If there’s only one thing you take away from this article, let it be this: there’s no such thing as a free lunch.
The New York Times recently reported that Unroll.me, an email management app that promises to de-clutter your inbox, sold its users’ anonymized Lyft receipt data to Uber. Unroll.me claims that it’s “trusted by millions of happy users” — but it’s likely that those users weren’t aware that they were forking over their personal emails to Slice Intelligence, a digital commerce analytics company. Now, some users are pledging to remove their inbox access from Unroll.me and delete their accounts.
The Unroll.me/Uber fury is a good reminder of the ol’ Internet adage, “if you’re not paying for it, you’re not the customer, you’re the product.”
But some sites are much more egregious than others. So here are some ways you can assess an app’s trustworthiness and find out if your free faves are problematic.
What does “you’re the product” even mean?
When you sign up for a free online service, you’re most likely giving up something in return: your data. On sites like Facebook and Google, that means the service uses your personal information (like your interests, location, gender, marital status, or age) to show you advertisements they think you’d be interested in. Last year, Facebook made more than $26 billion from advertising.
For many people, this sounds like a good trade off: You get to use something legitimately useful, like Gmail, for free, and the most visible consequence is an advertisement. But other companies go much farther. Unroll.me, for example, didn’t use user data to target ads — it looked at individual emails and sent them to Uber.
And if you found that story about Target knowing a teen girl was pregnant before her father did thanks to extensive customer data collection to be pretty creepy, you should know that that same kind of analytics-based-advertising-influence has probably been exercised on you.
How do I know what companies are doing with my data? Is it safe?
Be very careful about what kind of access you give apps. To do that, closely at what you’re agreeing to when you sign up.
For example, when you sign up for Unroll.me, you’re giving the service the ability to read, send, delete, and manage your email. This is a good time to ask yourself: Does the service really need all of these permissions? Do I trust this service?
A good place to start looking for answers is the service’s FAQ page. If there’s a section on security or privacy, it may reveal why it asks for something specifically, like access to your contacts.
And this is something I can’t stress enough: it’s really important to read – or, at the very least, comb through – the terms and conditions when you’re using a *free* app or service, especially when you’re giving it full access to your inbox.
I know you’re thinking “Who the hell has time for all that legalese?!” You’re right. Terms of service pages are often long, complicated, and vague which is why no one reads them. But there are two great sites that can help you make sense of this consumer contract.
One is Terms of Service; Didn’t Read, which rates and labels policies based on their user-friendliness. For example, when a service warns of allowing access to third-party apps, that gets a thumbs up. If the service says it can make changes to terms without notifying users at any time, that gets a thumbs down.
Another tool is TLDRLegal, which offers a short, plain-language synopsis next to the actual legal text of various company’s terms and conditions. This site is very new, so there aren’t many services on the platform yet, but you can currently look at YouTube’s, Apple’s, Dropbox’s, and Minecraft’s terms of service analyses to start familiarizing yourself with the legal language.
If you’re really concerned about what you discover, contact the app’s support team or send them a tweet to see if there’s room for clarification. Might as well try!
So, what are some things that I should do right now?
Take this time to review what apps are connected to your email or social accounts. You can easily revoke apps you don’t recognize or haven’t used in a while with access to Twitter, Google, and Facebook.
You should also see what the apps on your phone can access. In iOS, go to Settings > Privacy. Review which apps are using the microphone, location tracking, or your phone’s contacts. Then toggle permissions on and off for an app that, say, doesn’t need access to your photo library. On Android, you can go to Settings > Apps and tap on individual apps, then select where it says Permissions.
As previously mentioned, if you do use apps with access to your Gmail account, be extra vigilant.
Sanebox, a paid email management service similar to Unroll.me, specifically claims that they will never sell user data, “even aggregated information,” to another company. Unsubscriber, on the other hand, will use your personal info to improve advertising by third parties. Boomerang, an add-on that lets you schedule Gmails, says that “no personally-identifiable information will be sold or transferred to unaffiliated third parties” without permission, but isn’t clear about aggregate information, though the CEO did tweet that the company makes money from paid subscriptions, rather than selling data. Mailvelope, an email encryption extension, says that they do not share, sell, or market personal data unless you’ve given explicit consent.
Consider using paid apps that prioritize user privacy above all else and have strong privacy language on their webpages.
And remember: if a service is free, look into how the company is making money and paying for server costs. If it’s with your data, make sure you know *exactly* what they’re doing with it.
Nicole Nguyen covers products and personal technology for BuzzFeed News and is based in San Francisco.
Contact Nicole Nguyen at email@example.com.
Got a confidential tip? Submit it here.