
Companies that buy data derived from scraping the contents of email - robin_reala
https://www.vice.com/en_ca/article/pkekmb/free-email-apps-spying-on-you-edison-slice-cleanfox
======
css
Edison posted a response[0] with this amazing sentence:

> to protect your privacy by rejecting an advertising-based business model,
> our company Edison Software, measures e-commerce through a technology that
> automatically recognizes commercial emails and extracts anonymous purchase
> information from them

[0]: [https://medium.com/changing-communications/a-reminder-of-
how...](https://medium.com/changing-communications/a-reminder-of-how-we-use-
data-and-protect-privacy-8b0cb2c5af71) (non-Medium:
[https://outline.com/7K3TAL](https://outline.com/7K3TAL))

~~~
gnicholas
Sounds pretty silly to extract your data instead of showing you ads — all in
the name of protecting your privacy.

But to play devil's advocate, some ads do actually invade your privacy because
they come from malicious malvertisers. If they are actually treating the
purchase price information 100% anonymously (never linking it to PII), then
there's an argument that they're protecting your privacy by doing this.

Or they could just run an ad platform that blocks malvertisements...

~~~
JohnFen
> If they are actually treating the purchase price information 100%
> anonymously (never linking it to PII), then there's an argument that they're
> protecting your privacy by doing this.

There is no privacy benefit here because you'd have even better privacy
protections if they didn't trawl through your emails and extract data from
them in the first place.

------
crowdbloom
I installed Edison on iOS somewhat recently. At the end of setting up my
server info, there was a question asking if I approved them using/sharing my
data. I tapped NO. My information was all deleted like I had just installed
the app brand new. I thought it was a bug so I went through set up again.
Selected NO again. Account info deleted. You can’t use the app without
agreeing they can use your info/data.

I uninstalled.

------
JohnFen
This sort of thing is why I don't trust any apps that I haven't built myself,
and keep them firewalled off from the internet to they can't phone home. I
trust commercial applications on the desktop to exactly the same degree, for
the same reasons.

In terms of privacy and respecting the users, the state of software today is
deplorable.

~~~
itronitron
A colleague of mine is attending a conference this week where attendees are
'required' to install an app to their personal phones so that they can get the
latest updates to changes to the conference agenda.

No doubt this is a data-mining platform marketed to conference organizers who
probably don't have much of a clue what the real value add is for the app
creator.

I have strongly encouraged them to not install the 'app'.

~~~
skinnymuch
I get the average person and majority in general won’t do this. Just
wondering. if you don’t give the app any permissions. And only open it once or
twice the entire time. Does it have any real effect on your privacy?

------
0xmohit
Also relevant:

Google Admits: Third-Party Apps Can Still Access Your Gmail Data

[https://fossbytes.com/google-admits-third-party-apps-can-
sti...](https://fossbytes.com/google-admits-third-party-apps-can-still-access-
your-gmail-data/)

~~~
gruez
Well... no shit? If you gave someone permissions to read your emails,
obviously they can read your emails. And because they can read it, they can
also copy your emails and/or share it with other companies. This isn't
something that can be stopped by google.

~~~
judge2020
Ya, the entire process is only to vet companies' policies on data access,
retention, etc.

[https://support.google.com/cloud/answer/9110914](https://support.google.com/cloud/answer/9110914)

------
thedance
One great feature of gsuite, in my opinion, is the ability to prevent oauth-
authenticated access to the email APIs, IMAP, and POP for your organization.
These shady apps are ALL stealing your data. Literally every single one of
them. And just telling your users to be careful about what apps they use isn't
going to cut it, someone in your organization will leak everything.

------
McDyver
From their T&C's page "you may provide us with information about your contacts
(such as names, email addresses, etc.)"

Whoever installs this app consents to sharing the information of their
contacts, who might not consent to having their data shared.

Ultimately, this could lead to giving disposable contact details to friends
and relatives, in order to (try to) preserve one's privacy.

~~~
Cpoll
That's a tough problem to solve, "Import your Address Book" has been a feature
of communications platforms as far back as I can remember.

~~~
JohnFen
And it's been a terrible practice from day 1.

------
njhaveri
People should really read the privacy policies before using any email app
these days. Many popular ones state that they, at minimum, will keep access
tokens on their servers, and many outright cache copies of your messages.

~~~
turc1656
My lack of trust is the sole reason I never had email on my phone until a few
months ago. I moved to ProtonMail and I use their app (which is great). I
trust them. It's possible I'm wrong, but I know how they make money and if I
use them long enough I'll be a paying customer when my free space runs out.
They also open-sourced their codebase and I have a friend in law enforcement
who has delivered warrants to them and they truly don't keep any data or have
access to emails at all.

~~~
hatmatrix
There have been accusations however

[https://www.theregister.co.uk/2019/05/29/protonmail_dismisse...](https://www.theregister.co.uk/2019/05/29/protonmail_dismisses_spying/)

------
TwoNineA
If something is free on the internet, there is a good chance you are the
product.

~~~
JohnFen
And if you're paying for something on the internet, there is a good chance
that you are the product.

~~~
ohyeshedid
for the most part, these days, if you're on the internet you are the product.

------
upofadown
>Edison

Are there really no good open source email clients on iphones?

~~~
gnicholas
The app review process can be very time-consuming. I imagine this is at least
part of the reason there are not more open-source apps on iOS.

Also, there's no way to change your default mail client, so that makes it
somewhat less likely that we'd see someone develop one of these.

------
3xblah
The HN title of this article, cf. the true title on the vice.com web page,
fails to consider that this article is also about the companies that _sell_
data derived from scraping the contents of email. Arguably the sellers are
more interesting here as they are the ones doing the scraping and creating the
market.

~~~
altdatathrow
Someone changed the title. The original submission title matched the article
title [1]. Feels like an intentional re-characterization to place the blame on
the ones purchasing the data, as opposed to the ones harvesting and selling.
This journalist is the same who exposed Jumpshot [2] for similar tactics
(selling highly-sensitive user-level data), and a few days later the entire
company (~230 employees) shut down.

I asked about a similar problem [3] on a "Who's Hiring" last week to a YC-
funded company and dang was quick to detach that comment, as it was off-topic
for the context of the thread.

[1]
[https://www.google.com/search?q=site%3Anews.ycombinator.com+...](https://www.google.com/search?q=site%3Anews.ycombinator.com+inurl%3A22291484)

[2] [https://www.vice.com/en_us/article/qjdkq7/avast-antivirus-
se...](https://www.vice.com/en_us/article/qjdkq7/avast-antivirus-sells-user-
browsing-data-investigation)

[3]
[https://news.ycombinator.com/item?id=22229267](https://news.ycombinator.com/item?id=22229267)

------
turc1656
It seems it's time again for the reminder that if you aren't paying you are
the product, not the customer. I don't understand how people don't understand
this in 2020, after at least 2 decades of this nonsense. Or do they just not
care?

