Ask HN: Is Grammerly a Keylogger as a Service?

49 pointsbuildmystartup8y ago26 comments

26 comments

They've been advertising to me hardcore and it is completely free. It makes me wonder what data they are selling.

I have no issue with them advertising to me based on what I've typed but if they put me in audiences based on it and sell those I get uncomfortable.

fusiongyro8y ago

It's not completely free. Their free version is a limited-feature advertisement for the premium version, which is between $12 and $30 a month depending on billing frequency.

https://www.grammarly.com/premium

johnnyfaehell8y ago

I use the free version. I would use the premium version if it was like 5-10 a month. But if I want to pay monthly it's 30 and that's a bit too expensive for my liking.

1 more reply

oplav8y ago

Their privacy policy says they aren't in the business of selling user information. They also say they do not share information with third parties for the purpose of enabling them to deliver their advertisements to you.

https://www.grammarly.com/privacy-policy

EGreg8y ago

I have always wondered why spelling and grammar checkers - which could easily fit on your computer back in the 90s - needed a cloud-based provider.

One could easily build chrome extensions that DIDN'T phone home.

Today deep learning data can be downloaded to each computer. They are doing it with small IOT!!

vbezhenar8y ago

Because their algorithms are their valuable intellectual property and hiding them behind server is the only real way to protect. Of course it has nothing to do with performance.

May be they use some statistics over uploaded texts to improve algorithms.

tokyoSurfer8y ago

While we are focusing on Facebook, Google etc. for breaking our privacy to extract data and pass it to third parties, we are willing to use Grammarly, CloudFlare and CrashPlan, pay for it and use it while hoping they will not work with security services. We need much more transparency it seems.

EGreg8y ago

There is this idea floating around that the corollary to "if you aren't paying, you're the product" to "if you are paying, you're not."

I wonder why so many people tacitly assume that paying for a service will make them forego mining your data and monetizing it. Very few people read the terms of service in its entirety regardless of whether they pay or not.

What we SHOULD do is standardize privacy policy clauses already.

reustle8y ago

For those interested, here's the site: https://www.grammarly.com/

pvg8y ago

If you think that, you can write about it and make your case instead of abusing 'Ask HN'. You're not asking anything, just insinuating.

kawsper8y ago

I don't know, but I did think the same thing, and that is why I uninstalled it.

buildmystartupOP8y ago

They send a weekly emails with chunks of text they corrected so that means my data is being transferred somewhere. I would stay away from this service.

fredley8y ago

What's one more keylogger?

Your OS is already logging your keystrokes, your browser is already logging your keystrokes, who even knows what else is already logging your keystrokes.

Obviously I speak here for the majority of computer users, I imagine many (most?) in the HN readership have taken steps to reduce the amount of keylogging they are exposed to as much as possible already.

microcolonel8y ago

Whose browser and OS is logging keystrokes? OSX/Windows users with IE/Edge/Safari? Are you insinuating that Google has a patch which integrates keylogging in their Chrome builds of Chromium?

I typically use Chromium on OpenBSD, am I being keylogged. I'm pretty sure we all have a choice, and many of us choose convenience over privacy.

EGreg8y ago

How would you know one way or the other?

You trust your OS and user agent. Would be better if there were strong cryptographically signed assurances that the open source build is the one you have. And lots of companies should be looking through the source and patches. And even then someone might have hidden a back door by now.

And your CPU and encryption algorithms might contain back doors, too.

I would say all these things are fixable over time. Cory Doctorow talks about the war on general computing by spyware and locked-down devices.

Ultimately the only way to have trust is the same way Ripple has trust - by using products from various ostensibly unrelated parties - indeed enemies - to check adherence an agree-upon standard, like code signing from source without compiler backdoors. So you can eg inspect code.

https://softwareengineering.stackexchange.com/a/184896/13446...

Here are some recent examples:

http://www.cnbc.com/2017/06/23/under-pressure-western-tech-f...

http://m.mspmentor.net/managed-security-services/kaspersky-l...

https://disruptiveviews.com/chinese-demand-source-code-imple...

http://fortune.com/2016/04/19/china-demanded-apple-iphone-co...

fredley8y ago

The amount of data Windows reports by default is well covered. Chrome has a built in spell checking service - which happens to send keystrokes up to Google. AFAIK it's enabled by default.

1 more reply

aesthetics18y ago

Any site with an instant search, similar to Google's, is sending a steady stream of your keystrokes to the server. Even the Omnibar inside of Chrome has to send your keystrokes over to receive suggestions that aren't local.

jowsie8y ago

You should take a look at the kind of js that gets injected into most mainstream websites nowadays.

2 more replies

wx20188y ago

I can totally see this being the case. They do have paid versions, I think only the browser extension is "free"?

j / k navigate · click thread line to collapse

26 comments

canadianwriter8y ago

They've been advertising to me hardcore and it is completely free. It makes me wonder what data they are selling.

I have no issue with them advertising to me based on what I've typed but if they put me in audiences based on it and sell those I get uncomfortable.

fusiongyro8y ago

It's not completely free. Their free version is a limited-feature advertisement for the premium version, which is between $12 and $30 a month depending on billing frequency.

https://www.grammarly.com/premium

johnnyfaehell8y ago

I use the free version. I would use the premium version if it was like 5-10 a month. But if I want to pay monthly it's 30 and that's a bit too expensive for my liking.

1 more reply

oplav8y ago

https://www.grammarly.com/privacy-policy

EGreg8y ago

I have always wondered why spelling and grammar checkers - which could easily fit on your computer back in the 90s - needed a cloud-based provider.

One could easily build chrome extensions that DIDN'T phone home.

Today deep learning data can be downloaded to each computer. They are doing it with small IOT!!

vbezhenar8y ago

Because their algorithms are their valuable intellectual property and hiding them behind server is the only real way to protect. Of course it has nothing to do with performance.

May be they use some statistics over uploaded texts to improve algorithms.

tokyoSurfer8y ago

EGreg8y ago

There is this idea floating around that the corollary to "if you aren't paying, you're the product" to "if you are paying, you're not."

What we SHOULD do is standardize privacy policy clauses already.

reustle8y ago

For those interested, here's the site: https://www.grammarly.com/

pvg8y ago

If you think that, you can write about it and make your case instead of abusing 'Ask HN'. You're not asking anything, just insinuating.

kawsper8y ago

I don't know, but I did think the same thing, and that is why I uninstalled it.

buildmystartupOP8y ago

They send a weekly emails with chunks of text they corrected so that means my data is being transferred somewhere. I would stay away from this service.

fredley8y ago

What's one more keylogger?

Your OS is already logging your keystrokes, your browser is already logging your keystrokes, who even knows what else is already logging your keystrokes.

microcolonel8y ago

Whose browser and OS is logging keystrokes? OSX/Windows users with IE/Edge/Safari? Are you insinuating that Google has a patch which integrates keylogging in their Chrome builds of Chromium?

I typically use Chromium on OpenBSD, am I being keylogged. I'm pretty sure we all have a choice, and many of us choose convenience over privacy.

EGreg8y ago

How would you know one way or the other?

And your CPU and encryption algorithms might contain back doors, too.

I would say all these things are fixable over time. Cory Doctorow talks about the war on general computing by spyware and locked-down devices.

https://softwareengineering.stackexchange.com/a/184896/13446...

Here are some recent examples:

http://www.cnbc.com/2017/06/23/under-pressure-western-tech-f...

http://m.mspmentor.net/managed-security-services/kaspersky-l...

https://disruptiveviews.com/chinese-demand-source-code-imple...

http://fortune.com/2016/04/19/china-demanded-apple-iphone-co...

fredley8y ago

The amount of data Windows reports by default is well covered. Chrome has a built in spell checking service - which happens to send keystrokes up to Google. AFAIK it's enabled by default.

1 more reply

aesthetics18y ago

jowsie8y ago

You should take a look at the kind of js that gets injected into most mainstream websites nowadays.

2 more replies

wx20188y ago

I can totally see this being the case. They do have paid versions, I think only the browser extension is "free"?

j / k navigate · click thread line to collapse