up. If you don’t want a service to be able to read your email, don’t allow access to a service that can read your email.
It’s also sometimes worth looking at the promotional material for an app you’re considering. In today’s environment, apps that don’t collect and sell your information tend to advertise that fact. If they don’t, it might be worth taking a look at their privacy and terms of service agreements. But we all know how daunting that can be.
NEXT STORY A Search for the Zombie Websites of 1995