Active discussion:<p><a href="https://news.ycombinator.com/item?id=14181152" rel="nofollow">https://news.ycombinator.com/item?id=14181152</a>
This may sound silly, but I consider any application that requests full read access to my Gmail account to be akin to asking for my social security number.<p>I remember when the big wave of smart email apps first came out a few years ago, and the horror was the expressed here when it was revealed that these apps basically route all of your email through their servers in order to do processing on it.<p>Sadly at lot of the trepidation about services like that seems to have abated -- or maybe the general population just isn't aware of how intrusive these types of services could be. But I would never allow any third party service to access my email.
I looked on their website, Frequently Asked Questions, and even hovered over text like "Unroll.me is a free service" in order to find a disclosure.<p>I could not find ANY disclosures whatsoever.<p>Nowhere does Unroll.me disclose that they sell your emails to the highest bidder.<p>I wish we had a FTC that could bankrupt Unroll.me's previous and current founders and executives. Absolutely despicable behaviour.
I prodded unroll.me a couple of years ago about their data retention policy. Their answer was sketchy so I ended up not using the service. I'm surprised it took this long for someone with reach to look into them.<p>Original thread: <a href="https://twitter.com/elahd/status/575692415132135425" rel="nofollow">https://twitter.com/elahd/status/575692415132135425</a><p>DMs: <a href="http://imgur.com/H0UABYa" rel="nofollow">http://imgur.com/H0UABYa</a>
Basically a repost of <a href="https://news.ycombinator.com/item?id=14180463" rel="nofollow">https://news.ycombinator.com/item?id=14180463</a><p>Had to search my inbox as a sanity check to make sure I hadn't signed up for the service. Turns out I hadn't, but it was pitched on Product Hunt both in April 2015 and May 2016.<p>I'm hoping at least security folks made the mental connection that signing up meant compromising your personal emails. That's the single reason I didn't bother.
Great, I'm sold on leaving unroll.me but I think there is a deeper problem here. Email is so insecure and if you're already using Gmail then who knows who Google is selling your emails to. Google is just a lot better about keeping it a secret. Fooling yourself into thinking your emails are secure if you're not using Unroll.me is a joke. Also, please suggest a secure alternative when telling people to leave a service over security. I'd love to switch to something else that gives me some false sense of security but shutting off unroll.me and allowing my inbox to implode with spam is not a great option right now.
> operating under the radar<p>The privacy policy is clear and easy to find and understand. You can be annoyed with yourself for not reading it. You can decide the service isn't worth the tradeoffs. You can be annoyed with yourself for being naive about how free products work.<p>But it's illogical and disingenuous to call this "under the radar" or blame the service for your own surprise about how it works. We have free will and a responsibility to understand the agreements we enter into. Admitting so casually that we can't handle those things is a scary thought.
I find it fascinating that there are services which require access to your <i>complete inbox</i>, irrespective of how useful they might be or what they've written in their privacy policy. Every single email you ever sent/received, and every single email you will send/receive. Maybe I'm being paranoid, but sorry, that's just a huge "no" in my book.
Someone is selling similar data to investors via Quandl. The source is confidential, however, so it's unclear if this is Unroll.me as well.<p><a href="https://www.quandl.com/alternative-data/email-receipt-data" rel="nofollow">https://www.quandl.com/alternative-data/email-receipt-data</a>
Selling data to the highest bidder doesn't surprise me. Users should expect this, but since it's all buried in TOS, only more savvy users are going to know or notice.<p>Maybe it's time for some ethical standards among developers. Dumping email to an insecure server should be something that every developer would refuse. Somebody was just following order.
If you have ever used the service, it probably has still almost full access to your gmail account (I noticed it had in mine).<p>You can remove its authorisations at: <a href="https://myaccount.google.com/permissions" rel="nofollow">https://myaccount.google.com/permissions</a>
I don't find the practice ethical at all, but that said, don't understand why anyone would be surprised by this. Users are almost always the product.<p>Seems like the Gruber version of outrage porn.