Ask HN: Is Grammerly a Keylogger as a Service?
They've been advertising to me hardcore and it is completely free. It makes me wonder what data they are selling.
I have no issue with them advertising to me based on what I've typed but if they put me in audiences based on it and sell those I get uncomfortable.
It's not completely free. Their free version is a limited-feature advertisement for the premium version, which is between $12 and $30 a month depending on billing frequency.
I use the free version. I would use the premium version if it was like 5-10 a month. But if I want to pay monthly it's 30 and that's a bit too expensive for my liking.
They have that, if you pay annually.
Their privacy policy says they aren't in the business of selling user information. They also say they do not share information with third parties for the purpose of enabling them to deliver their advertisements to you.
I have always wondered why spelling and grammar checkers - which could easily fit on your computer back in the 90s - needed a cloud-based provider.
One could easily build chrome extensions that DIDN'T phone home.
Today deep learning data can be downloaded to each computer. They are doing it with small IOT!!
Because their algorithms are their valuable intellectual property and hiding them behind server is the only real way to protect. Of course it has nothing to do with performance.
May be they use some statistics over uploaded texts to improve algorithms.
While we are focusing on Facebook, Google etc. for breaking our privacy to extract data and pass it to third parties, we are willing to use Grammarly, CloudFlare and CrashPlan, pay for it and use it while hoping they will not work with security services. We need much more transparency it seems.
There is this idea floating around that the corollary to "if you aren't paying, you're the product" to "if you are paying, you're not."
I wonder why so many people tacitly assume that paying for a service will make them forego mining your data and monetizing it. Very few people read the terms of service in its entirety regardless of whether they pay or not.
What we SHOULD do is standardize privacy policy clauses already.
For those interested, here's the site: https://www.grammarly.com/
If you think that, you can write about it and make your case instead of abusing 'Ask HN'. You're not asking anything, just insinuating.
I don't know, but I did think the same thing, and that is why I uninstalled it.
They send a weekly emails with chunks of text they corrected so that means my data is being transferred somewhere. I would stay away from this service.
What's one more keylogger?
Your OS is already logging your keystrokes, your browser is already logging your keystrokes, who even knows what else is already logging your keystrokes.
Obviously I speak here for the majority of computer users, I imagine many (most?) in the HN readership have taken steps to reduce the amount of keylogging they are exposed to as much as possible already.
Whose browser and OS is logging keystrokes? OSX/Windows users with IE/Edge/Safari? Are you insinuating that Google has a patch which integrates keylogging in their Chrome builds of Chromium?
I typically use Chromium on OpenBSD, am I being keylogged. I'm pretty sure we all have a choice, and many of us choose convenience over privacy.
How would you know one way or the other?
You trust your OS and user agent. Would be better if there were strong cryptographically signed assurances that the open source build is the one you have. And lots of companies should be looking through the source and patches. And even then someone might have hidden a back door by now.
And your CPU and encryption algorithms might contain back doors, too.
I would say all these things are fixable over time. Cory Doctorow talks about the war on general computing by spyware and locked-down devices.
Ultimately the only way to have trust is the same way Ripple has trust - by using products from various ostensibly unrelated parties - indeed enemies - to check adherence an agree-upon standard, like code signing from source without compiler backdoors. So you can eg inspect code.
https://softwareengineering.stackexchange.com/a/184896/13446...
Here are some recent examples:
http://www.cnbc.com/2017/06/23/under-pressure-western-tech-f...
http://m.mspmentor.net/managed-security-services/kaspersky-l...
https://disruptiveviews.com/chinese-demand-source-code-imple...
http://fortune.com/2016/04/19/china-demanded-apple-iphone-co...
The amount of data Windows reports by default is well covered. Chrome has a built in spell checking service - which happens to send keystrokes up to Google. AFAIK it's enabled by default.
>Chrome has a built in spell checking service - which happens to send keystrokes up to Google. AFAIK it's enabled by default.
I just checked, it's off on my install of Chrome so likely it' not on by default. The regular spell check is purely local.
Any site with an instant search, similar to Google's, is sending a steady stream of your keystrokes to the server. Even the Omnibar inside of Chrome has to send your keystrokes over to receive suggestions that aren't local.
You should take a look at the kind of js that gets injected into most mainstream websites nowadays.
You're going to have to explain a bit more than that.
Tabs are isolated fork each other and the web browser does give a web page the kind of access to be key logging.
If you're talking about things that you type whilst the page is in active focus then it's kinda their website you're visiting.
attaching an event handler to a keyboard action is not the same thing as keylogging...
If it's on all keyboard actions, then it's the same thing.
Often it is this too, because of sloppy coding, not even malicious intent. I've seen people implement JavaScript easter eggs that play a funny joke, but in doing so the developers had created a keylogger by accident that was logging everything you did on the site. Again, wasn't malicious at all they didn't think about it at all.
Unless you're not actually logging the actions but just listening for certain combinations like "ctrl+x" or even "x"
I can totally see this being the case. They do have paid versions, I think only the browser extension is "free"?