Edison posted a response[0] with this amazing sentence:
> to protect your privacy by rejecting an advertising-based business model, our company Edison Software, measures e-commerce through a technology that automatically recognizes commercial emails and extracts anonymous purchase information from them
Sounds pretty silly to extract your data instead of showing you ads — all in the name of protecting your privacy.
But to play devil's advocate, some ads do actually invade your privacy because they come from malicious malvertisers. If they are actually treating the purchase price information 100% anonymously (never linking it to PII), then there's an argument that they're protecting your privacy by doing this.
Or they could just run an ad platform that blocks malvertisements...
> If they are actually treating the purchase price information 100% anonymously (never linking it to PII), then there's an argument that they're protecting your privacy by doing this.
There is no privacy benefit here because you'd have even better privacy protections if they didn't trawl through your emails and extract data from them in the first place.
I am having trouble parsing that out, why would they be extracting 'anonymous' purchase information from 'automatically recognize[d] commercial emails' if they care about protecting privacy... ?
I installed Edison on iOS somewhat recently. At the end of setting up my server info, there was a question asking if I approved them using/sharing my data. I tapped NO. My information was all deleted like I had just installed the app brand new. I thought it was a bug so I went through set up again. Selected NO again. Account info deleted. You can’t use the app without agreeing they can use your info/data.
This sort of thing is why I don't trust any apps that I haven't built myself, and keep them firewalled off from the internet to they can't phone home. I trust commercial applications on the desktop to exactly the same degree, for the same reasons.
In terms of privacy and respecting the users, the state of software today is deplorable.
WeChat killed their web interface for most users and replaced it with a message that translates to: "For your own account safety, this account cannot use the web version. You can use the Windows or Mac client [download links]"
Safety? Web is about as safe as it gets. It's one thing to spy on users but it's a whole another thing for Tencent to masquerade under the name of safety to cheat users into downloading what could quite possibly be spyware. That's not only spying but also spreading false information about computer security to the masses.
I'd say the exact opposite, especially on desktop. Most native desktop apps can't run without access to the filesystem, for instance.
I was referring to the WeChat web app vs. the WeChat Mac/Windows app; the web version has no access to your filesystem, but they are not allowing people to use it anymore. The Mac/Windows versions could theoretically read any files on your system, spy on your clipboard, portscan your private LAN, scan Wi-Fi networks, and lots of other nasty things that the web version cannot.
Also with webapps it's much easier to inject JavaScript to "edit" their behavior. Desktop apps are often compiled to machine code (or have mysterious pieces thereof which are) which makes it difficult.
A colleague of mine is attending a conference this week where attendees are 'required' to install an app to their personal phones so that they can get the latest updates to changes to the conference agenda.
No doubt this is a data-mining platform marketed to conference organizers who probably don't have much of a clue what the real value add is for the app creator.
I have strongly encouraged them to not install the 'app'.
I get the average person and majority in general won’t do this. Just wondering. if you don’t give the app any permissions. And only open it once or twice the entire time. Does it have any real effect on your privacy?
Well... no shit? If you gave someone permissions to read your emails, obviously they can read your emails. And because they can read it, they can also copy your emails and/or share it with other companies. This isn't something that can be stopped by google.
One great feature of gsuite, in my opinion, is the ability to prevent oauth-authenticated access to the email APIs, IMAP, and POP for your organization. These shady apps are ALL stealing your data. Literally every single one of them. And just telling your users to be careful about what apps they use isn't going to cut it, someone in your organization will leak everything.
People should really read the privacy policies before using any email app these days. Many popular ones state that they, at minimum, will keep access tokens on their servers, and many outright cache copies of your messages.
Even if you trust them on privacy or are willing to let them analyze your emails in exchange for some feature, there are very few companies that I trust to handle my email securely.
If a hacker gained access to my Gmail access tokens, they're a password reset link away from taking over most of my other online accounts and probably more than a few banking accounts. And then deleting the password reset emails.
Having worked for large and small companies (including ones that handle emails), security is always second (or third) compared to other business priorities. It takes a large effort to make sure everything is locked down and most companies don't have the skills, resources, and commitment to properly secure everything even if they nominally claim that security is important.
My lack of trust is the sole reason I never had email on my phone until a few months ago. I moved to ProtonMail and I use their app (which is great). I trust them. It's possible I'm wrong, but I know how they make money and if I use them long enough I'll be a paying customer when my free space runs out. They also open-sourced their codebase and I have a friend in law enforcement who has delivered warrants to them and they truly don't keep any data or have access to emails at all.
Most privacy policies are in legalese, and hard experience has shown that what I, as a non-lawyer, think they say is quite often very different from what they actually say.
As a result, I gave up bothering to read them unless they're one or two paragraphs long. I simply assume they say what 90% of them really say: they can take any data they like, do whatever they like with it, and they can unilaterally change the agreement any time they want.
The HN title of this article, cf. the true title on the vice.com web page, fails to consider that this article is also about the companies that sell data derived from scraping the contents of email. Arguably the sellers are more interesting here as they are the ones doing the scraping and creating the market.
Someone changed the title. The original submission title matched the article title [1]. Feels like an intentional re-characterization to place the blame on the ones purchasing the data, as opposed to the ones harvesting and selling. This journalist is the same who exposed Jumpshot [2] for similar tactics (selling highly-sensitive user-level data), and a few days later the entire company (~230 employees) shut down.
I asked about a similar problem [3] on a "Who's Hiring" last week to a YC-funded company and dang was quick to detach that comment, as it was off-topic for the context of the thread.
It seems it's time again for the reminder that if you aren't paying you are the product, not the customer. I don't understand how people don't understand this in 2020, after at least 2 decades of this nonsense. Or do they just not care?
> to protect your privacy by rejecting an advertising-based business model, our company Edison Software, measures e-commerce through a technology that automatically recognizes commercial emails and extracts anonymous purchase information from them
[0]: https://medium.com/changing-communications/a-reminder-of-how... (non-Medium: https://outline.com/7K3TAL)